Jump to content


Photo

Unsure..Problems with Youtube


  • This topic is locked This topic is locked
25 replies to this topic

#1 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 29 July 2008 - 03:29 PM

Hi,

I'm running Windows Vista with SP1.

So, like the topic says, I'm not sure if I'm infected with anything, but I am seeing some symptoms. For starters, when I go on to youtube and search for anything, I get sort of redirected to another page with only one ad. The URL input does not change, but it's definitely not the page that I usually get when I'm browsing for stuff on youtube. Strange thing is this only applies to youtube. I don't think I've had any troubles with other websites. And it only happens sometimes. The ad that shows up is and m1.2mdn.net I believe (it said it was reading from there anyway)...its about computers. Also, the script for that page loads extremely slowly.

Soon after that, I ran Norton 360 2.0 for any viruses and such. Apparently it found a virus called Info..something...something to do with taking info...basically sounded like a backdoor. Anyway it said the problem had been fixed, but just in case I ran the search again and nothing showed up. These were comprehensive searches by the way. I checked youtube afterward, but I still got the same mix up from above.

Then I followed the FAQ. I installed spybot S & D. I ran a search and it found some bad cookies or something like from doubleclick or something. Anyway, after that I ran another search. Nothing. I ran another search "as administrator" and found basically the same thing. I've ran multiple searches from thereon and got nothing. However, the problem with youtube persists. So I tried MBAM and I got nothing. I don't think it's a problem on youtube's end because I tried with another computer and there have been nothing about problems on youtube that I could on google.

Anyway, here are the logs from both MBAM and HJT. I also have the script and the cookies that were running when I was looking at the ad page saved. So if needed, I can provide those too. Can someone please take a quick look at it and see if my computer is infected or not?

Malwarebytes' Anti-Malware 1.23
Database version: 1008
Windows 6.0.6001 Service Pack 1

2:14:14 PM 7/29/2008
mbam-log-7-29-2008 (14-14-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 154993
Time elapsed: 1 hour(s), 53 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:29 PM, on 7/29/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3661055842-1893868902-3902279285-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Base')
O4 - HKUS\S-1-5-21-3661055842-1893868902-3902279285-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Skywalker')
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11042 bytes


Thanks in advance.

P.S. If my message was too windy, let me know, I'll try to make it shorter next time, which hopefully won't happen.

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 01 August 2008 - 03:30 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 01 August 2008 - 07:26 PM

Hello redcat9876. Welcome to SpywareInfo! I will be helping you with your computer issues.

Your HijackThis log appears to be clean to me. Let's take a closer look.

Download SDFix by Andy Manchesta and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Then please reboot your computer into Safe Mode by repeatedly tapping the F8 key right before Windows begins to load.

Proceed with these instructions to use SDFix:
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Now we will perform a Kaspersky online scan.

Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

In your next reply please include the Kaspersky Online Scanner report, the SDFix report, and a new HijackThis logfile.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#4 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 01 August 2008 - 08:53 PM

Thanks I'll get right on it and reply to you at latest tomorrow.

#5 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 02 August 2008 - 10:33 AM

As soon as I finished extracting SDFix, the Program Compatibility Assistant came up and said that "this program might not have installed correctly". Do I just say it did install correctly or "reinstall using recommended settings"? Thanks.

#6 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 02 August 2008 - 02:07 PM

Try selecting "reinstall using recommended settings".

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#7 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 02 August 2008 - 02:10 PM

Thanks. I think it worked. But when I came back to the computer recently. Norton 360 detected another tracking cookie on me...Why am I attracting so many cookies?

#8 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 02 August 2008 - 02:17 PM

Hello redcat9876. Everyone gets tracking cookies. There are methods which we will address later on in my prevention speech that can help prevent the installation of certain tracking cookies. However, there is no guaranteed way to prevent all tracking cookies from being installed. Most tracking cookies are minor "annoyances" that just track your browsing habits.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#9 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 02 August 2008 - 02:20 PM

Hey I tried running the SDFix bat file in safe mode, but it just showed a really quick cmd screen and closed. So then I thought I was supposed to run it in command prompt. But once again, it just flashed quickly and closed. Am I not following the directions properly...What do I do?

#10 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 02 August 2008 - 06:04 PM

Sorry redcat9876. I did not realize that SDFix was not compatible with Windows Vista. You can remove SDFix from your computer by deleting its parent folder. Also please run that Kaspersky Online Scan.

A colleague suggested that you may be getting redirected via Flash through banner advertisements. If you use Internet Explorer, it is a good idea to use
ZonedOut to protect your computer from malicious websites. Also I strongly recommend that you get a HOSTS file such as MVPS HOSTS.

In your next reply please include the Kaspersky Online Scanner report.

Please let me know if you are still getting redirected after downloading and using ZonedOut and the MVPS HOSTS file.

Edited by HackPolice, 02 August 2008 - 06:05 PM.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#11 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 03 August 2008 - 01:53 AM

Hi. So I did a Kasper Scan and it came up with nothing. However, while it was scanning I did notice it took a long time scanning the "$recycle bin" and it showed a location that looked like a SID that ended with 1007. As I said in my first post, about a week ago, Norton 360 notified that I had virus called Infostealer (or something with a similar name). It affected my "$recylce bin" and its location also had something that looked like a SID though I'm not sure what it ended with (1000 something..). Any ideas on what's happening? What is this file that seems to end with the SID? Is there a way for me to look at it?

Also, do you recommend that I use ZonedOut with Mozilla Firefox? (That's the browser I use). Do you also think you could give me a link to how to use the hosts? Here's the logs. Once again, thanks for helping me.

One last trivial question is that do you suggest I save my old logs and not overwrite them, or does it not matter?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:41 AM, on 8/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3661055842-1893868902-3902279285-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Skywalker')
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10631 bytes


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 3, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 02:59:42
Records in database: 1046803
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 140774
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:33:10

No malware has been detected. The scan area is clean.

The selected area was scanned.

Edited by redcat9876, 03 August 2008 - 01:54 AM.


#12 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 03 August 2008 - 12:12 PM

You're welcome redcat9876. I am not sure what you mean by SID. Just because Kaspersky took a long time scanning a certain area does not mean that an infection was present; it just means that there was a lot to scan in that specific location.

I believe ZonedOut is only for Internet Explorer. I would still recommend getting ZonedOut however. If you need help on using ZonedOut read the help file that comes with it.

Download the MVPS HOSTS file and then read the Readme contained within the Zip file. The Readme explains how to install it.

You can overwrite your old logs if you want to but it can't hurt to save them.

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image
Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit

Please let me know if you are still being redirected when visiting YouTube.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#13 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 03 August 2008 - 04:30 PM

Thanks a lot. I think the hosts file really helped me out. When I was being redirected "doubleclick" was part of the script and I think that was what was getting me. Your colleague was probably right. It's due to the flash banner of that ad. Now that it is blocked, I think the issue is solved.

What I meant by SID was the security identifier that also Windows operating system uses. About a week ago, Norton found a virus in the "$recycle bin" and the location had a SID at the end. I was just comparing the results of that to the Kasper Online Scan. I guess I was being paranoid. Anyway, I'm hoping CCleaner wiped it all out for me.

Could I trouble you to take one last look at my HJT log? Do you think I should change my passwords? I mean afterall I did get infected with Infostealer...I've changed my passwords since then...but once more? Which passwords do you think I need to change?

Once again, thanks a lot. I'll get right to learning those tutorials and helping out.

Also, one last question. I noticed that TeaTimer was only running for my administrator account because that's where I clicked Immunize. Do I need to do it for this account as well?

EDIT: Also, if I'm not using ZonedOut for Internet Explorer, do you recommend that I use NoScript Add-on for FireFox?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:51 PM, on 8/3/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3661055842-1893868902-3902279285-1002\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Skywalker')
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10603 bytes

Edited by redcat9876, 03 August 2008 - 04:45 PM.


#14 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 03 August 2008 - 05:11 PM

You're welcome redcat9876. Your HijackThis log appears to be clean.

It can't hurt to change your passwords. However, if you already changed your passwords after removing the trojan then I would not bother changing them again. It is up to you though.

Read this for more information about the Infostealer trojan.

You don't need to have Teatimer running (especially since Webroot Spysweeper Active Shield is running). If you have the resources then you can run Teatimer as well but you may have to allow registry changes twice through both Teatimer and Spysweeper so it may become a hassle.

I would recommend NoScript and Adblock Plus for Firefox.

