Author Topic: Highjack Log (Read 4852 times)

ummzee · « **on:** December 09, 2004, 10:48:56 AM »

First time site and Highjack user. Any help will be appreciated!

Logfile of HijackThis v1.98.2
Scan saved at 10:58:54 AM, on 12/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\??rvices.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Win32 USB2 Driver] winxpinit.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvpej32.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/y...ysb_regular.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39

guestolo · « **Reply #1 on:** December 09, 2004, 07:31:51 PM »

Hi First Timer

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Ummzee

You have a few problems on your log that can Automatically be taken care of with a few free programs
3 of these are yours to keep and hang onto.

This seems like a bit of work, but it's not really, just Print out these directions and follow along

Download the Trial version of TrojanHunter from this link
http://www.trojanhunter.com/trojanhunter/
This is good for 30 days

After installation you will have to manually update the Latest Ruleset
Go to this link
http://www.trojanhunter.com/trojanhunter/updating/
Download the Latest Ruleset to desktop
Unzip it to your Trojan Hunter folder
Allow to overwrite if prompted
The default location should be C:\Program Files\TrojanHunter

Run a full system scan
Let it fix whatever it finds
Restart your computer afterwards

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or later
If you don't have this verision, uninstall yours and install this one
After installation-CHECK FOR UPDATES
Download all updates

Scan your system with Ad-Aware

Open Ad-aware---Click the GEAR at the top
# Click on the General button on the left hand side.

1. Make sure the following items under the Safety category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

1. Automatically save logfile
2. Automatically quarantine objects prior to removal
3. Safe Mode (always request confirmation)

# Next click on the Advanced button on the left hand side.

1. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

1. Include additional object information
2. Include negligible objects information
3. Include environment information
4. Include Alternate data stream details in log file

# Next click on the Tweak button on the left hand side.

1. Then click on the + (plus) sign next to the Log Files section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

1. Include basic Ad-Aware settings in logfile
2. Include additional Ad-Aware settings in logfile

2. Then click on the + (plus) sign next to the Scanning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

1. Unload recognized processes & modules during scan
2. Scan registry for all users instead of current user only

3.
Then click on the + (plus) sign next to the Cleaning Engine section. This will expand the section. Make sure the following items under the Logfile Detail Level category have a green check in them. If they do not, click once on the circle next to them to put a checkmark in it.

1. Always try to unload modules before deletion
2. During removal, unload Explorer and IE if necessary
3. Let Windows remove files in use at next reboot

Once these settings have been completed, you should click on the Proceed button

Make sure you change the scan mode to Perform full system scan. Then uncheck the Search for negligible risk entries.

Step 5: Start the Actual Scan

Now click on the Next button to have Ad-Aware SE start scanning your system. Ad-Aware SE will start scanning your system for Spyware and Hijackers

When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
====================================================
RESTART your computer to finish the cleaning process

When your back in Windows
Download and Install Spybot S&D 1.3
Don't enable TeaTimer when Installing, you can do this later but leave it disable for now
After installation--SEARCH FOR UPDATES
Download All updates
Check for Problems---FIX everything in RED

Restart your computer again to finish the cleaning process

One last program---Download and install Windows CleanUp! by Steve Gould
Give the link time to load, this is a small download
This will help you to clean you temporary files, cookies, prefetch folder
Open it and click on the CleanUp button
Let it finish scanning and then Restart your computer one last time

I know it seem like a few programs to install, but 3 of them are yours to keep for free, and they're great programs

Post back a fresh hijackthis log afterwards and we'll finish manually cleaning your log afterwards

Do as much of the above as you can before posting back a new log, if you find you can't accomplish something just carry on and post back a fresh log

Guest_Ummzee · « **Reply #2 on:** December 10, 2004, 11:17:24 AM »

Thanks for your help. Here is the new log. My system keep accessing the web and opens at least five windows when started.

Also, the Windows CleanUp link is no longer active, so I was not able to do that

Receieved the following after running Spybot:
part.Error during check!: Unknown (Zugriffsverletzung bei Adresse 00000000. Lesen von Adresse 00000000) ()

Adware keeps trying to delete, "EliteToolBar" and sometime suceeds at renaming it however, it keeps coming back.

I will wait for your response.

Thanks again,

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Logfile of HijackThis v1.98.2
Scan saved at 11:28:09 AM, on 12/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\??rvices.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll (file missing)
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvpej32.exe
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\antivirus\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39

guestolo · « **Reply #3 on:** December 12, 2004, 04:16:28 AM »

Can you try uninstalling your copy of Spybot from Add/Remove programs and redownloading from another location other than Download.com

Here's a link
http://www.safer-networking.org/en/mirrors/index.html

Run and UPDATE as described earlier, but this time please try a scan in safe mode
How to Restart into SAFE MODE

Can you also try that link to Windows CleanUp! again
It works fine on my end, you don't need to run it yet but install it for now

Post back with a fresh hijackthis log afterwards

Guest · « **Reply #4 on:** December 16, 2004, 08:55:38 AM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' /> Things are a little better but the brower still seeks four (4) different sites upon opening and I still cannot reach the site you request me to download. I accessed it from another desktop, downloaded it to the desktop and attempted to email it to myself. My Email Removed considered it a threat. I will get it one way or another, today.

I did as directed, below is my latest log:

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />

Logfile of HijackThis v1.98.2
Scan saved at 7:23:38 AM, on 12/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\System32\snmp.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\??rvices.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39

guestolo · « **Reply #5 on:** December 16, 2004, 11:14:52 PM »

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

Go to this link and give it time to load if it's busy
http://virusscan.jotti.dhs.org/

Use the Browse button and navigate to
C:\logon.exe <--this file
Right click on it and Select it
then click the Submit button
Wait for the results and post back here the Scanner results

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1537...5-F3C7C47FA223}

R3 - URLSearchHook: (no name) - _{30192F8D-0958-44E6-B54D-331FD39AC959} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\logon.exe <--this one if found bad, I'm sure it's giving you problems

O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)

O4 - HKLM\..\Run: [Shell Logon] C:\logon.exe
O4 - HKLM\..\Run: [g] C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
O4 - HKLM\..\Run: [hH0THOIje] C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
O4 - HKLM\..\Run: [VxDE] C:\documents and settings\owner\local settings\temp\VxDE.exe

O4 - HKLM\..\RunServices: [Win32 USB2 Driver] winxpinit.exe

O4 - HKCU\..\Run: [Ofm] C:\WINDOWS\System32\??rvices.exe
O4 - HKCU\..\Run: [Sdsr] C:\Documents and Settings\Owner\Application Data\spsa.exe

O4 - Global Startup: PowerReg Scheduler.exe

O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

Restart your computer into Safe mode, you can do this by tapping the F8 key on the keyboard when the computer is starting up

Find and delete these files or folders if they exist
C:\logon.exe <--file, if found bad
C:\Documents and Settings\Owner\Local Settings\Temp\g.exe
C:\documents and settings\owner\local settings\temp\hH0THOIje.exe
C:\documents and settings\owner\local settings\temp\VxDE.exe
C:\Documents and Settings\Owner\Application Data\spsa.exe
C:\WINDOWS\System32\??rvices.exe <--file with the exact spelling, don't confuse it with any other file because it looks similiar

You can also Delete the whole contents of your Temp folders, or whatever you can, but Don't delete the Temp Directories themselves

# C:\Windows\Temp\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
# C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

RESTART back into Normal Mode

Hijackthis has just recently been updated, can you update your version
Open Hijackthis>>Config>>Misc Tools>>Check for updates online

Post back with a fresh log from this version

Let me know if you can download any of those programs I asked about, give the links time to load

