Post by: ummzee on December 09, 2004, 10:48:56 AM
Logfile of HijackThis v1.98.2
Scan saved at 10:58:54 AM, on 12/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\??rvices.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php (http://\"http://searchmiracle.com/sp.php\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223} (http://\"http://www.web--search.com/to.php?ID1=1537&ID2=127309239&ID3=1537&ID4=0&ID5={01AB67A4-E2C7-4CB2-9455-F3C7C47FA223}\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] winxpinit.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvpej32.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096438447079\")
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/y...ysb_regular.cab (http://\"http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab\")
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab (http://\"http://download.overpro.com/WildApp.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
Post by: guestolo on December 09, 2004, 07:31:51 PM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> Ummzee
You have a few problems on your log that can Automatically be taken care of with a few free programs
3 of these are yours to keep and hang onto.
This seems like a bit of work, but it's not really, just Print out these directions and follow along
Download the Trial version of TrojanHunter from this link
http://www.trojanhunter.com/trojanhunter/ (http://\"http://www.trojanhunter.com/trojanhunter/\")
This is good for 30 days
After installation you will have to manually update the Latest Ruleset
Go to this link
http://www.trojanhunter.com/trojanhunter/updating/ (http://\"http://www.trojanhunter.com/trojanhunter/updating/\")
Download the Latest Ruleset to desktop
Unzip it to your Trojan Hunter folder
Allow to overwrite if prompted
The default location should be C:\Program Files\TrojanHunter
Run a full system scan
Let it fix whatever it finds
Restart your computer afterwards
Download and Install the free version of Ad-Aware SE Personal 1.05 (http://\"http://download.com.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button\")
Ensure you have this version or later
If you don't have this verision, uninstall yours and install this one
After installation-CHECK FOR UPDATES
Download all updates
Scan your system with Ad-Aware
Open Ad-aware---Click the GEAR at the top
# Click on the General button on the left hand side.
1. Make sure the following items under the Safety category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.
1. Automatically save logfile
2. Automatically quarantine objects prior to removal
3. Safe Mode (always request confirmation)
# Next click on the Advanced button on the left hand side.
1. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.
1. Include additional object information
2. Include negligible objects information
3. Include environment information
4. Include Alternate data stream details in log file
# Next click on the Tweak button on the left hand side.
1. Then click on the + (plus) sign next to the Log Files section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.
1. Include basic Ad-Aware settings in logfile
2. Include additional Ad-Aware settings in logfile
2. Then click on the + (plus) sign next to the Scanning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.
1. Unload recognized processes & modules during scan
2. Scan registry for all users instead of current user only
3.
Then click on the + (plus) sign next to the Cleaning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.
1. Always try to unload modules before deletion
2. During removal, unload Explorer and IE if necessary
3. Let Windows remove files in use at next reboot
Once these settings have been completed, you should click on the Proceed button
Make sure you change the scan mode to Perform full system scan. Then uncheck the Search for negligible risk entries.
Step 5: Start the Actual Scan
Now click on the Next button to have Ad-Aware SE start scanning your system. Ad-Aware SE will start scanning your system for Spyware and Hijackers
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
====================================================
RESTART your computer to finish the cleaning process
When your back in Windows
Download and Install Spybot S&D 1.3 (http://\"http://www.download.com/3000-8022-10122137.html\")
Don't enable TeaTimer when Installing, you can do this later but leave it disable for now
After installation--SEARCH FOR UPDATES
Download All updates
Check for Problems---FIX everything in RED
Restart your computer again to finish the cleaning process
One last program---Download and install Windows CleanUp! by Steve Gould (http://\"http://downloads.stevengould.org/cleanup/CleanUp312.exe\")
Give the link time to load, this is a small download
This will help you to clean you temporary files, cookies, prefetch folder
Open it and click on the CleanUp button
Let it finish scanning and then Restart your computer one last time
I know it seem like a few programs to install, but 3 of them are yours to keep for free, and they're great programs
Post back a fresh hijackthis log afterwards and we'll finish manually cleaning your log afterwards
Do as much of the above as you can before posting back a new log, if you find you can't accomplish something just carry on and post back a fresh log
Post by: Guest_Ummzee on December 10, 2004, 11:17:24 AM
Also, the Windows CleanUp link is no longer active, so I was not able to do that
Receieved the following after running Spybot:
part.Error during check!: Unknown (Zugriffsverletzung bei Adresse 00000000. Lesen von Adresse 00000000) ()
Adware keeps trying to delete, "EliteToolBar" and sometime suceeds at renaming it however, it keeps coming back.
I will wait for your response.
Thanks again,
/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' /> Logfile of HijackThis v1.98.2
Scan saved at 11:28:09 AM, on 12/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\??rvices.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223} (http://\"http://www.web--search.com/to.php?ID1=1537&ID2=127309239&ID3=1537&ID4=0&ID5={01AB67A4-E2C7-4CB2-9455-F3C7C47FA223}\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvpej32.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\antivirus\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096438447079\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
Post by: guestolo on December 12, 2004, 04:16:28 AM
Here's a link
http://www.safer-networking.org/en/mirrors/index.html (http://\"http://www.safer-networking.org/en/mirrors/index.html\")
Run and UPDATE as described earlier, but this time please try a scan in safe mode
How to Restart into SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
Can you also try that link to Windows CleanUp! again
It works fine on my end, you don't need to run it yet but install it for now
Post back with a fresh hijackthis log afterwards
Post by: Guest on December 16, 2004, 08:55:38 AM
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' /> Things are a little better but the brower still seeks four (4) different sites upon opening and I still cannot reach the site you request me to download. I accessed it from another desktop, downloaded it to the desktop and attempted to email it to myself. My Email Removed considered it a threat. I will get it one way or another, today.I did as directed, below is my latest log:
/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> Logfile of HijackThis v1.98.2
Scan saved at 7:23:38 AM, on 12/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\snmp.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\??rvices.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223} (http://\"http://www.web--search.com/to.php?ID1=1537&ID2=127309239&ID3=1537&ID4=0&ID5={01AB67A4-E2C7-4CB2-9455-F3C7C47FA223}\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096438447079\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
Post by: guestolo on December 16, 2004, 11:14:52 PM
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Go to this link and give it time to load if it's busy
http://virusscan.jotti.dhs.org/ (http://\"http://virusscan.jotti.dhs.org/\")
Use the Browse button and navigate to
C:\logon.exe <--this file
Right click on it and Select it
then click the Submit button
Wait for the results and post back here the Scanner results
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223} (http://\"http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223}\")
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe <--this one if found bad, I'm sure it's giving you problems
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe
O4 - Global Startup: PowerReg Scheduler.exe
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis
Restart your computer into Safe mode, you can do this by tapping the F8 key on the keyboard when the computer is starting up
Find and delete these files or folders if they exist
C:\logon.exe <--file, if found bad
C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
C:\documents and settings\owner\local settings\temp\VxDE.exe
C:\Documents and Settings\Owner\Application Data\spsa.exe
C:\WINDOWS\System32\??rvices.exe <--file with the exact spelling, don't confuse it with any other file because it looks similiar
You can also Delete the whole contents of your Temp folders, or whatever you can, but Don't delete the Temp Directories themselves
# C:\Windows\Temp\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
RESTART back into Normal Mode
Hijackthis has just recently been updated, can you update your version
Open Hijackthis>>Config>>Misc Tools>>Check for updates online
Post back with a fresh log from this version
Let me know if you can download any of those programs I asked about, give the links time to load
With the new version of Hijackthis can you also open it and click on "Open Misc Tools"
Click the "Open Hosts File Manager"
Click the "Open in Notepad"
Copy and paste the Whole Notepad Hosts file back here
Post by: logon results on December 17, 2004, 01:02:22 AM
File: logon.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
Packers detected: ASPACK
AntiVir No viruses found (0.55 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender No viruses found (0.61 seconds taken)
ClamAV No viruses found (0.31 seconds taken)
Dr.Web No viruses found (0.48 seconds taken)
F-Prot Antivirus No viruses found (0.05 seconds taken)
Kaspersky Anti-Virus No viruses found (0.59 seconds taken)
mks_vir No viruses found (0.22 seconds taken)
NOD32 probably unknown NewHeur_PE (probable variant) (0.54 seconds taken)
Norman Virus Control No viruses found (2.55 seconds taken)
Post by: Guest on December 17, 2004, 02:04:23 AM
I do have all the programs you asked me to download. My system still will not allow me to down some and is still redirecting stuff.
/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> Here is the lastest log:
Logfile of HijackThis v1.99.0
Scan saved at 1:03:15 AM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096438447079\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Win32 USB2 Driver - Unknown - C:\WINDOWS\System32\winxpinit.exe (file missing)
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
Post by: guestolo on December 17, 2004, 09:53:38 PM
In the next window, look on the right hand side for these service
names---- ZESOFT and Win32 USB2 Driver
If you find them
Double click on it--- STOP the service--
In the drop down menu, change the startup type to Disabled
Do another scan with Hijackthis and put a check next to these entries:
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
O23 - Service: Win32 USB2 Driver - Unknown - C:\WINDOWS\System32\winxpinit.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis
RESTART your computer
Go to Start>>Run>>Type in regedit and hit Enter or OK
Expand(+) these keys
+HKEY_LOCAL_MACHINE
+SYSTEM
+CurrentControlSet
+Services
Look for these keys on the left hand side and let me know if you see them
LOL
ZESOFT
Exit the reg editor after that
You should try an online virus scan
at Rav's
http://www.ravantivirus.com/scan/ (http://\"http://www.ravantivirus.com/scan/\")
When you access that link with Internet Explorer
click on the "To Continue without subsribing click here" link
It will load the activex and definition files
Ensure that all the top entries are checked
Autoclean--Inside Archives---Unpack Executables---Smart Scan
Then click the Scan my PC button
Let it completely finish scanning
Copy and Paste the results back here
Also, I asked you to install Trojan Hunter earlier, it's had a couple updates since
Go back to the link I supplied and download
The Latest Ruleset to your desktop and Unzip it to your TrojanHunter folder
and run a scan <---updating manually in this way is important for the trial version
You said this:
Quote
I do have all the programs you asked me to download. My system still will not allow me to down some and is still redirecting stuff.