Please enable Automatic Updates via Start > Control Panel > Automatic Updates to ensure that your computer is protected with the latest critical security patches and service packs from Microsoft. Alternatively, you may choose the option Notify me but don’t automatically download or install them to be notified of new updates and decide whether or not you want to download and install them.

Note : Microsoft updates are an integral part of your computer's security. Therefore, please make sure to take the necessary action as stated above to ensure that you always have the latest updates.

Now please reset your System Restore to clear out the infected Restore Points.
Click Start
Right-click My Computer and select Properties
Click the System Restore tab at the top
Check the box next to Turn off System Restore
Click Apply and then Yes
Wait a couple of moments to let the Restore Points clear before turning System Restore back on.
Uncheck the box next to Turn off System Restore
Click Apply and then Ok

I strongly recommend downloading and installing some of the following free versions of programs to help you prevent getting infected again. These programs will help lower your risk of infection tremendously.

Warning : running more than one resident protection program of the same type (antivirus, firewall, or scanning anti-spyware program) at the same time can result in unwanted conflict. This can reduce the effectiveness of both resident protection programs individually. This does not apply to passive protection programs such as SpywareBlaster and ZonedOut.

Please pay attention to the following programs that may prevent your computer from being reinfected with malware:

Spybot Search & Destroy
This is a free tool that will scan your computer for spyware and remove it if found. It also provides you with an Immunization feature and TeaTimer for real-time protection against new threats. A tutorial on Spybot Search & Destroy can be found
here.

SpywareBlaster
This is a free tool that blocks certain malicious websites in both Internet Explorer and Firefox. It also prevents the installation of ActiveX-based spyware and ad/tracking cookies. A tutorial on SpywareBlaster can be found
here.

SpywareGuard
This is a free tool that will help protect your computer from spyware and hijackers. A tutorial on SpywareGuard can be found here.

Note : I recommend that you set your anti-virus and anti-spyware programs to check for updates automatically. If the programs are not able to update automatically, then I would recommend manually checking for updates every few days.

Warning : realize that there are many rogue programs that pretend to protect your computer from malware. Check out this list of rogue
programs
if you are unsure of what you are downloading.

Please read Tony Klein's So how did I get infected in the first place? to answer any other questions that you might have. Don't forget to check out the browser security tests at the end of the article to test the security of your system!

Do you have any further questions?

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#15 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 03 August 2008 - 06:51 PM

Thanks for all your help so far. I've been reading your post and following along. Can you give me another 1-2 days before you close this thread in case I have any questions? Once again, many thanks.

#16 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 03 August 2008 - 07:48 PM

Sure redcat9876, thanks for notifying me. I usually wait a couple of days before closing a topic even if I know the issue is resolved.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#17 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 06 August 2008 - 12:01 AM

Hi. So 1st two quick questions. One, do you recommend getting rid of Norton 360 and installing another antivirus program? Second, I'm seeing the doubleclick.net being blocked in a lot of websites that I visit that aren't really connected... Is this coincidence? Or is something within my system handing information out? Or do they just track my IP or something? If that's the case, can you recommend any proxies?

#18 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 06 August 2008 - 10:34 AM

Hello redcat9876. Norton 360 can be a huge system resource hog but if you have the resources and you like it then it is good at protecting your system. If you do not have an active subscription with Norton 360 and you are not receiving updates then I would recommend replacing it with another Anti-Virus and another Firewall program. Let me know if you would like to replace it because I have a couple of free Anti-Virus and free Firewall programs which I generally recommend.

doubleclick.net is a huge advertising website and I see it on most websites that I visit as well. Basically from what I can tell it just places tracking cookies to track your browsing habits. If you are blocking it then there is no reason for you to be concerned. I would not recommend using a proxy as there is never a reason to. I think of a proxy as giving the user a false sense of security or anonymity and thus making the user more likely to visit websites they usually wouldn't (which could lead to the user becoming infected).

Edited by HackPolice, 06 August 2008 - 10:34 AM.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#19 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 06 August 2008 - 04:48 PM

Thank you for your reply. I think I might stay with Norton 360 at least for another couple months. First, while I was looking at the request and receive headers from a certain website, I noticed one of the things passed was a crossdomain xml with the tags <allow-access> to sites that I might not want access to. First, is this temporary and will Firefox block it? Second, will it get past NoScript? Third, how do I get rid of it for future reference? It was from a video website, so did it just pas that to allow the user access to videos from other domains?

As for firewall selection, is Windows Defender from Windows Vista enough?

Also, I would like to ask a question about my hosts file. I uploaded the hosts file from MVPS as you said. However, that file has recently changed to look like this? What does it mean? How did it change like this?

# This MVPS HOSTS file is a free download from: #
# http://www.mvps.org/winhelp2002/ #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# *********************************************************#
# ----------------- Updated: July-07-2008 ------------------#
# *********************************************************#
# #
# Entries with comments are all searchable via Google. #
# #
# Disclaimer: this file is free to use for personal use #
# only. Furthermore it is NOT permitted to copy any of the #
# contents or host on any other site without permission or #
# meeting the full criteria of the below license terms. #
# #
# This work is licensed under the Creative Commons #
# Attribution-NonCommercial-ShareAlike License. #
# http://creativecommo...s/by-nc-sa/3.0/ #