With the new version of Hijackthis can you also open it and click on "Open Misc Tools"
Click the "Open Hosts File Manager"
Click the "Open in Notepad"
Copy and paste the Whole Notepad Hosts file back here

logon results · « **Reply #6 on:** December 17, 2004, 01:02:22 AM »

Service load: 0% 100%

File: logon.exe
Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)
Packers detected: ASPACK

AntiVir No viruses found (0.55 seconds taken)
Avast No viruses found (1.51 seconds taken)
BitDefender No viruses found (0.61 seconds taken)
ClamAV No viruses found (0.31 seconds taken)
Dr.Web No viruses found (0.48 seconds taken)
F-Prot Antivirus No viruses found (0.05 seconds taken)
Kaspersky Anti-Virus No viruses found (0.59 seconds taken)
mks_vir No viruses found (0.22 seconds taken)
NOD32 probably unknown NewHeur_PE (probable variant) (0.54 seconds taken)
Norman Virus Control No viruses found (2.55 seconds taken)

Guest · « **Reply #7 on:** December 17, 2004, 02:04:23 AM »

Hello once again,

I do have all the programs you asked me to download. My system still will not allow me to down some and is still redirecting stuff.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

Here is the lastest log:

Logfile of HijackThis v1.99.0
Scan saved at 1:03:15 AM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Win32 USB2 Driver - Unknown - C:\WINDOWS\System32\winxpinit.exe (file missing)
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

guestolo · « **Reply #8 on:** December 17, 2004, 09:53:38 PM »

Go to START>>>RUN>>>type in services.msc and hit Enter
In the next window, look on the right hand side for these service
names---- ZESOFT and Win32 USB2 Driver

If you find them
Double click on it--- STOP the service--
In the drop down menu, change the startup type to Disabled

Do another scan with Hijackthis and put a check next to these entries:

O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx

O23 - Service: Win32 USB2 Driver - Unknown - C:\WINDOWS\System32\winxpinit.exe (file missing)
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
YES and exit Hijackthis

RESTART your computer

Go to Start>>Run>>Type in regedit and hit Enter or OK
Expand(+) these keys
+HKEY_LOCAL_MACHINE
+SYSTEM
+CurrentControlSet
+Services

Look for these keys on the left hand side and let me know if you see them
LOL
ZESOFT
Exit the reg editor after that

You should try an online virus scan
at Rav's
http://www.ravantivirus.com/scan/
When you access that link with Internet Explorer
click on the "To Continue without subsribing click here" link
It will load the activex and definition files

Ensure that all the top entries are checked
Autoclean--Inside Archives---Unpack Executables---Smart Scan

Then click the Scan my PC button

Let it completely finish scanning

Copy and Paste the results back here

Also, I asked you to install Trojan Hunter earlier, it's had a couple updates since
Go back to the link I supplied and download
The Latest Ruleset to your desktop and Unzip it to your TrojanHunter folder
and run a scan <---updating manually in this way is important for the trial version

You said this:

Quote

I do have all the programs you asked me to download. My system still will not allow me to down some and is still redirecting stuff.

Can you clarify please, are you able to do everything I'm asking you to do?
What have you been able to Download and Update?

Post back a Fresh Hijackthis log afterwards

I also asked to see your Hosts file
In the new version of Hijackthis click on "Open Misc Tools Section"
Open Hosts File Manager
and click the Open In Notepad button
Copy and paste that whole file back here

Guest · « **Reply #9 on:** December 18, 2004, 09:14:14 PM »

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> Sorry I was not clear. I have all the programs you asked me to download however, I had to download the "Windows Cleanup" program from another computer, email it to myself and then install it. My system will not let me access that site. I have downloaded and updated everything else.

I did see the following in the register LOL and ZESOFT

Here are the results from ravantivirus.com:

Scan started at 12/18/2004 12:32:18 AM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\download\4400+ Templates Package.part2.rar->4400+ Templates Package\Javascripts\Javascripts\navigation\countdown redirect.txt->(SCRIPT0008) - JS/Loding.B* -> Infected
C:\Templates\4400+ Templates Package\Javascripts\Javascripts\navigation\countdown redirect.txt->(SCRIPT0008) - JS/Loding.B* -> Infected

Scanned
============================
   Objects: 91508
   Directories: 10972
   Archives: 7552
   Size(Kb): -2065497
   Infected files: 2

Found
============================
   Viruses found: 1
   Suspicious files: 0
   Disinfected files: 0
   Mail files: 217

Here are the results of Hijackthis (after updating and running "Trojan Hunter):

Logfile of HijackThis v1.99.0
Scan saved at 7:52:12 PM, on 12/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\antivirus\TrojanHunter 4.0\THGuard.exe
C:\antivirus\TrojanHunter 4.0\THGuard.exe
C:\antivirus\TrojanHunter 4.0\THGuard.exe
C:\TrojanHunter 4.0\THGuard.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe

The Host files follow:
# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

127.0.0.1 008k.com
127.0.0.1 00hq.com
127.0.0.1 01.sharedsource.org
127.0.0.1 03.sharedsource.org
127.0.0.1 05.sharedsource.org
127.0.0.1 05p.com
127.0.0.1 09.sharedsource.org
127.0.0.1 0cj.net
127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
127.0.0.1 1.marketbanker.com
127.0.0.1 1.primaryads.com
127.0.0.1 10.xxor.biz
127.0.0.1 1000stars.ru
127.0.0.1 1234.2bro.com
127.0.0.1 123count.com
127.0.0.1 123go.com
127.0.0.1 123stat.com
127.0.0.1 13f15.ilxt.info
127.0.0.1 14713804A.l2m.net
127.0.0.1 17.sharedsource.org
127.0.0.1 171203.com
127.0.0.1 18.sharedsource.org
127.0.0.1 180solutions.com
127.0.0.1 19.sharedsource.org
127.0.0.1 1stblaze.com
127.0.0.1 1stpagehere.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 20.sharedsource.org
127.0.0.1 2020search.com
127.0.0.1 22.sharedsource.org
127.0.0.1 24start.com
127.0.0.1 296f8.ilxt.info
127.0.0.1 2jm.com
127.0.0.1 2nd-thought.com
127.0.0.1 356563.net
127.0.0.1 3721.com
127.0.0.1 38115.ilxt.info
127.0.0.1 3ps.go.com
127.0.0.1 404.msmn.com
127.0.0.1 4bf65.ilxt.info
127.0.0.1 4-counter.com
127.0.0.1 4netmedia.com
127.0.0.1 6410.directwebsearch.net
127.0.0.1 66-128-204-6.rev.intercom.com
127.0.0.1 680180.net
127.0.0.1 6o9.com
127.0.0.1 700k.com
127.0.0.1 72288.ilxt.info
127.0.0.1 75tz.com
127.0.0.1 7842.directwebsearch.net
127.0.0.1 7adpower.com
127.0.0.1 7am.com
127.0.0.1 7search.com
127.0.0.1 80pictures.com
127.0.0.1 8ad.com
127.0.0.1 a.boom.ro
127.0.0.1 a.rn11.com
127.0.0.1 a.tfag.de
127.0.0.1 a1.webhancer.com
127.0.0.1 a3.suntimes.com
127.0.0.1 a853.xc.akamai.net
127.0.0.1 aakro.nl
127.0.0.1 abacus.netster.com
127.0.0.1 abc517.net
127.0.0.1 abcsearch.com
127.0.0.1 abetterinternet.com
127.0.0.1 about.netster.com
127.0.0.1 aboutwebservices.com
127.0.0.1 abroadsoftware.com
127.0.0.1 absoluagency.com
127.0.0.1 acc.adintelligence.net
127.0.0.1 acc.count-all.com
127.0.0.1 acceso.masminutos.com
127.0.0.1 access.gamesplayground.com
127.0.0.1 access.juicyteenporn.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 accessplugin.com
127.0.0.1 accipiter.speedera.net
127.0.0.1 acestats.com
127.0.0.1 achtungachtung.com
127.0.0.1 active-alert-server.com
127.0.0.1 active-max.com
127.0.0.1 actualnames.com
127.0.0.1 ad.37.com
127.0.0.1 ad.ads.dk
127.0.0.1 ad.adver.com.tw
127.0.0.1 ad.erasercash.com
127.0.0.1 ad.freefind.com
127.0.0.1 Ad.go.com
127.0.0.1 ad.hotlog.ru
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ad.naked-celebs.com
127.0.0.1 ad.nobreak.com
127.0.0.1 ad.popupswappers.com
127.0.0.1 ad.rambler.ru
127.0.0.1 ad.searchsquire.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.smni.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ad.topstat.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 ad.usatoday.com
127.0.0.1 ad.valuehost.ru
127.0.0.1 ad0.haynet.com
127.0.0.1 ad1.lbe.ru
127.0.0.1 ad1.peel.com
127.0.0.1 ad2.163.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad2.rambler.ru
127.0.0.1 ad25.com
127.0.0.1 ad3.adcept.net
127.0.0.1 ad3.peel.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 adasearch.com
127.0.0.1 adatom.com
127.0.0.1 adbest.com
127.0.0.1 ad-blaster.com
127.0.0.1 adblaster2.info
127.0.0.1 adbot.com
127.0.0.1 adbot.theonion.com
127.0.0.1 adcenter.in2.com
127.0.0.1 adchannel.adintelligence.net
127.0.0.1 adcluster.humaniq.com
127.0.0.1 adcomplete.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcounter.theglobeandmail.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 addfreestats.com
127.0.0.1 addictivetechnologies.net
127.0.0.1 address.3721.com
127.0.0.1 addtosite.netster.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adgoblin.com
127.0.0.1 adhearus.com
127.0.0.1 adimages.go.com
127.0.0.1 adincl.gopher.com
127.0.0.1 adintelligence.net
127.0.0.1 adj54.thruport.com
127.0.0.1 adlogix.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 admin.popupsponsor.com
127.0.0.1 admin.startsurfing.com
127.0.0.1 adnetintads.valuead.com
127.0.0.1 adops.adbureau.net
127.0.0.1 adp.ikena.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 adpopper.outblaze.com
127.0.0.1 adpowerzone.com
127.0.0.1 adq.nextag.com
127.0.0.1 adrates.theglobeandmail.com
127.0.0.1 adrevservice.com
127.0.0.1 adroar.com
127.0.0.1 adrotator.com
127.0.0.1 ads.180solutions.com
127.0.0.1 ads.1stblaze.com
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com
127.0.0.1 ads.adfuzz.com
127.0.0.1 ads.adorigin.com
127.0.0.1 ads.adpowerzone.com
127.0.0.1 ads.adroar.com
127.0.0.1 ads.ads360.com
127.0.0.1 ads.adsag.com
127.0.0.1 ads.adtomi.com
127.0.0.1 ads.adultcash.com
127.0.0.1 ads.advertise.net
127.0.0.1 ads.adviva.net
127.0.0.1 ads.affiliates.match.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 ads.antionline.com
127.0.0.1 ads.as4x.tmcs.akadns.net
127.0.0.1 ads.asexstories.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 ads.bigfoot.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 ads.bluemongoose.com
127.0.0.1 ads.bmais.net
127.0.0.1 ads.bugnet.com
127.0.0.1 ads.businessweek.com
127.0.0.1 ads.cars.com
127.0.0.1 ads.cbc.ca
127.0.0.1 ads.cc-dt.com
127.0.0.1 ads.cdfreaks.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.clickthru.net
127.0.0.1 ads.crosswinds.net
127.0.0.1 ads.danni.com
127.0.0.1 ads.dealhelper.com
127.0.0.1 ads.directstuff.com
127.0.0.1 ads.downloadaccelerator.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.ezcybersearch.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.flashtrack.net
127.0.0.1 ads.fool.com
127.0.0.1 ads.fp.sandpiper.net
127.0.0.1 ads.free-banners.com
127.0.0.1 ads.freevisits.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 ads.home.net
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.indystar.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com
127.0.0.1 ads.internet-optimizer.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.linksponsor.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.mm.ap.org