Can you clarify please, are you able to do everything I'm asking you to do?
What have you been able to Download and Update?
Post back a Fresh Hijackthis log afterwards
I also asked to see your Hosts file
In the new version of Hijackthis click on "Open Misc Tools Section"
Open Hosts File Manager
and click the Open In Notepad button
Copy and paste that whole file back here
Post by: Guest on December 18, 2004, 09:14:14 PM
/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> Sorry I was not clear. I have all the programs you asked me to download however, I had to download the "Windows Cleanup" program from another computer, email it to myself and then install it. My system will not let me access that site. I have downloaded and updated everything else.I did see the following in the register LOL and ZESOFT
Here are the results from ravantivirus.com:
Scan started at 12/18/2004 12:32:18 AM
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\download\4400+ Templates Package.part2.rar->4400+ Templates Package\Javascripts\Javascripts\navigation\countdown redirect.txt->(SCRIPT0008) - JS/Loding.B* -> Infected
C:\Templates\4400+ Templates Package\Javascripts\Javascripts\navigation\countdown redirect.txt->(SCRIPT0008) - JS/Loding.B* -> Infected
Scanned
============================
Objects: 91508
Directories: 10972
Archives: 7552
Size(Kb): -2065497
Infected files: 2
Found
============================
Viruses found: 1
Suspicious files: 0
Disinfected files: 0
Mail files: 217
Here are the results of Hijackthis (after updating and running "Trojan Hunter):
Logfile of HijackThis v1.99.0
Scan saved at 7:52:12 PM, on 12/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\antivirus\TrojanHunter 4.0\THGuard.exe
C:\antivirus\TrojanHunter 4.0\THGuard.exe
C:\antivirus\TrojanHunter 4.0\THGuard.exe
C:\TrojanHunter 4.0\THGuard.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096438447079\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
The Host files follow:
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 01.sharedsource.org
127.0.0.1 03.sharedsource.org
127.0.0.1 05.sharedsource.org
127.0.0.1 05p.com
127.0.0.1 09.sharedsource.org
127.0.0.1 0cj.net
127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
127.0.0.1 1.marketbanker.com
127.0.0.1 1.primaryads.com
127.0.0.1 10.xxor.biz
127.0.0.1 1000stars.ru
127.0.0.1 1234.2bro.com
127.0.0.1 123count.com
127.0.0.1 123go.com
127.0.0.1 123stat.com
127.0.0.1 13f15.ilxt.info
127.0.0.1 14713804A.l2m.net
127.0.0.1 17.sharedsource.org
127.0.0.1 171203.com
127.0.0.1 18.sharedsource.org
127.0.0.1 180solutions.com
127.0.0.1 19.sharedsource.org
127.0.0.1 1stblaze.com
127.0.0.1 1stpagehere.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 20.sharedsource.org
127.0.0.1 2020search.com
127.0.0.1 22.sharedsource.org
127.0.0.1 24start.com
127.0.0.1 296f8.ilxt.info
127.0.0.1 2jm.com
127.0.0.1 2nd-thought.com
127.0.0.1 356563.net
127.0.0.1 3721.com
127.0.0.1 38115.ilxt.info
127.0.0.1 3ps.go.com
127.0.0.1 404.msmn.com
127.0.0.1 4bf65.ilxt.info
127.0.0.1 4-counter.com
127.0.0.1 4netmedia.com
127.0.0.1 6410.directwebsearch.net
127.0.0.1 66-128-204-6.rev.intercom.com
127.0.0.1 680180.net
127.0.0.1 6o9.com
127.0.0.1 700k.com
127.0.0.1 72288.ilxt.info
127.0.0.1 75tz.com
127.0.0.1 7842.directwebsearch.net
127.0.0.1 7adpower.com
127.0.0.1 7am.com
127.0.0.1 7search.com
127.0.0.1 80pictures.com
127.0.0.1 8ad.com
127.0.0.1 a.boom.ro
127.0.0.1 a.rn11.com
127.0.0.1 a.tfag.de
127.0.0.1 a1.webhancer.com
127.0.0.1 a3.suntimes.com
127.0.0.1 a853.xc.akamai.net
127.0.0.1 aakro.nl
127.0.0.1 abacus.netster.com
127.0.0.1 abc517.net
127.0.0.1 abcsearch.com
127.0.0.1 abetterinternet.com
127.0.0.1 about.netster.com
127.0.0.1 aboutwebservices.com
127.0.0.1 abroadsoftware.com
127.0.0.1 absoluagency.com
127.0.0.1 acc.adintelligence.net
127.0.0.1 acc.count-all.com
127.0.0.1 acceso.masminutos.com
127.0.0.1 access.gamesplayground.com
127.0.0.1 access.juicyteenporn.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 accessplugin.com
127.0.0.1 accipiter.speedera.net
127.0.0.1 acestats.com
127.0.0.1 achtungachtung.com
127.0.0.1 active-alert-server.com
127.0.0.1 active-max.com
127.0.0.1 actualnames.com
127.0.0.1 ad.37.com
127.0.0.1 ad.ads.dk
127.0.0.1 ad.adver.com.tw
127.0.0.1 ad.erasercash.com
127.0.0.1 ad.freefind.com
127.0.0.1 Ad.go.com
127.0.0.1 ad.hotlog.ru
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ad.naked-celebs.com
127.0.0.1 ad.nobreak.com
127.0.0.1 ad.popupswappers.com
127.0.0.1 ad.rambler.ru
127.0.0.1 ad.searchsquire.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.smni.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ad.topstat.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 ad.usatoday.com
127.0.0.1 ad.valuehost.ru
127.0.0.1 ad0.haynet.com
127.0.0.1 ad1.lbe.ru
127.0.0.1 ad1.peel.com
127.0.0.1 ad2.163.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad2.rambler.ru
127.0.0.1 ad25.com
127.0.0.1 ad3.adcept.net
127.0.0.1 ad3.peel.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 adasearch.com
127.0.0.1 adatom.com
127.0.0.1 adbest.com
127.0.0.1 ad-blaster.com
127.0.0.1 adblaster2.info
127.0.0.1 adbot.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adcenter.in2.com
127.0.0.1 adchannel.adintelligence.net
127.0.0.1 adcluster.humaniq.com
127.0.0.1 adcomplete.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcounter.theglobeandmail.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 addfreestats.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 address.3721.com
127.0.0.1 addtosite.netster.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adgoblin.com
127.0.0.1 adhearus.com
127.0.0.1 adimages.go.com
127.0.0.1 adincl.gopher.com
127.0.0.1 adintelligence.net
127.0.0.1 adj54.thruport.com
127.0.0.1 adlogix.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 admin.popupsponsor.com
127.0.0.1 admin.startsurfing.com
127.0.0.1 adnetintads.valuead.com
127.0.0.1 adops.adbureau.net
127.0.0.1 adp.ikena.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 adpopper.outblaze.com
127.0.0.1 adpowerzone.com
127.0.0.1 adq.nextag.com
127.0.0.1 adrates.theglobeandmail.com
127.0.0.1 adrevservice.com
127.0.0.1 adroar.com
127.0.0.1 adrotator.com
127.0.0.1 ads.180solutions.com
127.0.0.1 ads.1stblaze.com
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com
127.0.0.1 ads.adfuzz.com
127.0.0.1 ads.adorigin.com
127.0.0.1 ads.adpowerzone.com
127.0.0.1 ads.adroar.com
127.0.0.1 ads.ads360.com
127.0.0.1 ads.adsag.com
127.0.0.1 ads.adtomi.com
127.0.0.1 ads.adultcash.com
127.0.0.1 ads.advertise.net
127.0.0.1 ads.adviva.net
127.0.0.1 ads.affiliates.match.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 ads.antionline.com
127.0.0.1 ads.as4x.tmcs.akadns.net
127.0.0.1 ads.asexstories.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 ads.bigfoot.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 ads.bluemongoose.com
127.0.0.1 ads.bmais.net
127.0.0.1 ads.bugnet.com
127.0.0.1 ads.businessweek.com
127.0.0.1 ads.cars.com
127.0.0.1 ads.cbc.ca
127.0.0.1 ads.cc-dt.com
127.0.0.1 ads.cdfreaks.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.clickthru.net
127.0.0.1 ads.crosswinds.net
127.0.0.1 ads.danni.com
127.0.0.1 ads.dealhelper.com
127.0.0.1 ads.directstuff.com
127.0.0.1 ads.downloadaccelerator.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.ezcybersearch.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.flashtrack.net
127.0.0.1 ads.fool.com
127.0.0.1 ads.fp.sandpiper.net
127.0.0.1 ads.free-banners.com
127.0.0.1 ads.freevisits.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 ads.home.net