127.0.0.1 localhost

#start of lines added by WinHelp2002
# [Misc A - Z]
# [B]
# [C]
# [D]
# [E]
# [F]
# [G]
# [H]
# [I]
# [J]
# [K]
# [L]
# [M]
# [N]
# [O]
# [P]
# [Q]
# [R]
# [S]
# [T]
# [U]
# [V]
# [W]
# [X]
# [Y]
# [Z]
# [Misc]
# [123Banners][123Greetings.com][TROJ_NALDEM.A][Trojan.Naldem]
# [2KDirect]
# [3721.COM][Yahoo]
# [411 Web Directory]
# [7Search.com Networks][EMERgency 24, Inc]
# [AASYS.BIZ Group]
# [About.com]
# [Acceas Partners]
# [Accoona Corp]
# [Acez Software][Adware-NuggetSearch.dr]
# [AdBrite, Inc]
# [Adknowledge][216.21.208.0 - 216.21.223.255]
# [AdOrigin Corp]
# [ADSoft][Hot Lab][ADSoft-Development]
# [Ad-Souk AdServer]
# [Adteractive]
# [Adtegrity.com, Inc]
# [AdvertPro][Renegade Internet]
# [Adverserve Pa][77.72.164.0 - 77.72.164.31]
# [Alex Walter][Spectre][4F8 Networks][Xyfex]
# [AlmondNet Ltd Group][Zeno Tecnico S.A][Think-Adz]
# [AOL via Advertising.com]
# [AOL via Advertising.com][209.225.0.0 - 209.225.0.127]
# [AOL via Advertising.com][209.225.4.64 - 209.225.4.95]
# [AOL via Advertising.com][209.225.5.224 - 209.225.5.255]
# [AOL via Advertising.com][209.225.6.64 - 209.225.6.95]
# [AOL via Advertising.com][209.225.11.224 - 209.225.11.255]
# [AOL via Advertising.com][209.225.34.96 - 209.225.34.127]
# [AOL via AD TECH AG][Adtech.de]
# [AOL via AD TECH][194.117.224.0 - 194.117.225.255]
# [AOL via AD TECH][194.126.131.0 - 194.126.132.255]
# [AOL via Quigo][208.68.56.0 - 208.68.59.255]
# [America Online][205.188.0.0 - 205.188.255.255]
# [America Online][64.12.0.0 - 64.12.255.255]
# [America Online][64.236.0.0 - 64.236.255.255]
# [AOL via various]
# [Altnet][Adware.BDE][Adware.Topsearch.B]
# [Applied Technologies Internet][Tracking Service]
# [Aps Telecom via various][216.195.32.0 - 216.195.63.255]
# [Aps Telecom via ESTDOMAINS/PrivacyProtect]
# [Aps Telecom via Patrick Sullivan]
# [Arundel Group][Harris Digital Publishing]
# [Aster Edward Umali][Azter Inc]
# [Azoogle.com INC][Impulse Leads][Epic Advertising]
# [Aztec Marketing][West Frontier Holdings][Offshorefleet Holdings S.A]
# [Actif Oiseau Alerte S.A.][Janerus, Inc][Mnetpower LTD]
# [Bariscloth INC][Daniel Wesley]
# [Belcaro Group][eTrust.Spyware.Belcaro GoldenRetriever]
# [Bell Globemedia Interactive Inc]
# [Ben Vanderbildt]
# [Bit Wise Publishing, LLC]
# [Bluestreak][Tracking Service]
# [Bluetide Software][DeluxeCommunications]
# [Bobi Net]
# [Bonzi Software][Adware.Bonzi]
# [BraveNet][Tracking Service]
# [BrowserMedia / BuyDomains.com][Parking Service]
# [BUDS Inc. Ad Network][SPYW_SOFTOMATE.A]
# [BurstMedia][Tracking Service]
# [Casale Media][Comspec Communications]
# [Cassava Enterprises]
# [c2 Media Group][Circle Developement][66.220.17.0 - 66.220.17.255]
# [Cash4Downloads][CidHelp Group]
# [CA Web Designs][Tracking Service]
# [Chunkybreakfast][Robert Davidson]
# [Chitika]
# [CJB Management][Backdoor.Ptsnoop]
# [Claria Corporation][GAIN Publishing]
# [Clickability][208.184.224.64 - 208.184.224.95]
# [ClickSpring LLC][Daniel Houston][63.251.135.0 - 63.251.135.63]
# [CNET Networks]
# [CNET Networks][216.239.112.0 - 216.239.127.255]
# [Cnzz]
# [College Publisher][Viacom International]
# [CommonName Limited][Adware.CommonName][Parasite.CommonName]
# [Conducive]
# [Connors Communications]
# [Contextu Ads]
# [CWS related and Major Affiliates]
# [Galina Charmandjieva]
# [ICommerce Solutions][MK Digital Media][IMPRO CORPORATION]
# [InterWeb Solutions][Coolwebsearch Group]
# [Networld One][Enternet Media]
# [Hassan Pennock]
# [Pavel Petroff]
# [Vasia Pupkin]
# [VladZone][Vlad][Spaceland Arcade][JpS Projects][John Ship]
# [JpS Group via Absolutee Corp][VladZone]
# [Look2Me via Absolutee Corp][Arizonaenterprisesllc.com]
# [End of CWS Affiliates]
#
# [Cyberware LTD][Parasite.SVAPlayer]
# [Cyberheat, Inc]
# [Cybernet Quest]
# [Daisycon]
# [D&D Internet Services]
# [Dmitriy Gerasimov]
# [DigitalNames]
# [Digital River][Direct Response Technologies]
# [Direct Information Group][Parking Service]
# [Domain Deluxe][Hitfarm Group][Parking Service]
# [Domain Escrow Services][Carmen Media Group]
# [DomainSpa LLC][Parking Service]
# [Doteasy Technology][Hitstation Communication]
# [Dynamic Network Services]
# [Effective-i][Ronen Shilo][Platforma Online Ltd]
# [EnBrowser]
# [eosads][Daniel Adams]
# [ESD Technologies][Mark Jackson][Digital Delivery LLC]
# [Eukhost_ltd via various][87.117.252.0 - 87.117.252.255]
# [Eukhost_ltd via ESTDOMAINS/Privacyprotect]
# [WinFixer Group via Knowhowprotection]
# [WinFixer Group via LocusSoftware]
# [WinFixer Group via Webstarshosting Inc]
# [WinFixer Group via Webair Internet][67.55.64.0 - 67.55.127.255]
# [Webair Internet][209.200.0.0 - 209.200.63.255]
# [Webair Internet][69.42.64.0 - 69.42.95.255]
# [Webair Internet via BannerCPM]
# [Webair Internet via Power Media Interactive]
# [eventures NV][Netthink Media]
# [Evolution World Wide Limited]
# [eXact Advertising LLC][Innovation Interactive][360i LLC]
# [Experian Interactive][Thermo Media]
# [eXTReMe digital][213.244.183.192 - 213.244.183.223]
# [Ezer Ratchaga][EzerNet]
# [FastLook Group]
# [Favorit-master][Alexej Rostaslavovitch][87.242.90.128 - 87.242.90.159]
# [Feeble Minded Productions][Sanford Wallace]
# [First Cash Reserve][IBIS LLC][Xacti Group]
# [First Consulting]
# [Focus Interactive / InterActiveCorp][Ask Jeeves, Inc]
# [IAC Search Media Inc][207.159.120.0 - 207.159.120.255]
# [Focalex, Inc][Tracking Service]
# [Fordale Investment]
# [Fortunecity]
# [Fox Interactive Media]
# [Fox Interactive via MySpace][216.178.32.0 - 216.178.47.255]
# [FreeMyName, LLC]
# [FullContext][Jutta Herdzin][SunBelt.Adw.FullContext.FChelp]
# [Fun-Lotto.com][ZQuest Media][Mermaid Consulting]
# [FunnyTaf Inc]
# [Gabor Timis]
# [Galt Technology][Website Solutions]
# [GeMius]
# [Geo Targeted Banner System]
# [Godaddy.com via various][208.109.0.0 - 208.109.255.255]
# [Godaddy.com via various][72.167.0.0 - 72.167.255.255]
# [Godaddy.com via Andreas Pizsa]
# [Google Inc]
# 127.0.0.1 ssl.google-analytics.com #[urchinTracker][disabled - Firefox issues]
# [Google via DoubleClick][Tracking Service]
# [Google/DoubleClick via Falk AdSolution][Falk eSolutions AG]
# [Green-Acres Services][Tracking Service]
# [Green Horse Corporation][Adware.TickerBar]
# [Groupe Iweb Technologies][67.205.64.0 - 67.205.95.255]
# [Groupe Iweb Technologies via Individual][67.205.75.8 - 67.205.75.15]
# [Groupe Iweb Technologies][72.55.128.0 - 72.55.191.255]
# [HITEXCHANGE]
# [Hollywood Interactive][64.27.0.0 - 64.27.31.255]
# [HOMESTEAD]
# [Hosting and Colocation Group]
# [HOTLOG][eTrust Tracking.Cookie]
# [Hula Direct]
# [Hyperbanner Accordnet Ltd][216.200.199.0 - 216.200.199.255]
# [Iclicks Internet Inc][617577 BC Ltd]
# [iDownload][Click Feel Media]
# [iEntry Inc]
# [IE PLUGIN LIMITED][Adware.IEPlugin]
# [Ilissos][EyeBlaster][eTrust.BS.Serving-Sys]
# [ImagineNET]
# [Imperial e-club Limited]
# [IMR Worldwide][Nielsen/NetRatings]
# [Inspower Networks]
# [Internet Society Of Israel][192.114.0.0 - 192.118.255.255]
# [Internet Society Of Israel via Gromozon.Rootkit Group]
# [Internet REIT Inc][Netster][Parking Service]
# [Inet-Traffic, Inc]
# [Infinite Innovations][Adware.BrowserAid]
# [InsightExpress, LLC]
# [Interpolls]
# [Interep Interactive]
# [Internext Media Corp]
# [i-Serve Promotions]
# [Jayde Online]
# [Jeremy Buzik]
# [Joint Stock Company]
# [Jorgen Koefoed]
# [JSC Dewis Group]
# [Kabanga Corp][Kontera Technologies]