127.0.0.1 ads.musiccity.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 ads.netsol.com
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.offeroptimizer.com
127.0.0.1 ads.onwebmedia.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.pennyweb.com
127.0.0.1 ads.photosight.ru
127.0.0.1 ads.pilotonline.com
127.0.0.1 ads.pointroll.com
127.0.0.1 ads.pro-market.net
127.0.0.1 ads.pure[censored].com
127.0.0.1 ads.rampidads.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.revenue.net
127.0.0.1 ads.roanoke.com
127.0.0.1 ads.searchseekfind.com
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.sexplanets.com
127.0.0.1 ads.sexspaces.com
127.0.0.1 ads.sitemeter.com
127.0.0.1 ads.smni.com
127.0.0.1 ads.softwareoutfit.com
127.0.0.1 ads.spaceports.com
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 ads.toplayerserver.com
127.0.0.1 ads.track-star.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tripod.lycos.co.uk
127.0.0.1 ads.ucomics.com
127.0.0.1 ads.unlimitedbanners.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.valuead.com
127.0.0.1 ads.versaworks.net
127.0.0.1 ads.vesperexchange.com
127.0.0.1 ads.vnuemedia.com
127.0.0.1 ads.vx2.cc
127.0.0.1 ads.webads360.com
127.0.0.1 ads.webattack.com
127.0.0.1 ads.webshots.com
127.0.0.1 ads.winhelp2002.com
127.0.0.1 ads.winsite.com
127.0.0.1 ads.wunderground.com
127.0.0.1 ads.xbiz.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads05.bpath.com
127.0.0.1 ads06.bpath.com
127.0.0.1 ads07.bpath.com
127.0.0.1 ads08.bpath.com
127.0.0.1 ads09.bpath.com
127.0.0.1 ads1.revenue.net
127.0.0.1 ads1.sptimes.com
127.0.0.1 ads1.theglobeandmail.com
127.0.0.1 ads1.tripod.com
127.0.0.1 ads1.updated.com
127.0.0.1 ads10.bpath.com
127.0.0.1 ads10.hyperbanner.net
127.0.0.1 ads10.speedbit.com
127.0.0.1 ads11.hyperbanner.net
127.0.0.1 ads12.bpath.com
127.0.0.1 ads12.hyperbanner.net
127.0.0.1 ads13.bpath.com
127.0.0.1 ads13.hyperbanner.net
127.0.0.1 ads14.bpath.com
127.0.0.1 ads14.hyperbanner.net
127.0.0.1 ads15.bpath.com
127.0.0.1 ads15.hyperbanner.net
127.0.0.1 ads16.bpath.com
127.0.0.1 ads16.hyperbanner.net
127.0.0.1 ads17.bpath.com
127.0.0.1 ads17.hyperbanner.net
127.0.0.1 ads18.bpath.com
127.0.0.1 ads18.hyperbanner.net
127.0.0.1 ads19.bpath.com
127.0.0.1 ads19.hyperbanner.net
127.0.0.1 ads2.playnet.com
127.0.0.1 ads2.revenue.net
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads20.bpath.com
127.0.0.1 ads20.hyperbanner.net
127.0.0.1 ads21.bpath.com
127.0.0.1 ads22.bpath.com
127.0.0.1 ads23.bpath.com
127.0.0.1 ads24.bpath.com
127.0.0.1 ads25.bpath.com
127.0.0.1 ads26.bpath.com
127.0.0.1 ads27.bpath.com
127.0.0.1 ads28.bpath.com
127.0.0.1 ads29.bpath.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 ads3.virtumundo.com
127.0.0.1 ads3.wunderground.com
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads4.speedbit.com
127.0.0.1 ads4.virtumundo.com
127.0.0.1 ads5.peel.com
127.0.0.1 ads7.inet1.com
127.0.0.1 ads7.speedbit.com
127.0.0.1 ads8.speedbit.com
127.0.0.1 ads9.speedbit.com
127.0.0.1 adsatt.abcnews.starwave.com
127.0.0.1 adsatt.espn.starwave.com
127.0.0.1 adscpm.com
127.0.0.1 adserv.adbonus.com
127.0.0.1 adserv.com
127.0.0.1 adserv.exxxit.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 adserv.net
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserv.searchenhancement.com
127.0.0.1 adserv.windowenhancer.com
127.0.0.1 adserv003.adtech.de
127.0.0.1 adserv2.ads360.com
127.0.0.1 adserv3.ads360.com
127.0.0.1 adserv4.ads360.com
127.0.0.1 adserve.advertising.com
127.0.0.1 adserver.ads360.com
127.0.0.1 adserver.adsincontext.com
127.0.0.1 adserver.adtech.de
127.0.0.1 adserver.adultfriendfinder.com
127.0.0.1 adserver.affiliatemg.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 adserver.buttonware.net
127.0.0.1 adserver.filefront.com
127.0.0.1 adserver.friendfinder.com
127.0.0.1 adserver.ign.com
127.0.0.1 adserver.indieclick.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 adserver.mindshare.de
127.0.0.1 adserver.securityfocus.com
127.0.0.1 adserver.sextracker.com
127.0.0.1 adserver.sharewareonline.com
127.0.0.1 adserver.snowball.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.trafficsyndicate.com
127.0.0.1 adserver.trb.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 adservice.recon-networks.com
127.0.0.1 adserving.autotrader.com
127.0.0.1 adsfac.net
127.0.0.1 adshooter.com
127.0.0.1 adsremote.scripps.com
127.0.0.1 adsrv.qoologic.com
127.0.0.1 adstats.adviva.net
127.0.0.1 adsvr.net
127.0.0.1 adtactics.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 adtegrity.com
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 adteractive.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 adtrack.cimedia.net
127.0.0.1 adtracker.411web.com
127.0.0.1 adtrak.net
127.0.0.1 adult.adrevservice.com
127.0.0.1 adult.exitreturn.com
127.0.0.1 adult.foxcounter.com
127.0.0.1 adult.getmoviesonline.com
127.0.0.1 adult.master-tv.net
127.0.0.1 adult.targetsearch.info
127.0.0.1 adult.yellow-pages.ws
127.0.0.1 adulthyperlinks.com
127.0.0.1 adultlinksco.com
127.0.0.1 adultrevenueservice.com
127.0.0.1 ad-up.com
127.0.0.1 adv.peopleonpage.com
127.0.0.1 adv.webmd.com
127.0.0.1 advertisementbanners.com
127.0.0.1 advertising.com
127.0.0.1 advertisingagent.com
127.0.0.1 advertisingvision.com
127.0.0.1 adverts.carltononline.com
127.0.0.1 adverts.lzio.com
127.0.0.1 adviva.com
127.0.0.1 aesp.adatom.com
127.0.0.1 affiliate.free-banners.com
127.0.0.1 affiliate.friendsearch.com
127.0.0.1 affiliate.getspace.com
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 affiliates.umaxsearch.com
127.0.0.1 affiliatetarget.com
127.0.0.1 agent.3721.com
127.0.0.1 aifind.info
127.0.0.1 ajim.delphibbs.com
127.0.0.1 ajokeaday.com
127.0.0.1 ak.imgfarm.com
127.0.0.1 ak.tfag.de
127.0.0.1 akamai.downloadv3.com
127.0.0.1 alerts.internetwasher.com
127.0.0.1 alerts.systemsoap.com
127.0.0.1 alfhilde.buttonware.net
127.0.0.1 alibabanet.net
127.0.0.1 allaboutsearching.com
127.0.0.1 allcheapsolutions.com
127.0.0.1 allclicks.com
127.0.0.1 allcybersearch.com
127.0.0.1 allhyperlinks.com