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.indystar.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com
127.0.0.1 ads.internet-optimizer.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.linksponsor.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.mm.ap.org
127.0.0.1 ads.musiccity.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 ads.netsol.com
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.offeroptimizer.com
127.0.0.1 ads.onwebmedia.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.pennyweb.com
127.0.0.1 ads.photosight.ru
127.0.0.1 ads.pilotonline.com
127.0.0.1 ads.pointroll.com
127.0.0.1 ads.pro-market.net
127.0.0.1 ads.pure[censored].com
127.0.0.1 ads.rampidads.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.revenue.net
127.0.0.1 ads.roanoke.com
127.0.0.1 ads.searchseekfind.com
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.sexplanets.com
127.0.0.1 ads.sexspaces.com
127.0.0.1 ads.sitemeter.com
127.0.0.1 ads.smni.com
127.0.0.1 ads.softwareoutfit.com
127.0.0.1 ads.spaceports.com
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 ads.toplayerserver.com
127.0.0.1 ads.track-star.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tripod.lycos.co.uk
127.0.0.1 ads.ucomics.com
127.0.0.1 ads.unlimitedbanners.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.valuead.com
127.0.0.1 ads.versaworks.net
127.0.0.1 ads.vesperexchange.com
127.0.0.1 ads.vnuemedia.com
127.0.0.1 ads.vx2.cc
127.0.0.1 ads.webads360.com
127.0.0.1 ads.webattack.com
127.0.0.1 ads.webshots.com
127.0.0.1 ads.winhelp2002.com
127.0.0.1 ads.winsite.com
127.0.0.1 ads.wunderground.com
127.0.0.1 ads.xbiz.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads05.bpath.com
127.0.0.1 ads06.bpath.com
127.0.0.1 ads07.bpath.com
127.0.0.1 ads08.bpath.com
127.0.0.1 ads09.bpath.com
127.0.0.1 ads1.revenue.net
127.0.0.1 ads1.sptimes.com
127.0.0.1 ads1.theglobeandmail.com
127.0.0.1 ads1.tripod.com
127.0.0.1 ads1.updated.com
127.0.0.1 ads10.bpath.com
127.0.0.1 ads10.hyperbanner.net
127.0.0.1 ads10.speedbit.com
127.0.0.1 ads11.hyperbanner.net
127.0.0.1 ads12.bpath.com
127.0.0.1 ads12.hyperbanner.net
127.0.0.1 ads13.bpath.com
127.0.0.1 ads13.hyperbanner.net
127.0.0.1 ads14.bpath.com
127.0.0.1 ads14.hyperbanner.net
127.0.0.1 ads15.bpath.com
127.0.0.1 ads15.hyperbanner.net
127.0.0.1 ads16.bpath.com
127.0.0.1 ads16.hyperbanner.net
127.0.0.1 ads17.bpath.com
127.0.0.1 ads17.hyperbanner.net
127.0.0.1 ads18.bpath.com
127.0.0.1 ads18.hyperbanner.net
127.0.0.1 ads19.bpath.com
127.0.0.1 ads19.hyperbanner.net
127.0.0.1 ads2.playnet.com
127.0.0.1 ads2.revenue.net
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads20.bpath.com
127.0.0.1 ads20.hyperbanner.net
127.0.0.1 ads21.bpath.com
127.0.0.1 ads22.bpath.com
127.0.0.1 ads23.bpath.com
127.0.0.1 ads24.bpath.com
127.0.0.1 ads25.bpath.com
127.0.0.1 ads26.bpath.com
127.0.0.1 ads27.bpath.com
127.0.0.1 ads28.bpath.com
127.0.0.1 ads29.bpath.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 ads3.virtumundo.com
127.0.0.1 ads3.wunderground.com
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads4.speedbit.com
127.0.0.1 ads4.virtumundo.com
127.0.0.1 ads5.peel.com
127.0.0.1 ads7.inet1.com
127.0.0.1 ads7.speedbit.com
127.0.0.1 ads8.speedbit.com
127.0.0.1 ads9.speedbit.com
127.0.0.1 adsatt.abcnews.starwave.com
127.0.0.1 adsatt.espn.starwave.com
127.0.0.1 adscpm.com
127.0.0.1 adserv.adbonus.com
127.0.0.1 adserv.com
127.0.0.1 adserv.exxxit.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 adserv.net
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserv.searchenhancement.com
127.0.0.1 adserv.windowenhancer.com
127.0.0.1 adserv003.adtech.de
127.0.0.1 adserv2.ads360.com
127.0.0.1 adserv3.ads360.com
127.0.0.1 adserv4.ads360.com
127.0.0.1 adserve.advertising.com
127.0.0.1 adserver.ads360.com
127.0.0.1 adserver.adsincontext.com
127.0.0.1 adserver.adtech.de
127.0.0.1 adserver.adultfriendfinder.com
127.0.0.1 adserver.affiliatemg.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 adserver.buttonware.net
127.0.0.1 adserver.filefront.com
127.0.0.1 adserver.friendfinder.com
127.0.0.1 adserver.ign.com
127.0.0.1 adserver.indieclick.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 adserver.mindshare.de
127.0.0.1 adserver.securityfocus.com
127.0.0.1 adserver.sextracker.com
127.0.0.1 adserver.sharewareonline.com
127.0.0.1 adserver.snowball.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.trafficsyndicate.com
127.0.0.1 adserver.trb.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 adservice.recon-networks.com
127.0.0.1 adserving.autotrader.com
127.0.0.1 adsfac.net
127.0.0.1 adshooter.com
127.0.0.1 adsremote.scripps.com
127.0.0.1 adsrv.qoologic.com
127.0.0.1 adstats.adviva.net
127.0.0.1 adsvr.net
127.0.0.1 adtactics.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 adtegrity.com
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 adteractive.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 adtrack.cimedia.net
127.0.0.1 adtracker.411web.com
127.0.0.1 adtrak.net
127.0.0.1 adult.adrevservice.com
127.0.0.1 adult.exitreturn.com
127.0.0.1 adult.foxcounter.com
127.0.0.1 adult.getmoviesonline.com
127.0.0.1 adult.master-tv.net
127.0.0.1 adult.targetsearch.info
127.0.0.1 adult.yellow-pages.ws
127.0.0.1 adulthyperlinks.com
127.0.0.1 adultlinksco.com
127.0.0.1 adultrevenueservice.com
127.0.0.1 ad-up.com
127.0.0.1 adv.peopleonpage.com
127.0.0.1 adv.webmd.com
127.0.0.1 advertisementbanners.com
127.0.0.1 advertising.com
127.0.0.1 advertisingagent.com
127.0.0.1 advertisingvision.com
127.0.0.1 adverts.carltononline.com
127.0.0.1 adverts.lzio.com
127.0.0.1 adviva.com
127.0.0.1 aesp.adatom.com
127.0.0.1 affiliate.free-banners.com
127.0.0.1 affiliate.friendsearch.com
127.0.0.1 affiliate.getspace.com
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 affiliates.umaxsearch.com
127.0.0.1 affiliatetarget.com
127.0.0.1 agent.3721.com
127.0.0.1 aifind.info
127.0.0.1 ajim.delphibbs.com
127.0.0.1 ajokeaday.com
127.0.0.1 ak.imgfarm.com
127.0.0.1 ak.tfag.de
127.0.0.1 akamai.downloadv3.com
127.0.0.1 alerts.internetwasher.com
127.0.0.1 alerts.systemsoap.com
127.0.0.1 alfhilde.buttonware.net
127.0.0.1 alibabanet.net
127.0.0.1 allaboutsearching.com
127.0.0.1 allcheapsolutions.com
127.0.0.1 allclicks.com
127.0.0.1 allcybersearch.com
127.0.0.1 allhyperlinks.com
127.0.0.1 allsubtitles.exits.ro
127.0.0.1 almightysearch.com
127.0.0.1 alpha.gigaisp.net
127.0.0.1 alpha.searchassistant.net
127.0.0.1 alset.com
127.0.0.1 altnet.com
127.0.0.1 amateur.freegayspace.com
127.0.0.1 amateur.xxxcounter.com
127.0.0.1 amazingautossearch.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 amigeek.com
127.0.0.1 amnv.net
127.0.0.1 ams-download.nocreditcard.com
127.0.0.1 ams-download.nocreditcardgay.com
127.0.0.1 anne.cdtnet.net
127.0.0.1 any-find.com
127.0.0.1 ao.lop.com
127.0.0.1 aphrodite.porntrack.com
127.0.0.1 app.desktop.ak-networks.com
127.0.0.1 app.ezula.com
127.0.0.1 app.peopleonpage.com
127.0.0.1 app.searchant.com
127.0.0.1 apps.clickcash.com
127.0.0.1 apps.shopnav.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 armbender.com
127.0.0.1 arsconsole.global-intermedia.com
127.0.0.1 as5000.wunderground.com
127.0.0.1 asians.join4free.com
127.0.0.1 assistant.3721.com
127.0.0.1 associmage.match.com
127.0.0.1 associmg.com
127.0.0.1 atoque.com
127.0.0.1 audiogalaxy.com
127.0.0.1 audioseek.net
127.0.0.1 australia.bpath.com
127.0.0.1 authorizedsearchagents.com
127.0.0.1 auto.isearch.com
127.0.0.1 avenuemedia.com