# [KIM HYUNGHO]
# [Layered Technologies via various][209.67.208.0 - 209.67.223.255]
# [Layered Technologies via various][216.32.64.0 - 216.32.95.255]
# [Layered Technologies via various][72.21.32.0 - 72.21.63.255]
# [Layered Technologies via various][72.232.0.0 - 72.233.127.255]
# [Layered Technologies via various][72.36.128.0 - 72.36.255.255]
# [Layered Technologies via Antex]
# [Layered Technologies via ESTDOMAINS/PrivacyProtect]
# [Layered Technologies via Matreshka]
# [Legendum LLC][Tracking Service]
# [Lightningcast]
# [LinkShare]
# [LIST.RU]
# [little help software]
# [LivePerson]
# [LiveTechnology International]
# [Long Mechies][Monica Devonshire]
# [Longview Media][ExitFuel]
# [Longview Media via AccessMedia Software][Digital Enterprises]
# [Longview Media via Dawn of Time][Click2Media][Search Networks]
# [Lycos, Inc]
# [m3 Media Services]
# [Mamma Media Solutions]
# [Marchex, Inc][206.191.173.0 - 206.191.173.255]
# [Marchex, Inc][66.116.109.0 - 66.116.109.127]
# [Marchex, Inc][66.116.125.0 - 66.116.125.255]
# [Market Engines/Rack Engines][63.243.188.0 - 63.243.188.255]
# [Massive Incorporated][Game Ad Server]
# [MaxSearch Group][YAWSA LLC][194.90.224.80 - 194.90.224.87]
# [MC Squared][Kestral Communications]
# [Mediacolumn Marketing][Net Nucleus Corp]
# [Media Holding Enterprises]
# [Mediametrie Estat]
# 127.0.0.1 stat3.cybermonitor.com #[affects podcasts]
# [Mermaid Consulting via Gerald Simpson]
# [Mermaid Consulting via Micro Point][Robert Lapierre][S. S. Marketing]
# [Messenger Service Spammer via Branch Software]
# [MicroSmarts Enterprise]
# [Microsoft Corporation]
# [Microsoft via MSN Ad Servers]
# 127.0.0.1 rad.msn.com #[affects MSN Messenger]
# [Microsoft via aQuantive Inc]
# 127.0.0.1 clk.atdmt.com #[disabled affects MS downloads]
# 127.0.0.1 switch.atdmt.com #[disabled affects Hotmail signup]
# [Microsoft via aQuantive / Accipiter]
# [Microsoft via aQuantive / Accipiter][122.248.157.0 - 122.248.157.255]
# [Microsoft via aQuantive Inc][64.74.197.0 - 64.74.197.255]
# [MindViz]
# [Mirror Image Internet][Tracking Service]
# [The MarketDart Corporation]
# [Marketscore Inc][Relevant Knowledge][ComScore]
# [Max Inc]
# [Media Hosting]
# [Miva Corporation][FindWhat.com, Inc][Starware]
# [Mohamed Ayyad][69.50.173.0 - 69.50.173.31]
# [Mooter][MooterMedia Javascript Ad Snippet]
# [myGeek.com][12.47.196.39 - 12.47.196.56]
# [myGeek.com][66.179.234.160 - 66.179.234.191]
# [myGeek.com][66.45.56.96 - 66.45.56.127]
# [myGeek.com via various][AdOn Network][Visicom Media]
# [Name Administration Inc]
# [NavExcel Group]
# [Netcathosting via various][195.225.176.0 - 195.225.179.255]
# [Netcathosting via ESTDOMAINS/PrivacyProtect]
# [Netcathosting via Independet]
# [Netcathosting via JRC Group][Anchor Group Ltd]
# [Netcathosting via MakeMeSearch]
# [Netcathosting via System Initial Group]
# [Netdirekt via various][217.20.113.0 - 217.20.116.255]
# [Netdirekt via various][78.159.96.0 - 78.159.103.255]
# [Netdirekt via various][84.16.251.0 - 84.16.252.255]
# [Netdirekt via various][89.149.208.0 - 89.149.209.255]
# [Netdirekt via various][89.149.226.0 - 89.149.227.255]
# [Netdirekt via various][89.149.251.0 - 89.149.252.255]
# [Netdirekt via ESTDOMAINS/PrivacyProtect]
# [NetIQ Corporation][Web Trends][Tracking Service]
# [NetIQ via Misc Sites]
# [Netsaits BV]
# [Nedstat BV][Webstats4U][212.72.38.0 - 212.72.38.255]
# [Network Solutions]
# [NeverBlue Media][Vertrue Inc]
# [MISC NEWS SITES]
# [Misc News via Advance Publications Group][69.2.96.0 - 69.2.127.255]
# [Misc News via American Media]
# [Misc News via Belo Interactive]
# [Misc News via Clear Channel]
# [Misc News via Gannett Media / USA Today][159.54.0.0 - 159.54.255.255]
# [Misc News via McClatchy Interactive][Gannett Media]
# [Scripps Newspaper Group]
# [Misc News via Tacoda Systems][AOL]
# [Misc News via Tribune Company]
# [Misc News via Village Voice Media]
# [netBridge Limited Cyprus]
# [NETVALUE SA][Spyware.Netrat]
# [Oemtec, Ltd][Rogue/Suspect][Adware-IEDriver]
# [Omniture][Wildcard DNS]
# [Omniture via Misc Sites]
# [Omniture via Offermatica]
# [Omniture via WebSideStory]
# [WebSideStory via Misc Sites]
# [OptInRealBig.com, LLC][Scott Richter]
# [Oversee.net Group]
# [Oversee.net via Seevast][Moniker][Kanoodle]
# [Parked.com]
# [Peter Emonds][Alla Lakaeva][WorldToStart B.V.]
# [Phil Vizzaccaro]
# [Pilosoft via various][69.31.0.0 - 69.31.143.255]
# [PointRoll][Gannett]
# [Pressflex]
# [Privacy Protect][Parking Service]
# [QTK Internet]
# [Rackspace.com via various][67.192.0.0 - 67.192.255.255]
# [Rackspace.com via various][72.32.0.0 - 72.32.255.255]
# [Rambler Internet Holdings][Tracking Service]
# [Rampell Software][Email Tracker]
# [Razor Media][DestinyWeb][N-Light]
# [Realtracker][Media Highway International]
# [Relevence Marketing Group]
# [Retrostats]
# [Rogue/Suspect Anti-Spyware Products]
# [Armor2net Software]
# [CNetmedia Group][2Squared][72.32.242.168 - 72.32.242.175]
# [EAV Software]
# [Elite Concepts]
# [ibisweb corp]
# [Innovagest 2000 SL][OBAKE LIMITED][Alison Popandopulos]
# [Joe Forden Group]
# [Mandel Enterprises][David Da Silva]
# [Neospace Group]
# [Nous-Tech Solutions]
# [PAL Solutions Ltd]
# [Pandora-Software Group][Oleg Dvorezky][ThePayOnline Company]
# [Pant Co][Painter Co]
# [Paytech Inc]
# [Sawert Alliance]
# [Secure Computer LLC][Gary Preston]
# [SpyDefenderPro]
# [SunShine Ltd][U-12 Group][David Taylor]
# [U-12 Group via Kevin Gerad][SafeSurf LLC]
# [U-12 Group via Privacyprotect.org]
# [W Net Isp][217.20.175.0 - 217.20.175.127]
# [End of Rogue/Suspect]
#
# [Rabbit Marketing Services]
# [RevenueScience]
# [Round Up 4 Network][Tracking Service]
# [Ruboskizo SL]
# [Rydium Canada/PCSTATS.COM]
# [SageMetrics]
# [Sedo LLC Group][Parking Service]
# [Seed Corn Advertising Group]
# [Server Central Network]
# [Sessosubito.net Group]
# [Shelron Group]
# [SJB Enterprises Inc]
# [SiteMeter Inc][Tracking Service]
# [Sharman License Holdings][Adware Bundler]
# [Sherv Inc][SiteAdvisor.sherv.net]
# [Shiny S.r.l]
# [ShopNav][Walnut Ventures][Mike Thompson]
# [SkyLabs Corporation][New York Internet Media][DL Enterprises]
# [Skyline Network Technologies]
# [Snoggles]
# [SoftBulldog][Ran Geva]
# [Softlayer Technologies via various][208.101.0.0 - 208.101.63.255]
# [Softlayer Technologies via Tanzania Import]
# [Softlayer Technologies via various][66.228.112.0 - 66.228.127.255]
# [Softlayer Technologies via various][67.228.0.0 - 67.228.255.255]
# [Softlayer Technologies via various][74.86.0.0 - 74.86.255.255]
# [Softlayer Technologies via various][75.126.0.0 - 75.126.255.255]
# [Softlayer Technologies via Clint Brown]
# [Software, AdF]
# [Software Delivery Systems][BPS][HOHOST.COM][H4Host.com]
# [SourceForge]
# [Sparklit Networks]
# [SpecificMEDIA, Inc][ValueAd Inc]
# [Speedbit Ltd][Feigenbaum, Idan]
# [Speedera Networks][Akamai Technologies][VPP Technologies]
# [Spylog][MyWebProjects]
# [Spyware Labs, Inc][Adware.AdDestroyer]
# [STANDARD INTERNET / Datapipe Group][Adware.Winpup]
# [Starnet S.r.l via various][87.248.163.0 - 87.248.163.255]
# [Starnet S.r.l via various][87.248.176.0 - 87.248.191.255]
# [Starnet S.r.l via ESTDOMAINS/PrivacyProtect]
# [Statcounter][Aodhan Cullen]
# [Steve Banton]
# [Steve Velikog]
# [Stephen Middlebrook Group][Virpi Tervonen][Anry Litvinov]
# [Sticky Logic]
# [SubscriberBASE Inc]
# [T2 Technologies Group]
# [Tacoda Systems][AOL][209.50.160.0 - 209.50.191.255]
# [TAM Network]
# [TargetSaver, Inc]
# [Telecom Tech Group]
# [Telemark Info-Media]
# [TG Publishing AG]
# [The DelFin Project][Adware.DelFin][Adware.DelFin.B]
# [Theplanet.com via various][67.18.0.0 - 67.19.255.255]
# [Theplanet.com via various][69.57.128.0 - 69.57.159.255]
# [Theplanet.com via various][70.84.0.0 - 70.87.255.255]
# [Theplanet.com via Belih Anry Zahariev]
# [Theplanet.com via Nikolay Zuyev]
# [Theplanet.com via Choker Media]
# [Theplanet.com via Tim Parker]
# [Theplanet.com via various][74.52.0.0 - 74.54.255.255]
# [Theplanet.com via various][75.125.0.0 - 75.125.255.255]
# [Theplanet.com via ABSHosting]
# [The Walt Disney Company][ABC News][INFOSEEK]
# 127.0.0.1 hb.disney.go.com #[disabled affects links]
# [Think Partnership]
# [Thruport Technologies]
# [Todayhost Limited][91.192.116.0 - 91.192.119.255]
# [Todayhost via AndersonWebConsulting]
# [TopRebates, LLC][Tom Richmond]
# [Trade Doubler AB]
# [Trade News Corporation][Wildcard DNS][66.154.96.0 - 66.154.127.255]
# [Trafficaces]
# [TrafficAds Media][Findology Interactive Media]
# [Traffix Inc]
# [TrekBlue][Trek Eight]
# [Tribal Fusion][Dilip DaSilva]
# [TruEffect]
# [Unicast Communications][Viewpoint]
# [USA Revco][PBH LLC]
# [ValueClick Media]
# [Valueclick][216.34.207.0 - 216.34.207.255]
# [ValueClick via Commission Junction[216.34.209.0 - 216.34.209.31]
# [ValueClick via Web Clients]
# [ValueClick Media via FastClick][Tracking Service]
# [Vendare Group][Navigation Catalyst Systems]
# [Versimedia, Inc][Webmetro]
# [Vertical Theories][Thought Convergence, Inc][AKA Domains][Ammar Kubba]
# [Vibrant Media]
# [vioCLICKS][Xstats, Inc]
# [Virtumundo, INC][206.82.176.0 - 206.82.191.255]
# [Webads Europe]
# [WebDevAZ, Inc]
# [Webhancer Corp][199.243.163.96 - 199.243.163.127]
# [Webnet International]
# [Web Services]
# [WebStat.com, L.L.C]
# [WeDirect, Inc]
# [Whistle Software][Panda Spyware/Whistle]
# [Worldata]
# [W3i Holdings, LLC][Adware Bundler]
# [Wild Media, LLC][Contextual Choice Marketing]
# [ConsumerSoftwarelabs Group]
# [Wishbone Media]
# [Wizteen Inc]
# [The Weather Underground]
# [Wolfgang Lanzrath]
# [WURLD Media][William Boy]
# [Yahoo]
# [Yahoo via BlueLithium]
# [Yahoo via Overture]
# [Yahoo via Right Media]
# [Yahoo via Right Media - clones][208.67.64.0 - 208.67.71.255]
# [Yahoo via Right Media - clones][76.13.0.0 - 76.13.255.255]
# [Yahoo via Right Media - clones via various]
# [YesUp Ecommerce Solutions]
# [ZapSpot, Inc]
# [ZEDO][Tracking Service]
# [Innovative Marketing Group][SetupAHost]
# [Euroaccess Belgium][WinFixer Group][85.12.60.0 - 85.12.60.255]
# [Liquid Web via various][69.16.192.0 - 69.16.255.255]
# [Liquid Web via WebHosts Inc / WinFixer Group][67.225.128.0 - 67.225.255.255]
# [Liquid Web via various][209.59.128.0 - 209.59.191.255]
# [Secure Hosting][WinFixer Group]
# [Mindset Interactive][Vista Interactive][BroadSpring Inc]
# [NicTech Networks Group]
#
# [Various Adult Dialers]
#
# [Carima Enterprises Group]
# [Carpediem Group][Wildcard DNS]
# [Coulomb Ltd Group][eTrust.Coulomb Dialer]
# [Electronic Group Interactive]
# [PHILLIPS BRENT][NOCREDITCARD NETWORK S.L]
# [LinkAutomatici Dot Com Group]
# [Live Interactive S.R.L.][Adultocheck S.L][Global Business Premium Partnership]
# [Madison Administration]
# [New Harmony Enterprises]
# [Softlab Group]
# [World Telecom]
# [Various Adult Sites]
# [A]
# [B]
# [C]
# [D]
# [E]
# [F]
# [G]
# [H]
# [I]
# [J]
# [K]
# [L]
# [M]
# [N]
# [O]
# [P]
# [Q]
# [R]
# [S]
# [T]
# [U]
# [V]
# [W]
# [X]
# [Y]
# [Z]
# [1&1 Internet][74.208.0.0 - 74.208.191.255]
# [1-800-hosting][69.41.160.0 - 69.41.191.255]
# [1-800-hosting via Ivan Marousseev]
# [24 interactive]
# [51Yes.com]
# [Abdallah Internet via various][79.143.178.0 - 79.143.178.255]
# [Abdallah Internet via various][88.255.90.0 - 88.255.90.255]
# [Abdallah Internet via various][88.255.94.0 - 88.255.94.255]
# [Abdallah Internet via ESTDOMAINS/PrivacyProtect]
# [Abovenet Communications][209.66.64.0 - 209.66.127.255]
# [Admis via various][77.91.228.180 - 77.91.228.189]
# [Adult Comix Group]
# [Advanced Colocation][66.220.9.64 - 66.220.9.95]
# [AdWorld Media Corp]
# [Airlinereservations.com][208.70.72.0 - 208.70.79.255]
# [Airlinereservations.com][64.27.5.0 - 64.27.5.255]
# [Aims-my-dia-net][116.0.0.0 - 116.255.255.255]
# [Alpha Red via various][69.80.224.0 - 69.80.239.255]
# [Ampr Network][62.213.81.0 - 62.213.81.255]
# [Atmlink Inc via various][216.240.128.0 - 216.240.159.255]
# [Atmlink via Alexander the Great Group]
# [Atmlink via Mike/Mark James Group]
# [Axill][72.3.140.224 - 72.3.140.231]
# [Axill Europe][84.45.70.0 - 84.45.70.255]
# [Axill Europe][84.45.63.0 - 84.45.63.255]
# [Beyond The Network via various][205.252.0.0 - 205.252.255.255]
# [Beyond The Network via various][207.226.0.0 - 207.226.255.255]
# [Beyond The Network via Andre Solar Group][Antonio Vitario]
# [Beyond The Network via ESTDOMAINS/PrivacyProtect]
# [Beyond The Network via various][206.161.0.0 - 206.161.255.255]
# [Beyond The Network via various][209.8.0.0 - 209.9.255.255]
# [Beyond The Network via various][63.216.0.0 - 63.223.255.255]
# [Beyond The Network via Robert Dimasov]
# [Beyond The Network via Ross Morriss][DMC MEDIA GROUP]
# [Beyond The Network via UmaxSearch Group][Leos Rousek]
# [Bigpoint-net][62.146.190.0 - 62.146.191.255]
# [bill pip]
# [Brad Shelly]
# [Buildhouse Ltd][195.93.218.0 - 195.93.219.255]
# [Cemal Bey Cd][88.255.74.0 - 88.255.74.255][IFrame Dollars Group]
# [Cernel via various][64.28.176.0 - 64.28.191.255]
# [Cernel via various][67.210.0.0 - 67.210.15.255]
# [Cernel via Abbott Bier]
# [Cernel via Abraham Biderman][Erik Asarian]
# [Cernel via Abraham Niakate][Carl Feafter]
# [Cernel via Amadou Niane]
# [Cernel via Andrew Fredbeck][Andrew Frey]
# [Cernel via Andrew Hilton]
# [Cernel via Andrew Michael]
# [Cernel via Angela Sage]
# [Cernel via Angelo Sabatelli]
# [Cernel via Anta Niang]
# [Cernel via Charles Gealer]
# [Cernel via Daniel Astuto]
# [Cernel via Daniel Nicholas]
# [Cernel via Fedor Kiriakini]
# [Cernel via George Nikas]
# [Cernel via Gina Hayes]
# [Cernel via Haber Gisela]
# [Cernel via Hindy Sabel]
# [Cernel via Hitoshi Sakurai]
# [Cernel via Jack Anderson]
# [Cernel via John Saalfield][Angele Saada][Carl Feafter]
# [Cernel via Joseph De Angelo]
# [Cernel via Karol Anders]
# [Cernel via Kira Geller]
# [Cernel via Leonard Podanowski]
# [Cernel via Nicholas Apisa]
# [Cernel via Paul Godbee]
# [Cernel Paul Goodrich]
# [Cernel via Philip Miller]
# [Cernel via Ryan Jasper]
# [Cernel via Tina Bruhn][William Frago]
# [Cernel via Thomas Price]
# [Cernel via ESTDOMAINS/PrivacyProtect]
# [Chinanet][116.8.0.0 - 116.11.255.255]
# [Chinanet][121.8.0.0 - 121.15.255.255]
# [Chinanet][202.103.64.0 - 202.103.127.255]
# [Chinanet][218.13.0.0 - 218.18.255.255]
# [Chinanet][219.151.128.0 - 219.153.255.255]
# [Chinanet][222.216.0.0 - 222.218.255.255]
# [Chinanet][222.208.0.0 - 222.215.255.255]
# [Chinanet][222.64.0.0 - 222.73.255.255]
# [Chinanet][222.76.0.0 - 222.79.255.255]
# [Chinanet][59.32.0.0 - 59.42.255.255]
# [Chinanet][59.56.0.0 - 59.61.255.255]
# [Chinanet][60.166.0.0 - 60.175.255.255]
# [Chinanet][61.139.0.0 - 61.139.127.255]
# [Chinanet][61.152.0.0 - 61.152.255.255]
# [Chinanet][61.191.0.0 - 61.191.255.255]
# [China Network Communications][221.12.0.0 - 221.12.191.255]
# [China United Telecommunications][211.90.0.0 - 211.97.255.255]