127.0.0.1 allsubtitles.exits.ro
127.0.0.1 almightysearch.com
127.0.0.1 alpha.gigaisp.net
127.0.0.1 alpha.searchassistant.net
127.0.0.1 alset.com
127.0.0.1 altnet.com
127.0.0.1 amateur.freegayspace.com
127.0.0.1 amateur.xxxcounter.com
127.0.0.1 amazingautossearch.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 amigeek.com
127.0.0.1 amnv.net
127.0.0.1 ams-download.nocreditcard.com
127.0.0.1 ams-download.nocreditcardgay.com
127.0.0.1 anne.cdtnet.net
127.0.0.1 any-find.com
127.0.0.1 ao.lop.com
127.0.0.1 aphrodite.porntrack.com
127.0.0.1 app.desktop.ak-networks.com
127.0.0.1 app.ezula.com
127.0.0.1 app.peopleonpage.com
127.0.0.1 app.searchant.com
127.0.0.1 apps.clickcash.com
127.0.0.1 apps.shopnav.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 armbender.com
127.0.0.1 arsconsole.global-intermedia.com
127.0.0.1 as5000.wunderground.com
127.0.0.1 asians.join4free.com
127.0.0.1 assistant.3721.com
127.0.0.1 associmage.match.com
127.0.0.1 associmg.com
127.0.0.1 atoque.com
127.0.0.1 audiogalaxy.com
127.0.0.1 audioseek.net
127.0.0.1 australia.bpath.com
127.0.0.1 authorizedsearchagents.com
127.0.0.1 auto.isearch.com
127.0.0.1 avenuemedia.com
127.0.0.1 aveo.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 ax.180solutions.com
127.0.0.1 ayb.lop.com
127.0.0.1 b1-v2-bell.webhancer.com
127.0.0.1 b3d.com
127.0.0.1 ba2.systemsoap.net
127.0.0.1 badurl.grandstreetinteractive.com
127.0.0.1 badurl.ieplugin.com
127.0.0.1 banner.50megs.com
127.0.0.1 banner.arttoday.com
127.0.0.1 banner.date.com
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.freeservers.com
127.0.0.1 banner.missingkids.com
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banner1.inet-traffic.com
127.0.0.1 bannerads.zwire.com
127.0.0.1 bannerco-op.com
127.0.0.1 bannerexchange.cjb.net
127.0.0.1 banner-exchange.directbanners.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 bannermaster.geektech.com
127.0.0.1 banners.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 banners.asiafriendfinder.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 banners.dot.tk
127.0.0.1 banners.easydns.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 banners.hotqueens.com
127.0.0.1 banners.inetfast.com
127.0.0.1 banners.internetsexprovider.com
127.0.0.1 banners.largecash.com
127.0.0.1 banners.leadingedgecash.com
127.0.0.1 banners.nocreditcard.com
127.0.0.1 banners.nocreditcardgay.com
127.0.0.1 banners.orbitcycle.com
127.0.0.1 banners.outster.com
127.0.0.1 banners.pennyweb.com
127.0.0.1 banners.playboystore.com
127.0.0.1 banners.pythonvideo.com
127.0.0.1 banners.sextracker.com
127.0.0.1 banners.specificpop.com
127.0.0.1 banners.spylog.com
127.0.0.1 banners.truecash.com
127.0.0.1
127.0.0.1 banners.webmasterplan.com
127.0.0.1 banners2.pythonvideo.com
127.0.0.1 banner-server-usa-english.com
127.0.0.1 bannersgomlm.buildreferrals.com
127.0.0.1 bannersgomlm.com
127.0.0.1 bannerswap.com
127.0.0.1 bannersxchange.com
127.0.0.1 bannervip.web1000.com
127.0.0.1 bannerx.adtactics.com
127.0.0.1 bantam.ai.net
127.0.0.1 bar.baidu.com
127.0.0.1 bde3d.com
127.0.0.1 be.nedstat.net
127.0.0.1 be.sitestat.com
127.0.0.1 beech-info2.com
127.0.0.1 belgiandip.com
127.0.0.1 belt.abetterinternet.com
127.0.0.1 benjamin.xww.de
127.0.0.1 best.exits.ro
127.0.0.1 bestcrawler.com
127.0.0.1 best-search.info
127.0.0.1 beta.oversee.net
127.0.0.1 beta.searchassistant.net
127.0.0.1 bgw.qsrch.com
127.0.0.1 bidclix.net
127.0.0.1 bigbrother.gigatechsoftware.com
127.0.0.1 bighits.net
127.0.0.1 bigsexvideos.com
127.0.0.1 bigticker.bighits.net
127.0.0.1 bigtracker.com
127.0.0.1 bilbo.counted.com
127.0.0.1 bins.lop.com
127.0.0.1 bins.roings.com
127.0.0.1 bins2.media-motor.net
127.0.0.1 bis.180solutions.com
127.0.0.1 bisads.180solutions.com
127.0.0.1 bizonio.com
127.0.0.1 bjvvhk.t.muxa.cc
127.0.0.1 blacksnake.com
127.0.0.1 blanksearch.biz
127.0.0.1 blazefind.com
127.0.0.1 blowsearch.com
127.0.0.1 bluehavenmedia.com
127.0.0.1 bluezipper.com
127.0.0.1 bohema.amillo.net
127.0.0.1 bookedspace.com
127.0.0.1 books.exits.ro
127.0.0.1 boomerank.com
127.0.0.1 botw.topbucks.com
127.0.0.1 bounty.bighits.net
127.0.0.1 brilliantdigital.com
127.0.0.1 browser.secondpower.com
127.0.0.1 browseraid.com
127.0.0.1 browserpal.com
127.0.0.1 browserwise.com
127.0.0.1 bs.Email Removed
127.0.0.1 bs0.einets.com
127.0.0.1 bs1.einets.com
127.0.0.1 bs10.einets.com
127.0.0.1 bs2.einets.com
127.0.0.1 bs3.einets.com
127.0.0.1 bs4.einets.com
127.0.0.1 bs5.einets.com
127.0.0.1 bs6.einets.com
127.0.0.1 bs7.einets.com
127.0.0.1 bs8.einets.com
127.0.0.1 bs9.einets.com
127.0.0.1 build.tripod.com
127.0.0.1 bulkclicks.com
127.0.0.1 bundleware.com
127.0.0.1 button.clickability.com
127.0.0.1 c.abetterinternet.com
127.0.0.1 c.centralmedia.ws
127.0.0.1 c.clickaire.com
127.0.0.1 c.coolshader.com
127.0.0.1 c.fsx.com
127.0.0.1 c.intelliquest.com
127.0.0.1 c.mii.instacontent.net
127.0.0.1 c.porngraph.com
127.0.0.1 c.usatoday.com
127.0.0.1 c0bb8.ilxt.info
127.0.0.1 c1.gostats.com
127.0.0.1 c1.outster.com
127.0.0.1 c1.statcounter.com
127.0.0.1 c1.thecounter.com
127.0.0.1 c1.xxxcounter.com
127.0.0.1 c1dcon.ewizard.cc
127.0.0.1 c2.gostats.com
127.0.0.1 c2.outster.com
127.0.0.1 c2.thecounter.com
127.0.0.1 c2.xxxcounter.com
127.0.0.1 c3.thecounter.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 c4.iwon.com
127.0.0.1 c4.maxserving.com
127.0.0.1 c4.mysearch.com
127.0.0.1 cabs.media-motor.net
127.0.0.1 cabs.roings.com
127.0.0.1 cache.unicast.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 cards.searchalot.com
127.0.0.1 caroline.cdtnet.net
127.0.0.1 cashclicks.com
127.0.0.1 cashcount.com
127.0.0.1 cashpile.com
127.0.0.1 cashsearch.biz
127.0.0.1 cashtour.com
127.0.0.1 cassandra.searchassistant.net
127.0.0.1 categories.mygeek.com
127.0.0.1 caweb1.clickxchange.com
127.0.0.1 caweb2.clickxchange.com
127.0.0.1 cb.adprofile.net
127.0.0.1 cb1.counterbot.com
127.0.0.1 cbird.sextracker.com
127.0.0.1 cbird6.sextracker.com
127.0.0.1 cbronline.adbureau.net
127.0.0.1 cc.iwon.com
127.0.0.1 cc20foreva.com