127.0.0.1 aveo.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 ax.180solutions.com
127.0.0.1 ayb.lop.com
127.0.0.1 b1-v2-bell.webhancer.com
127.0.0.1 b3d.com
127.0.0.1 ba2.systemsoap.net
127.0.0.1 badurl.grandstreetinteractive.com
127.0.0.1 badurl.ieplugin.com
127.0.0.1 banner.50megs.com
127.0.0.1 banner.arttoday.com
127.0.0.1 banner.date.com
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.freeservers.com
127.0.0.1 banner.missingkids.com
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banner1.inet-traffic.com
127.0.0.1 bannerads.zwire.com
127.0.0.1 bannerco-op.com
127.0.0.1 bannerexchange.cjb.net
127.0.0.1 banner-exchange.directbanners.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 bannermaster.geektech.com
127.0.0.1 banners.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 banners.asiafriendfinder.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 banners.dot.tk
127.0.0.1 banners.easydns.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 banners.hotqueens.com
127.0.0.1 banners.inetfast.com
127.0.0.1 banners.internetsexprovider.com
127.0.0.1 banners.largecash.com
127.0.0.1 banners.leadingedgecash.com
127.0.0.1 banners.nocreditcard.com
127.0.0.1 banners.nocreditcardgay.com
127.0.0.1 banners.orbitcycle.com
127.0.0.1 banners.outster.com
127.0.0.1 banners.pennyweb.com
127.0.0.1 banners.playboystore.com
127.0.0.1 banners.pythonvideo.com
127.0.0.1 banners.sextracker.com
127.0.0.1 banners.specificpop.com
127.0.0.1 banners.spylog.com
127.0.0.1 banners.truecash.com
127.0.0.1
127.0.0.1 banners.webmasterplan.com
127.0.0.1 banners2.pythonvideo.com
127.0.0.1 banner-server-usa-english.com
127.0.0.1 bannersgomlm.buildreferrals.com
127.0.0.1 bannersgomlm.com
127.0.0.1 bannerswap.com
127.0.0.1 bannersxchange.com
127.0.0.1 bannervip.web1000.com
127.0.0.1 bannerx.adtactics.com
127.0.0.1 bantam.ai.net
127.0.0.1 bar.baidu.com
127.0.0.1 bde3d.com
127.0.0.1 be.nedstat.net
127.0.0.1 be.sitestat.com
127.0.0.1 beech-info2.com
127.0.0.1 belgiandip.com
127.0.0.1 belt.abetterinternet.com
127.0.0.1 benjamin.xww.de
127.0.0.1 best.exits.ro
127.0.0.1 bestcrawler.com
127.0.0.1 best-search.info
127.0.0.1 beta.oversee.net
127.0.0.1 beta.searchassistant.net
127.0.0.1 bgw.qsrch.com
127.0.0.1 bidclix.net
127.0.0.1 bigbrother.gigatechsoftware.com
127.0.0.1 bighits.net
127.0.0.1 bigsexvideos.com
127.0.0.1 bigticker.bighits.net
127.0.0.1 bigtracker.com
127.0.0.1 bilbo.counted.com
127.0.0.1 bins.lop.com
127.0.0.1 bins.roings.com
127.0.0.1 bins2.media-motor.net
127.0.0.1 bis.180solutions.com
127.0.0.1 bisads.180solutions.com
127.0.0.1 bizonio.com
127.0.0.1 bjvvhk.t.muxa.cc
127.0.0.1 blacksnake.com
127.0.0.1 blanksearch.biz
127.0.0.1 blazefind.com
127.0.0.1 blowsearch.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 bluezipper.com
127.0.0.1 bohema.amillo.net
127.0.0.1 bookedspace.com
127.0.0.1 books.exits.ro
127.0.0.1 boomerank.com
127.0.0.1 botw.topbucks.com
127.0.0.1 bounty.bighits.net
127.0.0.1 brilliantdigital.com
127.0.0.1 browser.secondpower.com
127.0.0.1 browseraid.com
127.0.0.1 browserpal.com
127.0.0.1 browserwise.com
127.0.0.1 bs.Email Removed
127.0.0.1 bs0.einets.com
127.0.0.1 bs1.einets.com
127.0.0.1 bs10.einets.com
127.0.0.1 bs2.einets.com
127.0.0.1 bs3.einets.com
127.0.0.1 bs4.einets.com
127.0.0.1 bs5.einets.com
127.0.0.1 bs6.einets.com
127.0.0.1 bs7.einets.com
127.0.0.1 bs8.einets.com
127.0.0.1 bs9.einets.com
127.0.0.1 build.tripod.com
127.0.0.1 bulkclicks.com
127.0.0.1 bundleware.com
127.0.0.1 button.clickability.com
127.0.0.1 c.abetterinternet.com
127.0.0.1 c.centralmedia.ws
127.0.0.1 c.clickaire.com
127.0.0.1 c.coolshader.com
127.0.0.1 c.fsx.com
127.0.0.1 c.intelliquest.com
127.0.0.1 c.mii.instacontent.net
127.0.0.1 c.porngraph.com
127.0.0.1 c.usatoday.com
127.0.0.1 c0bb8.ilxt.info
127.0.0.1 c1.gostats.com
127.0.0.1 c1.outster.com
127.0.0.1 c1.statcounter.com
127.0.0.1 c1.thecounter.com
127.0.0.1 c1.xxxcounter.com
127.0.0.1 c1dcon.ewizard.cc
127.0.0.1 c2.gostats.com
127.0.0.1 c2.outster.com
127.0.0.1 c2.thecounter.com
127.0.0.1 c2.xxxcounter.com
127.0.0.1 c3.thecounter.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 c4.iwon.com
127.0.0.1 c4.maxserving.com
127.0.0.1 c4.mysearch.com
127.0.0.1 cabs.media-motor.net
127.0.0.1 cabs.roings.com
127.0.0.1 cache.unicast.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 cards.searchalot.com
127.0.0.1 caroline.cdtnet.net
127.0.0.1 cashclicks.com
127.0.0.1 cashcount.com
127.0.0.1 cashpile.com
127.0.0.1 cashsearch.biz
127.0.0.1 cashtour.com
127.0.0.1 cassandra.searchassistant.net
127.0.0.1 categories.mygeek.com
127.0.0.1 caweb1.clickxchange.com
127.0.0.1 caweb2.clickxchange.com
127.0.0.1 cb.adprofile.net
127.0.0.1 cb1.counterbot.com
127.0.0.1 cbird.sextracker.com
127.0.0.1 cbird6.sextracker.com
127.0.0.1 cbronline.adbureau.net
127.0.0.1 cc.iwon.com
127.0.0.1 cc20foreva.com
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 cc-dt.com
127.0.0.1 cdn.climaxbucks.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn1.adsdk.com
127.0.0.1 cdn2.adsdk.com
127.0.0.1 cdtnet.net
127.0.0.1 centralmedia.ws
127.0.0.1 cftrack.idownload.com
127.0.0.1 cftrack.uninstaller.com
127.0.0.1 cgi.gaysexswap.com
127.0.0.1 cgi.hotstat.nl
127.0.0.1 cgi.sexlist.com
127.0.0.1 cgi.sexswap.com
127.0.0.1 cgi.sexswap2.com
127.0.0.1 cgi.sexswap2000.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 chat.ezula.com
127.0.0.1 checkin.clickalchemy.com
127.0.0.1 chewbacca.cybereps.com
127.0.0.1 citi.bridgetrack.com
127.0.0.1 cj.xrenoder.com
127.0.0.1 cl55.biz
127.0.0.1 classic.adlink.de
127.0.0.1 classifieds1000.com
127.0.0.1 cleangetaway.biz
127.0.0.1 clearfind.com
127.0.0.1 clear-search.com
127.0.0.1 click.dotcomtoolbar.com
127.0.0.1 click.findthewebsiteyouneed.com
127.0.0.1 click.fool.com
127.0.0.1 click.go2net.com
127.0.0.1 click.hotlog.ru
127.0.0.1 click.payserve.com
127.0.0.1 click.silvercash.com
127.0.0.1 click2boost.com
127.0.0.1 click2findnow.com
127.0.0.1 clickalchemy.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 clickedyclick.com
127.0.0.1 clickit.go2net.com
127.0.0.1 clicks.adultplex.com
127.0.0.1 clicks.asianamateurpages.com
127.0.0.1 clicks.equantum.com
127.0.0.1 clicks.firstname.com
127.0.0.1 clicks2.oxcash.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 clickthru.net
127.0.0.1 clickthrunet.net
127.0.0.1 clickthrutraffic.com
127.0.0.1 clicktrack.wnu.com
127.0.0.1 clicktraq.mtree.com
127.0.0.1 clickxchange.com
127.0.0.1 clickyestoenter.net
127.0.0.1 clicz.com
127.0.0.1 client.newdotnet.net
127.0.0.1 climaxbucks.com
127.0.0.1 clit.sextracker.com
127.0.0.1 clit1.sextracker.com
127.0.0.1 clit10.sextracker.com
127.0.0.1 clit11.sextracker.com
127.0.0.1 clit12.sextracker.com
127.0.0.1 clit13.sextracker.com
127.0.0.1 clit14.sextracker.com
127.0.0.1 clit15.sextracker.com
127.0.0.1 clit2.sextracker.com
127.0.0.1 clit3.sextracker.com
127.0.0.1 clit4.sextracker.com
127.0.0.1 clit5.sextracker.com
127.0.0.1 clit6.sextracker.com
127.0.0.1 clit7.sextracker.com
127.0.0.1 clit8.sextracker.com
127.0.0.1 clit9.sextracker.com
127.0.0.1 clix.superclix.de
127.0.0.1 clk4.com
127.0.0.1 clr-sch.com
127.0.0.1 clrsch.com
127.0.0.1 cluster-03.topbucks.com
127.0.0.1 cm8.lycos.com
127.0.0.1 cmi.ibill.com
127.0.0.1 cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 cnt.one.ru
127.0.0.1 cnt.rapidblaster.com
127.0.0.1 cocktailcash.com
127.0.0.1 code.ignphrases.com
127.0.0.1 code.netbreak.com.au
127.0.0.1 coder3862004.cjb.net
127.0.0.1 codice.shinystat.it
127.0.0.1 collector.deepmetrix.com
127.0.0.1 comclick.com
127.0.0.1 commerce.mii.instacontent.net
127.0.0.1 commonname.com