# [Choopa via Jane Gerhart][64.237.52.112 - 64.237.52.127]
# [Choopa][66.55.128.0 - 66.55.159.255]
# [Choopa][66.55.139.0 - 66.55.139.255]
# [City Telecom][203.186.128.0 - 203.186.255.255]
# [CMP Media][66.77.24.0 - 66.77.27.255]
# [Cncgroup Network][202.99.128.0 - 202.99.191.255]
# [Cnc-fj-xiruowangluo-corp][58.22.101.108 - 58.22.101.112]
# [Colobase via various][83.216.216.0 - 83.216.219.255]
# [Colocation And Virtual][77.221.156.0 - 77.221.159.255]
# [Compic Ltd][195.5.116.0 - 195.5.117.255]
# [Crazy Protocol]
# [Cronosit Network][195.3.144.0 - 195.3.147.255]
# [CWIE LLC]
# [Cyber Wurx via various][66.154.0.0 - 66.154.95.255]
# [Cyber Wurx via Aligned Acquisitions][Beano Pubishing]
# [Cyber Wurx via Waveflow Inc]
# [Cyberfuse Technologies]
# [Danilo Rodrigo]
# [Dedibox Sas][88.191.3.0 - 88.191.248.255]
# [Defender Technologies][74.200.64.0 - 74.200.95.255]
# [Denit Internet Services via various][81.93.48.0 - 81.93.63.255]
# [Denit Internet Services via Serg Moon]
# [Dimago Overseas][216.195.51.0 - 216.195.51.255]
# [Easyspeedy via various][82.103.128.0 - 82.103.143.255]
# [Ecommerce Corporation][76.162.0.0 - 76.163.255.255]
# [Ecommerce Corporation via Cydoor Technologies][Online Media Solutions]
# [Ely][81.222.139.0 - 81.222.139.255]
# [Equinoxe Media][80.89.112.0 - 80.89.118.127]
# [Equinoxe Media via EdenCast BV]
# [Essential Services][216.150.64.0 - 216.150.95.255]
# [Essential Services][216.169.96.0 - 216.169.127.255]
# [Eurotivity B.v][213.189.25.0 - 213.189.26.255]
# [Everyones Internet][209.85.0.0 - 209.85.127.255]
# [Everyones Internet][216.12.192.0 - 216.12.223.255]
# [Everyones Internet][216.40.192.0 - 216.40.255.255]
# [Everyones Internet via ESTDOMAINS/PrivacyProtect]
# [Everyones Internet][66.98.128.0 - 66.98.255.255]
# [Everyones Internet][67.15.0.0 - 67.15.255.255]
# [Everyones Internet via Alex Korsakoff]
# [Everyones Internet via SwankSoft][Danilo Ladendorf]
# [Everyones Internet via Marko Novakovic Group]
# [Everyones Internet via New Media Properties]
# [Everyones Internet][75.125.0.0 - 75.125.255.255]
# [Extended Host][194.110.160.0 - 194.110.163.255]
# [Fatim Kusher][Alexander Ivanov]
# [Farid Faryadi][Farid Farckili][Endi Streff]
# [Fast Internet][89.185.234.0 - 89.185.234.255]
# [Flying Crocodile]
# [Feelitaly Llc][78.129.166.0 - 78.129.166.255]
# [FriendFinder Inc.]
# [Futurpago-es][212.73.254.0 - 212.73.255.255]
# [Gamma Entertainment][66.152.92.0 - 66.152.92.255]
# [Gamma Networking via Integrated Search Technologies][66.152.93.0 - 66.152.93.127]
# [Gamma Networking via Marketing Engines][66.152.85.0 - 66.152.85.255]
# [Gamma Networking via Surfaccuracy][66.152.93.128 - 66.152.93.255]
# [Gamma Entertainment via various]
# [George Evergreen]
# [Gfx-cust-worldstream][84.243.252.0 - 84.243.252.255]
# [Gfx-cust-worldstream][84.243.253.0 - 84.243.253.255]
# [Global Compass][69.61.0.0 - 69.61.127.255]
# [Global Crossing][206.165.0.0 - 206.165.255.255]
# [Global Net Access via various][207.210.64.0 - 207.210.127.255]
# [Global Net Access via various][64.22.64.0 - 64.22.127.255]
# [Global Net Access via various][65.254.32.0 - 65.254.63.255]
# [Global Net Access via Kleops LTD]
# [Global Net Access via various][75.127.64.0 - 75.127.127.255]
# [Globalwholesaletrade via various][77.91.228.128 - 77.91.228.255]
# [Globalwholesaletrade via various][81.29.240.0 - 81.29.255.255]
# [Gostats][67.15.149.160 - 67.15.149.191]
# [Haldex Ltd][213.174.136.0 - 213.174.139.255]
# [Haldex Ltd][88.208.0.0 - 88.208.31.255]
# [Haldex via Antonio Kapunes]
# [Haldex via Warren Vert]
# [Hans-Ingvar Hansson][Domännamn Inv]
# [Hichina][218.244.128.0 - 218.244.159.255]
# [Hiskyhost-net][78.108.177.0 - 78.108.177.255]
# [Holler Enterprises][Adult Tracking Service]
# [Hong Kong Limited][202.83.192.0 - 202.83.223.255]
# [Hopone Internet via various][209.160.0.0 - 209.160.79.255]
# [Hopone Internet via various][209.61.192.0 - 209.61.255.255]
# [Hopone Internet via various][66.235.160.0 - 66.235.191.255]
# [Hopone Internet via various][66.36.224.0 - 66.36.255.255]
# [Hopone Internet via ESTDOMAINS/PrivacyProtect]
# [Hostforweb][205.234.134.0 - 205.234.134.255]
# [Hostforweb][66.225.211.0 - 66.225.221.255]
# [Hostfresh via various][58.65.232.0 - 58.65.239.255]
# [Hostfresh via ESTDOMAINS/PrivacyProtect]
# [Hosting Service Provider][217.170.77.0 - 217.170.77.255]
# [ICS Entertainment, Inc]
# [Ieurop Sas Network][82.196.5.0 - 82.196.5.255]
# [Infomove Limited][119.42.144.0 - 119.42.151.255]
# [Inhoster Hosting via various][85.255.112.0 - 85.255.127.255]
# [Inhoster Hosting via ESTDOMAINS/PrivacyProtect]
# [Innovation It][67.228.137.0 - 67.228.137.31]
# [Innovation It][75.126.236.0 - 75.126.236.31]
# [Innovation It][75.126.74.176 - 75.126.74.191]
# [Intercage via various][216.255.176.0 - 216.255.191.255]
# [Intercage via Anne Kintzer]
# [Intercage via Gittel Hartman]
# [Intercage via Jack Becker]
# [Intercage via various][69.31.64.0 - 69.31.79.255]
# [Intercage via various][William Lu][69.50.160.0 - 69.50.191.255]
# [Intercage via ESTDOMAINS/PrivacyProtect]
# [Intercage via Alexandre Ivanov]
# [Intercage via Andersen Claus]
# [Intercage via Ant Viv Inc]
# [Intercage via Ase Traving]
# [Intercage via ASecure][Psak Nikolina]
# [Intercage via Bootastic Computers]
# [Intercage via Esthost]
# [Intercage via Estico]
# [Intercage via Gerard Gast]
# [Intercage via Henry Bison]
# [Intercage via Ivan]
# [Intercage via Jan Bernhard Loa]
# [Intercage via Joha Kero]
# [Intercage via Lesli Kravik]
# [Intercage via Ny hom]
# [Intercage via Phil Andersen]
# [Intercage via Raxdev]
# [Intercage via Rickard Berg]
# [Intercage via Steven Boulton]
# [Intercage via Tommy Larsen]
# [Intercage via Weddisign]
# [Interserver via various][66.45.224.0 - 66.45.255.255]
# [Interserver via Aleksej Novikov]
# [Interserver via various][69.10.32.0 - 69.10.47.255]
# [Interserver via Juris Dulevics]
# [Interserver via Rampid Interactive]
# [Interserver via StartNow International][eTrust.StartNow.HyperBar]
# [Ion][89.18.160.0 - 89.18.191.255]
# [INNOVATIVE IDEAS]
# [Internet Service Provider UATelecom][91.203.92.0 - 91.203.95.255]
# [Isprime Inc via various][64.111.192.0 - 64.111.223.255]
# [Isprime Inc via various][66.230.128.0 - 66.230.191.255]
# [ISPrime via Bangbros.com Inc]
# [ISPrime via Brendan Lewis]
# [ISPrime via Flashpoint Media]
# [ISPrime via Global Acces S.L.]