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 cc-dt.com
127.0.0.1 cdn.climaxbucks.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 cdn1.adsdk.com
127.0.0.1 cdn2.adsdk.com
127.0.0.1 cdtnet.net
127.0.0.1 centralmedia.ws
127.0.0.1 cftrack.idownload.com
127.0.0.1 cftrack.uninstaller.com
127.0.0.1 cgi.gaysexswap.com
127.0.0.1 cgi.hotstat.nl
127.0.0.1 cgi.sexlist.com
127.0.0.1 cgi.sexswap.com
127.0.0.1 cgi.sexswap2.com
127.0.0.1 cgi.sexswap2000.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 chat.ezula.com
127.0.0.1 checkin.clickalchemy.com
127.0.0.1 chewbacca.cybereps.com
127.0.0.1 citi.bridgetrack.com
127.0.0.1 cj.xrenoder.com
127.0.0.1 cl55.biz
127.0.0.1 classic.adlink.de
127.0.0.1 classifieds1000.com
127.0.0.1 cleangetaway.biz
127.0.0.1 clearfind.com
127.0.0.1 clear-search.com
127.0.0.1 click.dotcomtoolbar.com
127.0.0.1 click.findthewebsiteyouneed.com
127.0.0.1 click.fool.com
127.0.0.1 click.go2net.com
127.0.0.1 click.hotlog.ru
127.0.0.1 click.payserve.com
127.0.0.1 click.silvercash.com
127.0.0.1 click2boost.com
127.0.0.1 click2findnow.com
127.0.0.1 clickalchemy.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 clickedyclick.com
127.0.0.1 clickit.go2net.com
127.0.0.1 clicks.adultplex.com
127.0.0.1 clicks.asianamateurpages.com
127.0.0.1 clicks.equantum.com
127.0.0.1 clicks.firstname.com
127.0.0.1 clicks2.oxcash.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 clickthru.net
127.0.0.1 clickthrunet.net
127.0.0.1 clickthrutraffic.com
127.0.0.1 clicktrack.wnu.com
127.0.0.1 clicktraq.mtree.com
127.0.0.1 clickxchange.com
127.0.0.1 clickyestoenter.net
127.0.0.1 clicz.com
127.0.0.1 client.newdotnet.net
127.0.0.1 climaxbucks.com
127.0.0.1 clit.sextracker.com
127.0.0.1 clit1.sextracker.com
127.0.0.1 clit10.sextracker.com
127.0.0.1 clit11.sextracker.com
127.0.0.1 clit12.sextracker.com
127.0.0.1 clit13.sextracker.com
127.0.0.1 clit14.sextracker.com
127.0.0.1 clit15.sextracker.com
127.0.0.1 clit2.sextracker.com
127.0.0.1 clit3.sextracker.com
127.0.0.1 clit4.sextracker.com
127.0.0.1 clit5.sextracker.com
127.0.0.1 clit6.sextracker.com
127.0.0.1 clit7.sextracker.com
127.0.0.1 clit8.sextracker.com
127.0.0.1 clit9.sextracker.com
127.0.0.1 clix.superclix.de
127.0.0.1 clk4.com
127.0.0.1 clr-sch.com
127.0.0.1 clrsch.com
127.0.0.1 cluster-03.topbucks.com
127.0.0.1 cm8.lycos.com
127.0.0.1 cmi.ibill.com
127.0.0.1 cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 cnt.one.ru
127.0.0.1 cnt.rapidblaster.com
127.0.0.1 cocktailcash.com
127.0.0.1 code.ignphrases.com
127.0.0.1 code.netbreak.com.au
127.0.0.1 coder3862004.cjb.net
127.0.0.1 codice.shinystat.it
127.0.0.1 collector.deepmetrix.com
127.0.0.1 comclick.com
127.0.0.1 commerce.mii.instacontent.net
127.0.0.1 commonname.com
127.0.0.1 commonnames.com
127.0.0.1 compnet.us.intellitxt.com
127.0.0.1 conf.conspy.com
127.0.0.1 conf.redswoosh.com
127.0.0.1 conf.redswoosh.net
127.0.0.1 config.fordaleltd.com
127.0.0.1 config.grandstreetinteractive.com
127.0.0.1 config.medialoads.com
127.0.0.1 config.url404.com
127.0.0.1 congratulations.travelengine.net
127.0.0.1 connect.andlotsmore.com
127.0.0.1 connect.online-dialer.com
127.0.0.1 connectionzone.com
127.0.0.1 cons.xrenoder.com
127.0.0.1 console.popupsponsor.com
127.0.0.1 conspy.com
127.0.0.1 content.adprofile.net
127.0.0.1 content.delfinproject.com
127.0.0.1 content.netvenda.com
127.0.0.1 contest.x10.com
127.0.0.1 contexualsearch.com
127.0.0.1 control.123banners.com
127.0.0.1 control.x10.com
127.0.0.1 conyc.com
127.0.0.1 coolpage.cc
127.0.0.1 coolsearcher.info
127.0.0.1 coolshader.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 corp.3721.com
127.0.0.1 count.casino-trade.com
127.0.0.1 count.cc
127.0.0.1 count.paycounter.com
127.0.0.1 count.popupsponsor.com
127.0.0.1 count.revenue.net
127.0.0.1 counted.com
127.0.0.1 counter.1stblaze.com
127.0.0.1 counter.adultcheck.com
127.0.0.1 counter.adultrevenueservice.com
127.0.0.1 counter.aport.ru
127.0.0.1 counter.bizland.com
127.0.0.1 counter.bloke.com
127.0.0.1 counter.digits.com
127.0.0.1 counter.netmore.net
127.0.0.1 counter.rambler.ru
127.0.0.1 counter.search.bg
127.0.0.1 counter.sparklit.com
127.0.0.1 counter.xxxcool.com
127.0.0.1 counter.yadro.ru
127.0.0.1 counter1.sextracker.com
127.0.0.1 counter10.sextracker.com
127.0.0.1 counter11.sextracker.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.sextracker.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter4all.dk
127.0.0.1 counter4u.de
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.sextracker.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 counterbot.com
127.0.0.1 counterstrike.server.us
127.0.0.1 cr.stop-popup-ads-now.com
127.0.0.1 creatives.adintelligence.net
127.0.0.1 creatives.ads360.com
127.0.0.1 crosskirk.com
127.0.0.1 crossroad.adgoblin.com
127.0.0.1 crossroad.trekdata.com
127.0.0.1 crs.akamai.com
127.0.0.1
127.0.0.1 cserver.mii.instacontent.net
127.0.0.1 ct.sexadnet.com
127.0.0.1 ct1.hypercount.com
127.0.0.1 ct2.comclick.com
127.0.0.1 ct2.hypercount.com
127.0.0.1 ct3.hypercount.com
127.0.0.1 ct4.hypercount.com
127.0.0.1 ct5.hypercount.com
127.0.0.1 ctc.amateurpages.com
127.0.0.1 ctgbn.stellaremperor.com
127.0.0.1 ctl.twain-tech.com
127.0.0.1 customize.netster.com
127.0.0.1 cxoadfarm.dyndns.info
127.0.0.1 cxoads.dyndns.info
127.0.0.1 cxoreport.dnsalias.net
127.0.0.1 cyberbounty.com
127.0.0.1 cytron.com
127.0.0.1 cz2.clickzs.com
127.0.0.1 cz3.clickzs.com
127.0.0.1 cz4.clickzs.com
127.0.0.1 cz5.clickzs.com
127.0.0.1 cz6.clickzs.com
127.0.0.1 cz7.clickzs.com
127.0.0.1 cz8.clickzs.com
127.0.0.1 d.crackedearth.com
127.0.0.1 d.dialer2004.com
127.0.0.1 d.webhancer.com
127.0.0.1 d2.webhancer.com
127.0.0.1 d3.webhancer.com
127.0.0.1 dafinder.com
127.0.0.1 dailywinner.net
127.0.0.1 darin.eq5.oversee.net
127.0.0.1 data.coremetrics.com
127.0.0.1 data.quicksearches.net
127.0.0.1 datastorm.biz
127.0.0.1 dating.friendsearch.com
127.0.0.1 db0.net-filter.com
127.0.0.1 db0.sitestats.com
127.0.0.1 db1.sitestats.com
127.0.0.1 db2.net-filter.com