127.0.0.1 commonnames.com
127.0.0.1 compnet.us.intellitxt.com
127.0.0.1 conf.conspy.com
127.0.0.1 conf.redswoosh.com
127.0.0.1 conf.redswoosh.net
127.0.0.1 config.fordaleltd.com
127.0.0.1 config.grandstreetinteractive.com
127.0.0.1 config.medialoads.com
127.0.0.1 config.url404.com
127.0.0.1 congratulations.travelengine.net
127.0.0.1 connect.andlotsmore.com
127.0.0.1 connect.online-dialer.com
127.0.0.1 connectionzone.com
127.0.0.1 cons.xrenoder.com
127.0.0.1 console.popupsponsor.com
127.0.0.1 conspy.com
127.0.0.1 content.adprofile.net
127.0.0.1 content.delfinproject.com
127.0.0.1 content.netvenda.com
127.0.0.1 contest.x10.com
127.0.0.1 contexualsearch.com
127.0.0.1 control.123banners.com
127.0.0.1 control.x10.com
127.0.0.1 conyc.com
127.0.0.1 coolpage.cc
127.0.0.1 coolsearcher.info
127.0.0.1 coolshader.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 corp.3721.com
127.0.0.1 count.casino-trade.com
127.0.0.1 count.cc
127.0.0.1 count.paycounter.com
127.0.0.1 count.popupsponsor.com
127.0.0.1 count.revenue.net
127.0.0.1 counted.com
127.0.0.1 counter.1stblaze.com
127.0.0.1 counter.adultcheck.com
127.0.0.1 counter.adultrevenueservice.com
127.0.0.1 counter.aport.ru
127.0.0.1 counter.bizland.com
127.0.0.1 counter.bloke.com
127.0.0.1 counter.digits.com
127.0.0.1 counter.netmore.net
127.0.0.1 counter.rambler.ru
127.0.0.1 counter.search.bg
127.0.0.1 counter.sparklit.com
127.0.0.1 counter.xxxcool.com
127.0.0.1 counter.yadro.ru
127.0.0.1 counter1.sextracker.com
127.0.0.1 counter10.sextracker.com
127.0.0.1 counter11.sextracker.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.sextracker.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter4all.dk
127.0.0.1 counter4u.de
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.sextracker.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 counterbot.com
127.0.0.1 counterstrike.server.us
127.0.0.1 cr.stop-popup-ads-now.com
127.0.0.1 creatives.adintelligence.net
127.0.0.1 creatives.ads360.com
127.0.0.1 crosskirk.com
127.0.0.1 crossroad.adgoblin.com
127.0.0.1 crossroad.trekdata.com
127.0.0.1 crs.akamai.com
127.0.0.1
127.0.0.1 cserver.mii.instacontent.net
127.0.0.1 ct.sexadnet.com
127.0.0.1 ct1.hypercount.com
127.0.0.1 ct2.comclick.com
127.0.0.1 ct2.hypercount.com
127.0.0.1 ct3.hypercount.com
127.0.0.1 ct4.hypercount.com
127.0.0.1 ct5.hypercount.com
127.0.0.1 ctc.amateurpages.com
127.0.0.1 ctgbn.stellaremperor.com
127.0.0.1 ctl.twain-tech.com
127.0.0.1 customize.netster.com
127.0.0.1 cxoadfarm.dyndns.info
127.0.0.1 cxoads.dyndns.info
127.0.0.1 cxoreport.dnsalias.net
127.0.0.1 cyberbounty.com
127.0.0.1 cytron.com
127.0.0.1 cz2.clickzs.com
127.0.0.1 cz3.clickzs.com
127.0.0.1 cz4.clickzs.com
127.0.0.1 cz5.clickzs.com
127.0.0.1 cz6.clickzs.com
127.0.0.1 cz7.clickzs.com
127.0.0.1 cz8.clickzs.com
127.0.0.1 d.crackedearth.com
127.0.0.1 d.dialer2004.com
127.0.0.1 d.webhancer.com
127.0.0.1 d2.webhancer.com
127.0.0.1 d3.webhancer.com
127.0.0.1 dafinder.com
127.0.0.1 dailywinner.net
127.0.0.1 darin.eq5.oversee.net
127.0.0.1 data.coremetrics.com
127.0.0.1 data.quicksearches.net
127.0.0.1 datastorm.biz
127.0.0.1 dating.friendsearch.com
127.0.0.1 db0.net-filter.com
127.0.0.1 db0.sitestats.com
127.0.0.1 db1.sitestats.com
127.0.0.1 db2.net-filter.com
127.0.0.1 db2.sitestats.com
127.0.0.1 db3.net-filter.com
127.0.0.1 db3.sitestats.com
127.0.0.1 db4.net-filter.com
127.0.0.1 db4.sitestats.com
127.0.0.1 db5.net-filter.com
127.0.0.1 db5.sitestats.com
127.0.0.1 db6.net-filter.com
127.0.0.1 db6.sitestats.com
127.0.0.1 db7.net-filter.com
127.0.0.1 db7.sitestats.com
127.0.0.1 dbbsrv.com
127.0.0.1 dbcventures.com
127.0.0.1 dcapps.disney.go.com
127.0.0.1 de.sitestat.nedstat.net
127.0.0.1 defaultsearching.com
127.0.0.1 defender.veloz.com
127.0.0.1 delfinproject.com
127.0.0.1 delivery.inet-traffic.com
127.0.0.1 delta.adroar.com
127.0.0.1 demo.advertising.com
127.0.0.1 demon1.linksummary.com
127.0.0.1 demon2.linksummary.com
127.0.0.1 dev.adorigin.com
127.0.0.1 dev.ntcor.com
127.0.0.1 devcnt.rapidblaster.com
127.0.0.1 dev-download.nocreditcard.com
127.0.0.1 devfast.mediacharger.com
127.0.0.1 devfw.imrworldwide.com
127.0.0.1 devshed.us.intellitxt.com
127.0.0.1 dh02-001.eacceleration.com
127.0.0.1 dh02-002.eacceleration.com
127.0.0.1 dh02-003.eacceleration.com
127.0.0.1 dh02-004.eacceleration.com
127.0.0.1 dh02-005.eacceleration.com
127.0.0.1 dh02-006.eacceleration.com
127.0.0.1 dh02-009.eacceleration.com
127.0.0.1 dh02-010.eacceleration.com
127.0.0.1 dialeraccess.com
127.0.0.1 dialeradmin.com
127.0.0.1 dialerclub.com
127.0.0.1 dialercom.com
127.0.0.1 diallerplugin.com
127.0.0.1 didtheyreadit.com
127.0.0.1 dinamo.directwebsearch.net
127.0.0.1 dir.3721.com
127.0.0.1 dir.searchsprint.com
127.0.0.1 dir.spylog.ru
127.0.0.1 dir1.spylog.ru
127.0.0.1 direct.data-line.us
127.0.0.1 direct.simpletraffic.com
127.0.0.1 directads.mcafee.com
127.0.0.1 directcoupons.com
127.0.0.1 directleads.com
127.0.0.1 directplugin.com
127.0.0.1 directtrack.com
127.0.0.1 distribution.trafficsyndicate.com
127.0.0.1 dka.directwebsearch.net
127.0.0.1 dl.dialerssolution.com
127.0.0.1 dldw.medialoads.com
127.0.0.1 dldwb1.medialoads.com
127.0.0.1 dlkw.drsnsrch.com
127.0.0.1 dlsearchbar.com
127.0.0.1 dlstats.eurodnsservices.com
127.0.0.1 dn.adzerver.com
127.0.0.1 dns2010.vicp.net
127.0.0.1 docs1.iwon.com
127.0.0.1 doc-tracker.com
127.0.0.1 domainimages.targetwords.com
127.0.0.1 domainimages2.targetwords.com
127.0.0.1 domainlanding.targetwords.com
127.0.0.1 domainsponsor.oversee.net
127.0.0.1 download.35mb.com
127.0.0.1 download.3721.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 download.adintelligence.net
127.0.0.1 download.bonzi.com
127.0.0.1 download.bulletproofsoft.com
127.0.0.1 download.dlsearchbar.com
127.0.0.1 download.feiyang.com
127.0.0.1 download.getmirar.com
127.0.0.1 download.gigatechsoftware.com
127.0.0.1 download.globaldialer.net
127.0.0.1 download.internetwasher.com
127.0.0.1 download.ipinsight.net
127.0.0.1 download.mediacharger.com
127.0.0.1 download.msgplus.net
127.0.0.1 download.nocreditcard.com
127.0.0.1 download.nocreditcardgay.com
127.0.0.1 download.online-dialer.com
127.0.0.1 download.opistat.com
127.0.0.1 download.peopleonpage.com
127.0.0.1 download.quickflicks.com
127.0.0.1 download.redswoosh.com
127.0.0.1 download.redswoosh.net
127.0.0.1 download.rfwnad.com
127.0.0.1 download.secondpower.com
127.0.0.1 download.sidestep.com
127.0.0.1 download.smartpops.com
127.0.0.1 download.softwareds.com
127.0.0.1 download.spywarelabs.com
127.0.0.1 download.startsurfing.com
127.0.0.1 download.stripplayer.com
127.0.0.1 download.tibsystems.com
127.0.0.1 download.tscash.com
127.0.0.1 download.vladzone.com
127.0.0.1 download.vx2.cc
127.0.0.1 download.webhancer.com
127.0.0.1 download1.0190-dialers.com
127.0.0.1 download1.shopathomeselect.com
127.0.0.1 download1.speedbit.com
127.0.0.1 download2.0190-dialers.com
127.0.0.1 download2.abetterinternet.com
127.0.0.1 download2.speedbit.com
127.0.0.1 download3.payoutpal.com
127.0.0.1 download3.speedbit.com
127.0.0.1 download4.payoutpal.com
127.0.0.1 downloadaccelerator.com
127.0.0.1 downloadaccelerator.net
127.0.0.1 download-ak.internetwasher.com
127.0.0.1 download-ak.systemsoap.com
127.0.0.1 downloadalot.com
127.0.0.1 downloads.aaa1screensavers.com
127.0.0.1 downloads.shopathomeselect.com
127.0.0.1 downloads.spywarelabs.com
127.0.0.1 downloadware.net
127.0.0.1 dp.information.com
127.0.0.1 drusearch.com
127.0.0.1 ds.cybereps.com
127.0.0.1 ds.starmedia.com
127.0.0.1 dst.trafficsyndicate.com
127.0.0.1 dubolom.com
127.0.0.1 duolaimi.net