# [ISPrime via RealCast Media LLC][Jambo Media Llc]
# [ISPrime via STATSnet]
# [Isprime Inc via ESTDOMAINS/PrivacyProtect]
# [Isprime Inc via Mark Hostetler]
# [Isprime Inc via NetVenda Group]
# [Isprime Inc via positive web creations]
# [Istanbul Telekom][79.135.167.0 - 79.135.167.255]
# [Jinhua Telecom][60.191.222.0 - 60.191.222.255]
# [Jupitermedia Corp][Tracking Service]
# [Keyweb Online][87.118.68.0 - 87.118.71.255]
# [Keyweb Ag][84.19.176.0 - 84.19.191.255]
# [Keyweb Ag][87.118.96.0 - 87.118.127.255]
# [Konstantin Popov]
# [Korea Telecom][222.96.0.0 - 222.122.255.255]
# [Kornet-infra000001][211.51.0.0 - 211.51.255.255]
# [Leading Edge Marketing]
# [Leaseweb via various][85.17.111.0 - 85.17.111.255]
# [Leaseweb via various][85.17.168.0 - 85.17.168.255]
# [Leaseweb via various][85.17.184.0 - 85.17.184.255]
# [Leaseweb via various][85.17.230.0 - 85.17.230.255]
# [Leaseweb via various][85.17.3.0 - 85.17.3.255]
# [Leaseweb via various][85.17.4.0 - 85.17.4.255]
# [Leaseweb via WmvMediaLease Group]
# [Leonard Grundy]
# [Leonard Minter Group]
# [Lev Valit][Rtcomm.ru Network Group]
# [Lexitrans][207.17.52.0 - 207.17.53.255]
# [Limt Group][77.92.88.0 - 77.92.89.255]
# [Live Universe][206.229.17.0 - 206.229.17.255]
# [Managed Solutions][66.79.160.0 - 66.79.191.255]
# [Marketing Extensions Inc]
# [Mark James Group]
# [Mastak.ru][217.199.217.0 - 217.199.217.255]
# [Maxil Communications][24.244.128.0 - 24.244.191.255]
# [Maxil Communications][65.243.100.0 - 65.243.103.255]
# [McHost.Ru][62.152.41.0 - 62.152.44.255]
# [Mc Host.ru][84.252.148.0 - 84.252.149.255]
# [Mccolo via various][208.72.168.0 - 208.72.175.255]
# [Mccolo via various][64.71.133.128 - 64.71.133.191]
# [Mccolo via ESTDOMAINS/PrivacyProtect]
# [Mci Communications / Verizon Business][208.192.0.0 - 208.255.255.255]
# [MetriWeb][212.35.126.128 - 212.35.126.191]
# [Milutin Milan]
# [Mizuwork Singapore][203.174.83.0 - 203.174.83.255]
# [NebuAd]
# [Nelroy LTD Group]
# [Net Access via various][209.123.0.0 - 209.123.255.255]
# [Net Access via various][64.21.0.0 - 64.21.191.255]
# [Net Access via various][64.247.0.0 - 64.247.63.255]
# [Net Access via various][66.246.0.0 - 66.246.255.255]
# [Net Access via various][66.29.0.0 - 66.29.127.255]
# [Net Access via various][70.47.0.0 - 70.47.255.255]
# [Net Access via ESTDOMAINS/PrivacyProtect]
# [Net Access via Monteg Inc]
# [Netdirect-omni-tek][78.159.122.0 - 78.159.122.255]
# [Netdirect][89.149.192.0 - 89.149.255.255]
# [Netdreams P/L]
# [Net Of National][85.249.128.0 - 85.249.143.255]
# [Netplace][77.91.225.224 - 77.91.225.239]
# [Netplace][77.91.227.176 - 77.91.227.191]
# [Netplace][77.91.229.32 - 77.91.229.47]
# [Netplace][92.241.176.0 - 92.241.177.255]
# [Network Engineering][208.74.168.0 - 208.74.175.255]
# [Network Engineering][208.85.176.0 - 208.85.183.255]
# [Network Operations][66.197.128.0 - 66.197.255.255]
# [New Dream Network][66.33.192.0 - 66.33.223.255]
# [Nforce via various][85.17.52.0 - 85.17.52.255]
# [Nforce via Elena Varavva]
# [Nforce via Endi Streff]
# [Nforce via Big Host LLC][Alex Goldstein]
# [Nforce via TheBUGS Ltd]
# [Noc4hosts via various][206.51.224.0 - 206.51.239.255]
# [Noc4hosts via various][66.232.96.0 - 66.232.127.255]
# [Noc4hosts via ESTDOMAINS/PrivacyProtect]
# [Noc4hosts via various][74.50.96.0 - 74.50.127.255]
# [N.t. Technology][206.223.144.0 - 206.223.159.255]
# [One Planet Holding[24.244.171.0 - 24.244.171.254]
# [Ovh Sas][213.251.131.0 - 213.251.131.255]
# [Pacific Internet via various][220.232.128.0 - 220.232.255.255]
# [Pacific Internet via Clive Rand]
# [PayCounter.com, Inc]
# [Pcextreme Bv][89.18.166.0 - 89.18.168.255]
# [Pcextreme Bvv][89.18.189.0 - 89.18.189.255]
# [Pc Ions][217.150.254.0 - 217.150.254.63]
# [Performance Systems][130.117.0.0 - 130.117.255.255]
# [Perspectiva][85.249.228.0 - 85.249.228.255]
# [Phantographics via various][66.230.175.0 - 66.230.175.255]
# [Piradius Net][124.217.224.0 - 124.217.255.255]
# [Piradius Net via ESTDOMAINS/PrivacyProtect]
# [Piradius Net via Ottavio Bizzio Group][Alexey Smirnoff]
# [PowerNetX, Inc][Trojan.PornDownloaderMCC]
# [Prq-net-colo][88.80.2.0 - 88.80.7.255]
# [Rbusiness Network][81.95.144.0 - 81.95.147.255]
# [Rbusiness Network][81.95.148.0 - 81.95.151.255]
# [Real International via various][88.214.192.0 - 88.214.255.255]
# [Real International via ESTDOMAINS/PrivacyProtect]
# [Real International via Vasily Pupkin]
# [Reflected Networks via various][64.210.128.0 - 64.210.159.255]
# [Reflected Networks via various][66.254.96.0 - 66.254.127.255]
# [Reflected Networks via Hinckley LLC]
# [Rcp.net][206.53.48.0 - 206.53.63.255]
# [Said Inc][208.88.50.0 - 208.88.50.255]
# [Said Inc][208.88.53.0 - 208.88.53.255]
# [Saturn-m][77.91.229.96 - 77.91.229.127]
# [Secure Watcher][Michael Bregnbak]
# [Server4you][69.64.32.0 - 69.64.63.255]
# [Server4you via D Chemirtan]
# [Serverbeach VIA VARIOUS][66.135.32.0 - 66.135.63.255]
# [Serverbeach][76.74.248.0 - 76.74.255.255]
# [Sia Nano It][91.203.68.0 - 91.203.71.255]
# [Siarhei Shandrokha][78.47.30.192 - 78.47.30.199]
# [Singer-computer Ltd][62.176.16.0 - 62.176.19.255]
# [Sistemnet Telecom via various][88.255.74.0 - 88.255.74.255]
# [Smv][207.58.187.0 - 207.58.187.255]
# [Sonet Network][195.234.159.0 - 195.234.159.255]
# [Srvg-net-fl1-h][77.232.66.0 - 77.232.67.255]
# [Starhubinternet][203.117.0.0 - 203.117.255.255]
# [Starline Web Services][92.62.100.0 - 92.62.100.255]
# [Starweb-Service via Mainpean GmbH][193.159.183.0 - 193.159.183.255]
# [Sunnyvision Limited][123.242.231.0 - 123.242.231.255]
# [Swiftwill][146.82.200.0 - 146.82.207.255]
# [Telekom Malaysia via various][202.71.96.0 - 202.71.111.255]
# [Telekom Malaysia via various][202.75.32.0 - 202.75.63.255]
# [Telemedia]
# [Telnetnetwork][193.111.244.0 - 193.111.247.255]
# [Time Telecommunications via various][203.121.64.0 - 203.121.127.255]
# [Time Telecommunications via ESTDOMAINS/PrivacyProtect]
# [Tm Net Sdn Bhd][210.48.144.0 - 210.48.159.255]
# [TrackingSoft LLC][216.246.14.0 - 216.246.14.63]
# [Tribeca Productions]
# [Tumri][72.20.120.0 - 72.20.120.255]
# [Turkey Colocation][79.135.181.0 - 79.135.181.255]
# [Uk2.net][77.92.88.0 - 77.92.89.255]
# [Uaonline-ipipe][80.77.81.0 - 80.77.81.255]
# [Uaonline-ipipe][80.77.84.0 - 80.77.84.255]
# [Uaonline-ipipe via ESTDOMAINS/PrivacyProtect]
# [Ukrtelegroup Ltd via ESTDOMAINS/PrivacyProtect]
# [Ukrtelegroup Ltd via various][85.255.112.0 - 85.255.127.255]
# [Ukrtelegroup Ltd via 85.255.121.77]
# [Ukrtelegroup Ltd via Alexander Goganov]
# [Ukrtelegroup Ltd via Andrew Volkov]
# [Ukrtelegroup Ltd via Pizdataya Compania][Wildcard DNS]
# [Ukrtelegroup Ltd via SpywareLocker Group]
# [Unique Billing Systems Group]
# [Upl-net-customers][78.108.180.0 - 78.108.183.255]
# [Upl Telecom S.r.o][81.0.195.0 - 81.0.195.255]
# [Upl Telecom S.r.o][81.0.250.0 - 81.0.250.255]
# [Upl Telecom S.r.o via ESTDOMAINS/PrivacyProtect]
# [Upl Telecom S.r.o][82.208.18.0 - 82.208.18.255]
# [Upl Telecom S.r.o][82.208.19.0 - 82.208.19.255]
# [Upl Telecom S.r.o][82.208.60.0 - 82.208.63.255]
# [Upl Telecom via Riox Limited]
# [Upl Telecom S.r.o][217.11.233.0 - 217.11.233.255]
# [Viper BV][213.207.92.0 - 213.207.92.255]
# [Wahome dedicated][77.91.231.128 - 77.91.231.255]
# [Wahome Colocation][92.241.171.0 - 92.241.171.255]
# [Webalta][92.241.182.0 - 92.241.182.255]
# [Webazilla via various][194.187.96.0 - 194.187.99.255]
# [Webazilla via various][88.85.64.0 - 88.85.71.255]
# [Webazilla via Giname Media][Boris Klimov][PR InterMedia]
# [Webazilla via ESTDOMAINS/Privacyprotect][Robert Naidu][TCN Media]
# [Webazilla via SMP System]
# [Webazilla via various][88.85.77.0 - 88.85.77.127]
# [Webazilla via various][88.85.78.0 - 88.85.79.255]
# [Webazilla via home Mitch Chudinov]
# [Webazilla via various][88.85.92.0 - 88.85.92.255]
# [Webbox media][Worex design]
# [Web Entertainment Group]
# [Webpower Inc]
# [Webvisions][203.142.28.0 - 203.142.31.255]
# [Web Werks][66.7.148.0 - 66.7.149.255]
# [Wenzhou Telecom][60.190.118.0 - 60.190.118.255]
# [WPP Group via various]
# [WPP Group via Dynamic Logic]
# [WPP Group via 24/7 Real Media Inc]
# [24/7 Real Media via various Services]
# [Wuster Ltd Group][Evgeniy Lipec][Andre Julber]
# [XCell Inc]
# [XSC Incorporated]
# [Zao National][77.221.148.0 - 77.221.151.255]
# [Zango / 180Solutions][CDT Inc]
# [Zango via HotBar]
# [Zipservers Inc][74.86.243.176 - 74.86.243.183]
#end of lines added by WinHelp2002