127.0.0.1 db2.sitestats.com
127.0.0.1 db3.net-filter.com
127.0.0.1 db3.sitestats.com
127.0.0.1 db4.net-filter.com
127.0.0.1 db4.sitestats.com
127.0.0.1 db5.net-filter.com
127.0.0.1 db5.sitestats.com
127.0.0.1 db6.net-filter.com
127.0.0.1 db6.sitestats.com
127.0.0.1 db7.net-filter.com
127.0.0.1 db7.sitestats.com
127.0.0.1 dbbsrv.com
127.0.0.1 dbcventures.com
127.0.0.1 dcapps.disney.go.com
127.0.0.1 de.sitestat.nedstat.net
127.0.0.1 defaultsearching.com
127.0.0.1 defender.veloz.com
127.0.0.1 delfinproject.com
127.0.0.1 delivery.inet-traffic.com
127.0.0.1 delta.adroar.com
127.0.0.1 demo.advertising.com
127.0.0.1 demon1.linksummary.com
127.0.0.1 demon2.linksummary.com
127.0.0.1 dev.adorigin.com
127.0.0.1 dev.ntcor.com
127.0.0.1 devcnt.rapidblaster.com
127.0.0.1 dev-download.nocreditcard.com
127.0.0.1 devfast.mediacharger.com
127.0.0.1 devfw.imrworldwide.com
127.0.0.1 devshed.us.intellitxt.com
127.0.0.1 dh02-001.eacceleration.com
127.0.0.1 dh02-002.eacceleration.com
127.0.0.1 dh02-003.eacceleration.com
127.0.0.1 dh02-004.eacceleration.com
127.0.0.1 dh02-005.eacceleration.com
127.0.0.1 dh02-006.eacceleration.com
127.0.0.1 dh02-009.eacceleration.com
127.0.0.1 dh02-010.eacceleration.com
127.0.0.1 dialeraccess.com
127.0.0.1 dialeradmin.com
127.0.0.1 dialerclub.com
127.0.0.1 dialercom.com
127.0.0.1 diallerplugin.com
127.0.0.1 didtheyreadit.com
127.0.0.1 dinamo.directwebsearch.net
127.0.0.1 dir.3721.com
127.0.0.1 dir.searchsprint.com
127.0.0.1 dir.spylog.ru
127.0.0.1 dir1.spylog.ru
127.0.0.1 direct.data-line.us
127.0.0.1 direct.simpletraffic.com
127.0.0.1 directads.mcafee.com
127.0.0.1 directcoupons.com
127.0.0.1 directleads.com
127.0.0.1 directplugin.com
127.0.0.1 directtrack.com
127.0.0.1 distribution.trafficsyndicate.com
127.0.0.1 dka.directwebsearch.net
127.0.0.1 dl.dialerssolution.com
127.0.0.1 dldw.medialoads.com
127.0.0.1 dldwb1.medialoads.com
127.0.0.1 dlkw.drsnsrch.com
127.0.0.1 dlsearchbar.com
127.0.0.1 dlstats.eurodnsservices.com
127.0.0.1 dn.adzerver.com
127.0.0.1 dns2010.vicp.net
127.0.0.1 docs1.iwon.com
127.0.0.1 doc-tracker.com
127.0.0.1 domainimages.targetwords.com
127.0.0.1 domainimages2.targetwords.com
127.0.0.1 domainlanding.targetwords.com
127.0.0.1 domainsponsor.oversee.net
127.0.0.1 download.35mb.com
127.0.0.1 download.3721.com
127.0.0.1 download.abetterinternet.com
127.0.0.1 download.adintelligence.net
127.0.0.1 download.bonzi.com
127.0.0.1 download.bulletproofsoft.com
127.0.0.1 download.dlsearchbar.com
127.0.0.1 download.feiyang.com
127.0.0.1 download.getmirar.com
127.0.0.1 download.gigatechsoftware.com
127.0.0.1 download.globaldialer.net
127.0.0.1 download.internetwasher.com
127.0.0.1 download.ipinsight.net
127.0.0.1 download.mediacharger.com
127.0.0.1 download.msgplus.net
127.0.0.1 download.nocreditcard.com
127.0.0.1 download.nocreditcardgay.com
127.0.0.1 download.online-dialer.com
127.0.0.1 download.opistat.com
127.0.0.1 download.peopleonpage.com
127.0.0.1 download.quickflicks.com
127.0.0.1 download.redswoosh.com
127.0.0.1 download.redswoosh.net
127.0.0.1 download.rfwnad.com
127.0.0.1 download.secondpower.com
127.0.0.1 download.sidestep.com
127.0.0.1 download.smartpops.com
127.0.0.1 download.softwareds.com
127.0.0.1 download.spywarelabs.com
127.0.0.1 download.startsurfing.com
127.0.0.1 download.stripplayer.com
127.0.0.1 download.tibsystems.com
127.0.0.1 download.tscash.com
127.0.0.1 download.vladzone.com
127.0.0.1 download.vx2.cc
127.0.0.1 download.webhancer.com
127.0.0.1 download1.0190-dialers.com
127.0.0.1 download1.shopathomeselect.com
127.0.0.1 download1.speedbit.com
127.0.0.1 download2.0190-dialers.com
127.0.0.1 download2.abetterinternet.com
127.0.0.1 download2.speedbit.com
127.0.0.1 download3.payoutpal.com
127.0.0.1 download3.speedbit.com
127.0.0.1 download4.payoutpal.com
127.0.0.1 downloadaccelerator.com
127.0.0.1 downloadaccelerator.net
127.0.0.1 download-ak.internetwasher.com
127.0.0.1 download-ak.systemsoap.com
127.0.0.1 downloadalot.com
127.0.0.1 downloads.aaa1screensavers.com
127.0.0.1 downloads.shopathomeselect.com
127.0.0.1 downloads.spywarelabs.com
127.0.0.1 downloadware.net
127.0.0.1 dp.information.com
127.0.0.1 drusearch.com
127.0.0.1 ds.cybereps.com
127.0.0.1 ds.starmedia.com
127.0.0.1 dst.trafficsyndicate.com
127.0.0.1 dubolom.com
127.0.0.1 duolaimi.net
127.0.0.1 dw.dailywinner.net
127.0.0.1 dyn.virtumundo.com
127.0.0.1 dynaserv.ads360.com
127.0.0.1 dyntraq.mtree.com
127.0.0.1 e.rn11.com
127.0.0.1 e.systemsoap.com
127.0.0.1 e2give.com
127.0.0.1 e89.friendfinder.com
127.0.0.1 easy.adpowerzone.com
127.0.0.1 easytoolbar.com
127.0.0.1 ebony.andlotsmore.com
127.0.0.1 ebonyplugin.com
127.0.0.1 ebtmarketing.com
127.0.0.1 econnect.libereco.net
127.0.0.1 ecpm.com
127.0.0.1 edn.redswoosh.com
127.0.0.1 edn.redswoosh.net
127.0.0.1 efc.iwon.com
127.0.0.1 effect001.enliven.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehttp.cc
127.0.0.1 eimg.com
127.0.0.1 elicanada.com
127.0.0.1 els.redswoosh.net
127.0.0.1 engage.everyone.net
127.0.0.1 enjoysearch.info
127.0.0.1 enliven.com
127.0.0.1 enter.hypercount.com
127.0.0.1 entryplugin.com
127.0.0.1 envolo.peopleonpage.com
127.0.0.1 e-plus.cc
127.0.0.1 eps.new.search.new.net
127.0.0.1 epsilon.searchassistant.net
127.0.0.1 er.errorplace.com
127.0.0.1 er.searchsprint.com
127.0.0.1 errorpage404.com
127.0.0.1 es.1clickspyclean.com
127.0.0.1 es.nedstat.net
127.0.0.1 escati.linkopp.net
127.0.0.1 espana.netvenda.com
127.0.0.1 espana01.netvenda.com
127.0.0.1 etype.adbureau.net
127.0.0.1 eu-adcenter.net
127.0.0.1 eventuresnv.com
127.0.0.1 exactsearchbar.com
127.0.0.1 exceip.com
127.0.0.1 exit.megago.com
127.0.0.1 exit.onlineexit.com
127.0.0.1 exit.sellyourexit.com
127.0.0.1 exit.silvercash.com
127.0.0.1 exit.xpays.com
127.0.0.1 exitexchange.com
127.0.0.1 exits.freepornpics.com
127.0.0.1 exitstitial.infospacehosting.net
127.0.0.1 express.3721.com
127.0.0.1 extreme-dm.com
127.0.0.1 ezcybersearch.com
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 ez-finder.com
127.0.0.1 ez-searching.com
127.0.0.1 f1organizer.com