127.0.0.1 dw.dailywinner.net
127.0.0.1 dyn.virtumundo.com
127.0.0.1 dynaserv.ads360.com
127.0.0.1 dyntraq.mtree.com
127.0.0.1 e.rn11.com
127.0.0.1 e.systemsoap.com
127.0.0.1 e2give.com
127.0.0.1 e89.friendfinder.com
127.0.0.1 easy.adpowerzone.com
127.0.0.1 easytoolbar.com
127.0.0.1 ebony.andlotsmore.com
127.0.0.1 ebonyplugin.com
127.0.0.1 ebtmarketing.com
127.0.0.1 econnect.libereco.net
127.0.0.1 ecpm.com
127.0.0.1 edn.redswoosh.com
127.0.0.1 edn.redswoosh.net
127.0.0.1 efc.iwon.com
127.0.0.1 effect001.enliven.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehttp.cc
127.0.0.1 eimg.com
127.0.0.1 elicanada.com
127.0.0.1 els.redswoosh.net
127.0.0.1 engage.everyone.net
127.0.0.1 enjoysearch.info
127.0.0.1 enliven.com
127.0.0.1 enter.hypercount.com
127.0.0.1 entryplugin.com
127.0.0.1 envolo.peopleonpage.com
127.0.0.1 e-plus.cc
127.0.0.1 eps.new.search.new.net
127.0.0.1 epsilon.searchassistant.net
127.0.0.1 er.errorplace.com
127.0.0.1 er.searchsprint.com
127.0.0.1 errorpage404.com
127.0.0.1 es.1clickspyclean.com
127.0.0.1 es.nedstat.net
127.0.0.1 escati.linkopp.net
127.0.0.1 espana.netvenda.com
127.0.0.1 espana01.netvenda.com
127.0.0.1 etype.adbureau.net
127.0.0.1 eu-adcenter.net
127.0.0.1 eventuresnv.com
127.0.0.1 exactsearchbar.com
127.0.0.1 exceip.com
127.0.0.1 exit.megago.com
127.0.0.1 exit.onlineexit.com
127.0.0.1 exit.sellyourexit.com
127.0.0.1 exit.silvercash.com
127.0.0.1 exit.xpays.com
127.0.0.1 exitexchange.com
127.0.0.1 exits.freepornpics.com
127.0.0.1 exitstitial.infospacehosting.net
127.0.0.1 express.3721.com
127.0.0.1 extreme-dm.com
127.0.0.1 ezcybersearch.com
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 ez-finder.com
127.0.0.1 ez-searching.com
127.0.0.1 f1organizer.com
127.0.0.1 faq.mainpean.de
127.0.0.1 fassia.net
127.0.0.1 fast.mediacharger.com
127.0.0.1 fastsearch.cc
127.0.0.1 fastseeker.com
127.0.0.1 fasttrack.nu
127.0.0.1 fastwebfinder.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 fdadfswr.com
127.0.0.1 featured-results.com
127.0.0.1 feeds.global-intermedia.com
127.0.0.1 files.msgplus.net
127.0.0.1 find.greatsearch.info
127.0.0.1 find.reliableresults.info
127.0.0.1 findloss.com
127.0.0.1 findology.mail.everyone.net
127.0.0.1 find-online.net
127.0.0.1 find-quick.com
127.0.0.1 findthewebsiteyouneed.com
127.0.0.1 findwhatevernow.com
127.0.0.1 findwhatevernow.searchbrowser.com
127.0.0.1 fine-search.net
127.0.0.1 fiona.ai.net
127.0.0.1 firehunt.com
127.0.0.1 firstname.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 flashtrack.net
127.0.0.1 flingstone.com
127.0.0.1 flipperkeys.com
127.0.0.1 flyinads.com
127.0.0.1 forbes.us.intellitxt.com
127.0.0.1 fordaleltd.com
127.0.0.1 forum.electronic-group.com
127.0.0.1 fpctraffic2.com
127.0.0.1 fr.sitestat.com
127.0.0.1 fr4-download.nocreditcard.net
127.0.0.1 fr4-download.stripplayer.com
127.0.0.1 fr4-download.strip-player.com
127.0.0.1 fr4-network.nocreditcard.com
127.0.0.1 fr4-scripts.downloadv3.com
127.0.0.1 free.hcworld.com
127.0.0.1 free.wegcash.com
127.0.0.1 free.xxxcounter.com
127.0.0.1 free-counter.5u.com
127.0.0.1 freecounter.unms.com
127.0.0.1 freelivesex.cf.mtreexxx.net
127.0.0.1 freemp3blaster.com
127.0.0.1 freescratchandwin.com
127.0.0.1 free-scratch-cards.com
127.0.0.1 free-spy-cam.net
127.0.0.1 freestats.com
127.0.0.1 free-stats.com
127.0.0.1 free-stats.i8.com
127.0.0.1 freestuff.com.19828.fb.dbbsrv.com
127.0.0.1 freeticketcash.cf.mtreexxx.net
127.0.0.1 freeticketcash.com
127.0.0.1 freexxxplace.com
127.0.0.1 frontpagecash.com
127.0.0.1 fsc2k.com
127.0.0.1 fstrack.7search.com
127.0.0.1 ftp.123banners.com
127.0.0.1 ftp.clicktracking.info
127.0.0.1 ftp.control.123banners.com
127.0.0.1 [censored]edlesbian.com
127.0.0.1 full-search.net
127.0.0.1 gallery.rampid.com
127.0.0.1 games.andlotsmore.com
127.0.0.1 gaming.gamesplayground.com
127.0.0.1 gayplugin.com
127.0.0.1 gaysexswap.com
127.0.0.1 gd.geobytes.com
127.0.0.1 genericscanner.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 geo2.track-star.com
127.0.0.1 geoads.osdn.com
127.0.0.1 gestion.xiti.com
127.0.0.1 get.directwebsearch.net
127.0.0.1 get.downloadalot.com
127.0.0.1 get.trafficmultiplier.com
127.0.0.1 getpopped.com
127.0.0.1 getthis4free.com
127.0.0.1 getupdate.com
127.0.0.1 gfx.dvlabs.com
127.0.0.1 gigex.com
127.0.0.1 gkn.directwebsearch.net
127.0.0.1 glintbill.com
127.0.0.1 global-finder.com
127.0.0.1 global-netcom.de
127.0.0.1 globalstats.hotlog.ru
127.0.0.1 globe-finder.cc
127.0.0.1 globe-finder.net
127.0.0.1 globesearch.com
127.0.0.1 go.mailbits.com
127.0.0.1 go.startnow.com
127.0.0.1 go.targetsearch.info
127.0.0.1 go.trafficmultiplier.com
127.0.0.1 gocybersearch.com
127.0.0.1 goi.com
127.0.0.1 goinnow.com
127.0.0.1 go-in-now.com
127.0.0.1 goldstats.net
127.0.0.1 gonnasearch.com
127.0.0.1 gorefer.com
127.0.0.1 gostats.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 gotosearch.msmn.com
127.0.0.1 grafix.xxxcounter.com
127.0.0.1 grandstreetinteractive.com
127.0.0.1 graphics.tickerbar.info
127.0.0.1 graphics.x10.com
127.0.0.1 graphics1.sextracker.com
127.0.0.1 graphics2.sextracker.com
127.0.0.1 great.andlotsmore.com
127.0.0.1 greatplugin.com
127.0.0.1 greatsearch.biz
127.0.0.1 greatstartpage.com
127.0.0.1 greenhorse.com
127.0.0.1 gs.spylog.ru
127.0.0.1 gstats.spylog.com
127.0.0.1 guannan.3322.net
127.0.0.1 guest.adultfriendfinder.com
127.0.0.1 guestworld.tripod.lycos.com
127.0.0.1 hamster.com
127.0.0.1 hangoutspot.com
127.0.0.1 hardy.netster.com
127.0.0.1 hastalavista.com
127.0.0.1 hc2.humanclick.com
127.0.0.1 hcworld.com
127.0.0.1 help.mysearch.com
127.0.0.1 help.stardialer.de
127.0.0.1 here4search.com
127.0.0.1 hestia.sextrail.com
127.0.0.1 hightrafficads.com
127.0.0.1 hit.hotlog.ru
127.0.0.1 hit.lookupanything.biz
127.0.0.1 hit.namimedia.com
127.0.0.1 hit1.hotlog.ru
127.0.0.1 hit1.vioclicks.com
127.0.0.1 hit2.hotlog.ru
127.0.0.1 hit3.hotlog.ru
127.0.0.1 hit4.hotlog.ru
127.0.0.1 hit5.hotlog.ru
127.0.0.1 hit6.hotlog.ru
127.0.0.1 hit7.hotlog.ru
127.0.0.1 hit8.hotlog.ru
127.0.0.1 hit9.hotlog.ru
127.0.0.1 hit-counter.5u.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 hitgo.com
127.0.0.1 hithopper.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 hit-parade.com
127.0.0.1 hitq.com
127.0.0.1 hits.411web.com
127.0.0.1 hits.icdirect.com
127.0.0.1 hits.sexcites.com
127.0.0.1 hits.spylog.com
127.0.0.1 hits.webstat.com
127.0.0.1 home.adultcash.com
127.0.0.1 home.free-banners.com
127.0.0.1 home.iwon.com
127.0.0.1 home.netster.com
127.0.0.1 homepagecash.com
127.0.0.1 homepageware.com
127.0.0.1 hop.clickbank.net
127.0.0.1 host1.list.ru
127.0.0.1 host11.list.ru
127.0.0.1 host12.list.ru
127.0.0.1 host13.list.ru
127.0.0.1 host14.list.ru
127.0.0.1 host3.list.ru
127.0.0.1 host4.list.ru
127.0.0.1 host7.list.ru
127.0.0.1 hosting.sextracker.com
127.0.0.1 hotbookmark.com
127.0.0.1 hotels.sidestep.com
127.0.0.1 hotphrase.com
127.0.0.1 hotpopup.com
127.0.0.1 hotqueens.com
127.0.0.1 hotsearch.com
127.0.0.1 hotsearchbar.com
127.0.0.1 hourly.gammae.com
127.0.0.1 hpu.bluezipper.com
127.0.0.1 http.edge.ru4.com
127.0.0.1 http.edge.vru4.com
127.0.0.1 http1.edge.ru4.com
127.0.0.1 http10.edge.ru4.com
127.0.0.1 http2.edge.ru4.com
127.0.0.1 http201.edge.ru4.com
127.0.0.1 http3.edge.ru4.com
127.0.0.1 http300.edge.ru4.com
127.0.0.1 http4.edge.ru4.com
127.0.0.1 http5.edge.ru4.com
127.0.0.1 http6.edge.ru4.com
127.0.0.1 http7.edge.ru4.com
127.0.0.1 http8.edge.ru4.com
127.0.0.1 http9.edge.ru4.com
127.0.0.1 huntbar.com
127.0.0.1 hyperbanner.net
127.0.0.1 hypercount.com
127.0.0.1 i.popupsponsor.com
127.0.0.1 i.rn11.com
127.0.0.1 i1img.com
127.0.0.1 ia.spinbox.net