Edited by redcat9876, 06 August 2008 - 07:39 PM.


#20 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 06 August 2008 - 08:53 PM

You're welcome redcat9876.

Firefox will not block that. NoScript however does block cross-site scripting automatically so it will not happen if you have NoScript. Cross-site scripting is sometimes used for embedding videos (from youtube mainly) on a completely different website.

Windows Defender is not a firewall. Norton 360 does include a firewall as far as I know. Windows Defender is just an anti-malware protection program and it also allows you to manage startup entries. Windows does have its own firewall but I would recommend disabling that and sticking with the Norton 360 firewall.

I'm not sure what you mean by the HOSTS file changing. It appears as though some of the entries are missing unless you removed those so it would fit in your post. Perhaps you ran the file to update the HOSTS file, read the readme that is including with the HOSTS file and it tells you everything you need to know.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#21 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 06 August 2008 - 10:46 PM

Hi. You've been an enormous help so far. This will probably be my last question. Sorry for dragging this out so long. What I meant was that when I first updated the hosts file, it basically looked like this:

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 a9rhiwa.cn #[Google.Warning]
127.0.0.1 www.a9rhiwa.cn
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net

Basically a list of websites that redirect to localhost, a 692KB file. Now when I looked at the hosts file recently while using HJT, I found only the headings such as #[A], #[B] and none of the websites. It is now 39KB large. I actually tried going to one of the websites and it did not redirect me as the originally hosts file did in the past. I'm asking do you know what caused this change? I am guessing I'm going to have to reupdate the hosts file. I have not touched the hosts file since updating it the first time (when it worked perfectly) except when I used HJT to view it. Could that have caused the hosts file to delete all its entries and leave only the headings? Thanks again.

#22 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 07 August 2008 - 08:32 AM

You're welcome redcat9876. In that case I would suggest re-downloading the HOSTS file and replacing it. I do not know what would cause that change but from what you said it appears as though HijackThis may have had something to do with it. Perhaps HijackThis changed the format of the HOSTS file so that it would be able to read it.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#23 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 07 August 2008 - 12:57 PM

No, it doesn't seem to be HijackThis. I just checked. It didn't change. Could it possibly be CCleaner?

#24 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 07 August 2008 - 01:11 PM

I don't know redcat9876. I am sure that you could figure it out if you wanted to though. If you do figure it out, please let me know what caused it. Thanks.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.

#25 redcat9876

redcat9876

    Member

  • Helper Trainee (A)
  • Pip
  • 38 posts

Posted 07 August 2008 - 08:06 PM

Thank you. You have been a tremendous help. I'm grateful for all you've done. I think the case is pretty much closed now. Once again, thank you.

#26 HackPolice

HackPolice

    Malware Exterminator

  • Retired Staff - Helper
  • PipPipPipPipPip
  • 575 posts

Posted 07 August 2008 - 09:00 PM

Good luck with training!

You're very welcome. Glad we could help. :thumbup:

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Hello :)


My help is free, but if you wish to help keep these forums running please consider a donation, see this topic for details.




Member of UNITE
Support SpywareInfo Forum - click the button