127.0.0.1 iads.adroar.com
127.0.0.1 icache.getrelevant.com
127.0.0.1 icanfindit.net
127.0.0.1 icansearch.net
127.0.0.1 icentric.us.intellitxt.com
127.0.0.1 iclicks.net
127.0.0.1 icon.clickthru.net
127.0.0.1 idgsearch.com
127.0.0.1 ie.marketdart.com
127.0.0.1 ie.targetwords.com
127.0.0.1 ie.twrds.com
127.0.0.1 iefeadsl.com
127.0.0.1 ieplugin.com
127.0.0.1 igetnet.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 image.adjuggler.com
127.0.0.1 image.i1img.com
127.0.0.1 image.imgfarm.com
127.0.0.1 image.masterstats.com
127.0.0.1 image.ugo.com
127.0.0.1 image2000.mtreexxx.net
127.0.0.1 image-catcher.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 images.adultplex.com
127.0.0.1 images.atweb.com
127.0.0.1 images.bonzi.com
127.0.0.1 images.cybereps.com
127.0.0.1 images.exitexchange.com
127.0.0.1 images.go2net.com
127.0.0.1 images.rambler.ru
127.0.0.1 images.speedbit.com
127.0.0.1 images.targetwords.com
127.0.0.1 images.tibsystems.com
127.0.0.1 images.trafficmp.com
127.0.0.1 images1.paycounter.com
127.0.0.1 images2.vpptechnologies.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 imageserver1.thruport.com
127.0.0.1 img.3721.com
127.0.0.1 img.7meta.com
127.0.0.1 img.adsag.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 img.lop.com
127.0.0.1 img.msgtag.com
127.0.0.1 img.peopleonpage.com
127.0.0.1 img.rn11.com
127.0.0.1 img.webring.com
127.0.0.1 img1.webring.com
127.0.0.1 imgfarm.com
127.0.0.1 imgserv.adbutler.com
127.0.0.1 impfr.tradedoubler.com
127.0.0.1 impgb.tradedoubler.com
127.0.0.1 impit.tradedoubler.com
127.0.0.1 impress.targetwords.com
127.0.0.1 impression.7search.com
127.0.0.1 impse.tradedoubler.com
127.0.0.1 in.mainentrypoint.com
127.0.0.1 in.netster.com
127.0.0.1 in.paycounter.com
127.0.0.1 inboxrewards.com
127.0.0.1 includes.all2save.com
127.0.0.1 indiads.com
127.0.0.1 inet-traffic.com
127.0.0.1 infinity.zango.com
127.0.0.1 info.browserdirect.net
127.0.0.1 info.browserpal.com
127.0.0.1 info.securegetaway.com
127.0.0.1 info.spylog.ru
127.0.0.1 infostart.com
127.0.0.1 innovativemarketing.com
127.0.0.1 install.browsertoolbar.com
127.0.0.1 install.global-netcom.de
127.0.0.1 install.redswoosh.com
127.0.0.1 install.redswoosh.net
127.0.0.1 install.searchmiracle.com
127.0.0.1 install.sidesearch.lycos.com
127.0.0.1 install.spywarelabs.com
127.0.0.1 install.stardialer.de
127.0.0.1 install.xxxtoolbar.com
127.0.0.1 installdollars.com
127.0.0.1 instant-access.nocreditcard.com
127.0.0.1 instant-access.nocreditcard.net
127.0.0.1 instant-access.nocreditcardgay.com
127.0.0.1 instant-access.sex-explorer.com
127.0.0.1 int.sitestat.com
127.0.0.1 internal.vx2.cc
127.0.0.1 internetantispy.com
127.0.0.1 internet-optimizer.com
127.0.0.1 internetwasher.com
127.0.0.1 ipend.datastorm.biz
127.0.0.1 ipinsight.com
127.0.0.1 iquicksearch.net
127.0.0.1 is1.crawler.com
127.0.0.1 i--search.com
127.0.0.1 isearchtech.com
127.0.0.1 ispdialer.com
127.0.0.1 istarthere.com
127.0.0.1 itxt.vibrantmedia.com
127.0.0.1 jdaf.com
127.0.0.1 jethomepage.com
127.0.0.1 jetseeker.com
127.0.0.1 jmm.livestat.com
127.0.0.1 join.movienetworks.com
127.0.0.1 join.popcorn.net
127.0.0.1 join4free.cf.mtreexxx.net
127.0.0.1 join4free.com
127.0.0.1 jp1.sb01.com
127.0.0.1 jraun.com
127.0.0.1 js.count.cc
127.0.0.1 js.cybermonitor.com
127.0.0.1 js.domainsponsor.com
127.0.0.1 js.livehelper.com
127.0.0.1 js.statistici.ro
127.0.0.1 js6.clickzs.com
127.0.0.1 js7.clickzs.com
127.0.0.1 junior.apk.net
127.0.0.1 k17177.bins.lop.com
127.0.0.1 kabanga.com
127.0.0.1 karmajunction.com
127.0.0.1 kazanon.com
127.0.0.1 klipads.dvlabs.com
127.0.0.1 klounada.com
127.0.0.1 krd.realcities.com
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 landing.domainsponsor.com
127.0.0.1 lasagne.adlogix.com
127.0.0.1 laurel.netster.com
127.0.0.1 lbvh2.ttsg.com
127.0.0.1 lc.squarepath.com
127.0.0.1 legal.electronic-group.com
127.0.0.1 letssearch.com
127.0.0.1 libereco.net
127.0.0.1 lidan.com
127.0.0.1 link.affiliatebot.com
127.0.0.1 link.masterstats.com
127.0.0.1 link.rawtocash.net
127.0.0.1 link.siccash.com
127.0.0.1 link4link.com
127.0.0.1 linkexchange.ru
127.0.0.1 linklist.cc
127.0.0.1 links.outster.com
127.0.0.1 links.sextracker.com
127.0.0.1 linksummary.com
127.0.0.1 linktracker.angelfire.com
127.0.0.1 linktracker.tripod.com
127.0.0.1 list.ru
127.0.0.1 list2004.com
127.0.0.1 listincestsites.com
127.0.0.1 lists.adroar.com
127.0.0.1 lists.directcoupons.com
127.0.0.1 live.sex-explorer.com
127.0.0.1 liveperson.net
127.0.0.1 lives.sex-explorer.com
127.0.0.1 livingnet.adtech.de
127.0.0.1 lmcd.us.intellitxt.com
127.0.0.1 loadown.net
127.0.0.1 lobby.sexlist.com
127.0.0.1 locator.imagesrvr.com
127.0.0.1 locators.com
127.0.0.1 log.statistici.ro
127.0.0.1 log.trafic.ro
127.0.0.1 loga.hit-parade.com
127.0.0.1 loga.xiti.com
127.0.0.1 logc13.xiti.com
127.0.0.1 logo.affiliatebot.com
127.0.0.1 logoplugin.com
127.0.0.1 logp.xiti.com
127.0.0.1 logs.roings.com
127.0.0.1 logv20.xiti.com
127.0.0.1 logv3.xiti.com
127.0.0.1 look2me.com
127.0.0.1 looking-for.cc
127.0.0.1 look-today.com
127.0.0.1 lop.com
127.0.0.1 loudcash.com
127.0.0.1 loveadot.com
127.0.0.1 ls0.net
127.0.0.1 lstat.susanin.com
127.0.0.1 luckyhomepage.com
127.0.0.1 luckysearch.net
127.0.0.1 lustler.com
127.0.0.1 lycos.com.org
127.0.0.1 lycos-eu.imrworldwide.com
127.0.0.1 lz.mainentrypoint.com
127.0.0.1 m.rmbclick.com
127.0.0.1 m1.nedstatbasic.net
127.0.0.1 magic.3721.com
127.0.0.1 mail.mailwiper.com
127.0.0.1 mail.netster.com
127.0.0.1 mail.searchalot.com
127.0.0.1 mail.vx2.cc
127.0.0.1 mailwiper.com
127.0.0.1 main.netster.com
127.0.0.1 main.vpptechnologies.com
127.0.0.1 mainentrypoint.com
127.0.0.1 mair.net
127.0.0.1 manipulatingtheicesurface.com
127.0.0.1 maps.netster.com
127.0.0.1 mark.3721.com
127.0.0.1 marketdart.com
127.0.0.1 marketscore.com
127.0.0.1 marnet.us
127.0.0.1 martfinder.com
127.0.0.1 mass-traffic.com
127.0.0.1 master.mx-targeting.com
127.0.0.1 masterdialer.de
127.0.0.1 mature.xxxcounter.com
127.0.0.1 mau.sextracker.com
127.0.0.1 maxexp.com
127.0.0.1 maximuncash.com
127.0.0.1 mb.crawler.com
127.0.0.1 mds.centrport.net
127.0.0.1 measurement.redsheriff.com
127.0.0.1 media.adrevolver.com
127.0.0.1 media.altnet.com
127.0.0.1 media.exchange-it.com
127.0.0.1 media.gigex.com
127.0.0.1 media.pointroll.com
127.0.0.1 media.popunder.com
127.0.0.1 media.rapid-pass.net
127.0.0.1 mediacharger.com
127.0.0.1 medialoads.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediatrack.popupsponsor.com
127.0.0.1 mediatrack.revenue.net
127.0.0.1 mega.directwebsearch.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 megadialer.com
127.0.0.1 megaporn.cf.mtreexxx.net
127.0.0.1 megapornbucks.com
127.0.0.1 members.sexroulette.com
127.0.0.1 members.swimsuitnetwork.com
127.0.0.1 membersplugin.com
127.0.0.1 memorymeter.com
127.0.0.1 messagebroadcaster.net
127.0.0.1 meta.3721.com
127.0.0.1 micorsoft.com
127.0.0.1 microsoft.com.org
127.0.0.1 microsoit.com
127.0.0.1 mig29here.com
127.0.0.1 mindseti.com
127.0.0.1 minisearch.startnow.com
127.0.0.1 mirror.pointroll.com
127.0.0.1 mirrors.egwn.net
127.0.0.1 mirrorsearch.speedbit.com
127.0.0.1 misc.outster.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mm.delfinproject.com
127.0.0.1 mmm.roings.com
127.0.0.1 mn.myquicksearch.com
127.0.0.1 mojo.com
127.0.0.1 mojosearch.com
127.0.0.1 moniker.qsrch.com
127.0.0.1 more.teens3.com
127.0.0.1 movie-browser.com
127.0.0.1 movies-etc.com
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 mp.medialoads.com
127.0.0.1 mp3.popcorn.net
127.0.0.1 mp3today.net
127.0.0.1 mpamexit.com
127.0.0.1 mr.myquicksearch.com
127.0.0.1 msearch.3721.com
127.0.0.1 msgtag.com
127.0.0.1 msview.cc
127.0.0.1 msxml.blowsearch.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 mt1.climaxbucks.com
127.0.0.1 mt1.mtree.com
127.0.0.1 mt111.mtree.com
127.0.0.1 mt112.mtree.com
127.0.0.1 mt113.mtree.com
127.0.0.1 mt123.mtree.com
127.0.0.1 mt19.mtree.com
127.0.0.1 mt2.mtree.com
127.0.0.1 mt20.mtree.com
127.0.0.1 mt21.mtree.com
127.0.0.1 mt22.mtree.com
127.0.0.1 mt23.climaxbucks.com
127.0.0.1 mt23.mtree.com
127.0.0.1 mt31.mtree.com
127.0.0.1 mt32.mtree.com
127.0.0.1 mt33.mtree.com
127.0.0.1 mt34.mtree.com
127.0.0.1 mt37.mtree.com
127.0.0.1 mt44.mtree.com
127.0.0.1 mt78.mtree.com
127.0.0.1 mt90.mtree.com
127.0.0.1 mt94.mtree.com
127.0.0.1 mtree.com
127.0.0.1 mtreexxx.net
127.0.0.1 multi1.rmuk.co.uk
127.0.0.1 multimpp.com
127.0.0.1 musiccity.streamcastnetworks.com
127.0.0.1 music-downloads.audioseek.net
127.0.0.1 mvr.us
127.0.0.1 mvr3d.net
127.0.0.1 mvtracker.com
127.0.0.1 mx253.sb03.com
127.0.0.1 my.iwon.com
127.0.0.1 my.spylog.com
127.0.0.1 myaffiliateprogram.com
127.0.0.1 myc
Post by: Guest on December 20, 2004, 09:23:00 PM
Go back into the registry delete
LOL and ZESOFT
Make sure you only remove those ones
Also, delete the files found bad by Rav's
Post back a fresh hijackthis log afterwards and let me know how things are running
It appears you added a custom host file or possibly one added by Spybot?
Did you set those in your hosts file
It's not a bad thing to have entries like this
127.0.0.1 1000stars.ru
as bad sites trying to force popup ads and such will be redirected to your local host
Let me know
Post by: ummzee on December 21, 2004, 12:41:28 AM
I was aksed to post my host file earlier so I did. However, I am not sure what they reveal except what has been loaded into the browser. Are you telling me to make another entry to the host file?
I was told earlier to stop the services of LOL and Zesoft
Logfile of HijackThis v1.99.0
Scan saved at 11:35:55 PM, on 12/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Palm\HOTSYNC.EXE
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096438447079\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
Post by: guestolo on December 21, 2004, 01:13:04 AM
First can you download and unzip to a folder of your choice
http://members.aol.com/toadbee/hoster.zip (http://\"http://members.aol.com/toadbee/hoster.zip\")
We'll need this later
Let's create a fresh Restore point
Start>>All Programs>>Accessories>>System Tools>>system restore
Create a fresh restore point
Name it and click the Create button
This is just so you have a backup
Print the rest of this out or save it to a notepad file on your desktop for easy access
Restart your computer into safe mode
Can you access your registry---Again be careful
Just delete what I ask you
I had you go here before
Go to Start>>Run>>Type in regedit and hit Enter or OK
Expand(+) these keys
+HKEY_LOCAL_MACHINE
+SYSTEM
+CurrentControlSet
+Services
Look for these keys on the left hand side and let me know if you see them, but this time right click on them and delete them
LOL
ZESOFT
Now that your comfortable in the registry
Follow these instructions by Symantec on what to look for and delete in the registry
the ones I've bolded if they exist
Quote
Navigate to this Key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
# Adds one of the following values: Look on the right hand side for
"Sys29"="%System%\winoko32.exe"
"Sys29"="%System%\winjnp32.exe"
so that the adware runs when you start Windows.
# Adds the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Elitum
HKEY_CURRENT_USER\SOFTWARE\LQ
to hold configuration data for the adware.
# Adds the following registry keys:
HKEY_CURRENT_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA880F}
HKEY_CURRENT_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81C3A}
so that the adware displays a toolbar in Internet Explorer.
Exit Registry editor
Look for these files and folders in boldand delete them if they exist
You may also want to do a search for them
# Creates some of the following files:
C:\WINDOWS\Winoko.exe
C:\WINDOWS\Winjnp32.exe
C:\WINDOWS\Bkmsf32.dat
C:\Winupdate.exe and C:\Ed.exe.
and folder
C:\WINDOWS\EliteBar
# Creates multiple files in C:\WINDOWS\EliteBar.
After you have done that
Navigate to this folder
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Open the ETC folder and look for HOSTS or Host.bak and delete them if found
Don't delete any other files with other names, just the above
You may have to take the check out of READ ONLY in it's properties
Restart back into Normal mode
Open Hoster---Let it create a new Hosts file
Then click the button Restore Original Hosts
Follow this link to show you how to reset your Customize search settings from Symantec
http://sarc.com/avcenter/venc/data/adware....e.elitebar.html (http://\"http://sarc.com/avcenter/venc/data/adware.elitebar.html\")
Post back one more hijackthis log and let me know how it's going
Post by: ummzee on December 21, 2004, 02:54:52 AM
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> I have my search engine BACK! I don't use any of the optional choices offered, I use metacrawler.com but when I t /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> sted it, it worked. THANK YOU.I have learned a lot during this clean-up. I would like to learn more. I will keep an eye on the problems of others to see what I can learn. I would like to donate to the site to help keep the good work going. Please let me know where that can be done. Let me know if there is anything else I need to do. If I missed something, I WILL BE BACK!
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' /> Peace
Logfile of HijackThis v1.99.0
Scan saved at 1:51:09 AM, on 12/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email (http://\"http://www.Email\") Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\antivirus\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079 (http://\"http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096438447079\")
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab (http://\"http://www.ravantivirus.com/scan/ravonline.cab\")
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab\")
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab (http://\"http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
Post by: guestolo on December 21, 2004, 03:13:14 AM
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx (http://\"http://www.spybouncer.com/downloader.ocx\")
At this time you should disable system restore---Restart your computer---enable system Restore
This will ensure that you don't restore no nasties
and creates a fresh restore point
Link will explain how
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
To help keep your computer clean
You should install this free app.
Add extra security while
silently protecting you, without running in the background
SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
Just run it once, and check for updates every couple of weeks, enable all protection after every update
Hold onto Spybot and Ad-Aware and check for updates every couple of weeks and run scans
You can do a Smart System scan with Ad-Aware, it's faster, run a full system scan once in awhile
You may also want to use Spybot's Immunize feature
Open Spybot>>Click Immunize>>OK>>Immunize at the top
Stay safe
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' /> I'm not sure about Donations
/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> I'm kind of a Free Lancer I guess, hee hee
take care