127.0.0.1 faq.mainpean.de
127.0.0.1 fassia.net
127.0.0.1 fast.mediacharger.com
127.0.0.1 fastsearch.cc
127.0.0.1 fastseeker.com
127.0.0.1 fasttrack.nu
127.0.0.1 fastwebfinder.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 fdadfswr.com
127.0.0.1 featured-results.com
127.0.0.1 feeds.global-intermedia.com
127.0.0.1 files.msgplus.net
127.0.0.1 find.greatsearch.info
127.0.0.1 find.reliableresults.info
127.0.0.1 findloss.com
127.0.0.1 findology.mail.everyone.net
127.0.0.1 find-online.net
127.0.0.1 find-quick.com
127.0.0.1 findthewebsiteyouneed.com
127.0.0.1 findwhatevernow.com
127.0.0.1 findwhatevernow.searchbrowser.com
127.0.0.1 fine-search.net
127.0.0.1 fiona.ai.net
127.0.0.1 firehunt.com
127.0.0.1 firstname.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 flashtrack.net
127.0.0.1 flingstone.com
127.0.0.1 flipperkeys.com
127.0.0.1 flyinads.com
127.0.0.1 forbes.us.intellitxt.com
127.0.0.1 fordaleltd.com
127.0.0.1 forum.electronic-group.com
127.0.0.1 fpctraffic2.com
127.0.0.1 fr.sitestat.com
127.0.0.1 fr4-download.nocreditcard.net
127.0.0.1 fr4-download.stripplayer.com
127.0.0.1 fr4-download.strip-player.com
127.0.0.1 fr4-network.nocreditcard.com
127.0.0.1 fr4-scripts.downloadv3.com
127.0.0.1 free.hcworld.com
127.0.0.1 free.wegcash.com
127.0.0.1 free.xxxcounter.com
127.0.0.1 free-counter.5u.com
127.0.0.1 freecounter.unms.com
127.0.0.1 freelivesex.cf.mtreexxx.net
127.0.0.1 freemp3blaster.com
127.0.0.1 freescratchandwin.com
127.0.0.1 free-scratch-cards.com
127.0.0.1 free-spy-cam.net
127.0.0.1 freestats.com
127.0.0.1 free-stats.com
127.0.0.1 free-stats.i8.com
127.0.0.1 freestuff.com.19828.fb.dbbsrv.com
127.0.0.1 freeticketcash.cf.mtreexxx.net
127.0.0.1 freeticketcash.com
127.0.0.1 freexxxplace.com
127.0.0.1 frontpagecash.com
127.0.0.1 fsc2k.com
127.0.0.1 fstrack.7search.com
127.0.0.1 ftp.123banners.com
127.0.0.1 ftp.clicktracking.info
127.0.0.1 ftp.control.123banners.com
127.0.0.1 [censored]edlesbian.com
127.0.0.1 full-search.net
127.0.0.1 gallery.rampid.com
127.0.0.1 games.andlotsmore.com
127.0.0.1 gaming.gamesplayground.com
127.0.0.1 gayplugin.com
127.0.0.1 gaysexswap.com
127.0.0.1 gd.geobytes.com
127.0.0.1 genericscanner.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 geo2.track-star.com
127.0.0.1 geoads.osdn.com
127.0.0.1 gestion.xiti.com
127.0.0.1 get.directwebsearch.net
127.0.0.1 get.downloadalot.com
127.0.0.1 get.trafficmultiplier.com
127.0.0.1 getpopped.com
127.0.0.1 getthis4free.com
127.0.0.1 getupdate.com
127.0.0.1 gfx.dvlabs.com
127.0.0.1 gigex.com
127.0.0.1 gkn.directwebsearch.net
127.0.0.1 glintbill.com
127.0.0.1 global-finder.com
127.0.0.1 global-netcom.de
127.0.0.1 globalstats.hotlog.ru
127.0.0.1 globe-finder.cc
127.0.0.1 globe-finder.net
127.0.0.1 globesearch.com
127.0.0.1 go.mailbits.com
127.0.0.1 go.startnow.com
127.0.0.1 go.targetsearch.info
127.0.0.1 go.trafficmultiplier.com
127.0.0.1 gocybersearch.com
127.0.0.1 goi.com
127.0.0.1 goinnow.com
127.0.0.1 go-in-now.com
127.0.0.1 goldstats.net
127.0.0.1 gonnasearch.com
127.0.0.1 gorefer.com
127.0.0.1 gostats.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 gotosearch.msmn.com
127.0.0.1 grafix.xxxcounter.com
127.0.0.1 grandstreetinteractive.com
127.0.0.1 graphics.tickerbar.info
127.0.0.1 graphics.x10.com
127.0.0.1 graphics1.sextracker.com
127.0.0.1 graphics2.sextracker.com
127.0.0.1 great.andlotsmore.com
127.0.0.1 greatplugin.com
127.0.0.1 greatsearch.biz
127.0.0.1 greatstartpage.com
127.0.0.1 greenhorse.com
127.0.0.1 gs.spylog.ru
127.0.0.1 gstats.spylog.com
127.0.0.1 guannan.3322.net
127.0.0.1 guest.adultfriendfinder.com
127.0.0.1 guestworld.tripod.lycos.com
127.0.0.1 hamster.com
127.0.0.1 hangoutspot.com
127.0.0.1 hardy.netster.com
127.0.0.1 hastalavista.com
127.0.0.1 hc2.humanclick.com
127.0.0.1 hcworld.com
127.0.0.1 help.mysearch.com
127.0.0.1 help.stardialer.de
127.0.0.1 here4search.com
127.0.0.1 hestia.sextrail.com
127.0.0.1 hightrafficads.com
127.0.0.1 hit.hotlog.ru
127.0.0.1 hit.lookupanything.biz
127.0.0.1 hit.namimedia.com
127.0.0.1 hit1.hotlog.ru
127.0.0.1 hit1.vioclicks.com
127.0.0.1 hit2.hotlog.ru
127.0.0.1 hit3.hotlog.ru
127.0.0.1 hit4.hotlog.ru
127.0.0.1 hit5.hotlog.ru
127.0.0.1 hit6.hotlog.ru
127.0.0.1 hit7.hotlog.ru
127.0.0.1 hit8.hotlog.ru
127.0.0.1 hit9.hotlog.ru
127.0.0.1 hit-counter.5u.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 hitgo.com
127.0.0.1 hithopper.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 hit-parade.com
127.0.0.1 hitq.com
127.0.0.1 hits.411web.com
127.0.0.1 hits.icdirect.com
127.0.0.1 hits.sexcites.com
127.0.0.1 hits.spylog.com
127.0.0.1 hits.webstat.com
127.0.0.1 home.adultcash.com
127.0.0.1 home.free-banners.com
127.0.0.1 home.iwon.com
127.0.0.1 home.netster.com
127.0.0.1 homepagecash.com
127.0.0.1 homepageware.com
127.0.0.1 hop.clickbank.net
127.0.0.1 host1.list.ru
127.0.0.1 host11.list.ru
127.0.0.1 host12.list.ru
127.0.0.1 host13.list.ru
127.0.0.1 host14.list.ru
127.0.0.1 host3.list.ru
127.0.0.1 host4.list.ru
127.0.0.1 host7.list.ru
127.0.0.1 hosting.sextracker.com
127.0.0.1 hotbookmark.com
127.0.0.1 hotels.sidestep.com
127.0.0.1 hotphrase.com
127.0.0.1 hotpopup.com
127.0.0.1 hotqueens.com
127.0.0.1 hotsearch.com
127.0.0.1 hotsearchbar.com
127.0.0.1 hourly.gammae.com
127.0.0.1 hpu.bluezipper.com
127.0.0.1 http.edge.ru4.com
127.0.0.1 http.edge.vru4.com
127.0.0.1 http1.edge.ru4.com
127.0.0.1 http10.edge.ru4.com
127.0.0.1 http2.edge.ru4.com
127.0.0.1 http201.edge.ru4.com
127.0.0.1 http3.edge.ru4.com
127.0.0.1 http300.edge.ru4.com
127.0.0.1 http4.edge.ru4.com
127.0.0.1 http5.edge.ru4.com
127.0.0.1 http6.edge.ru4.com
127.0.0.1 http7.edge.ru4.com
127.0.0.1 http8.edge.ru4.com
127.0.0.1 http9.edge.ru4.com
127.0.0.1 huntbar.com
127.0.0.1 hyperbanner.net
127.0.0.1 hypercount.com
127.0.0.1 i.popupsponsor.com
127.0.0.1 i.rn11.com
127.0.0.1 i1img.com
127.0.0.1 ia.spinbox.net
127.0.0.1 iads.adroar.com
127.0.0.1 icache.getrelevant.com
127.0.0.1 icanfindit.net
127.0.0.1 icansearch.net
127.0.0.1 icentric.us.intellitxt.com
127.0.0.1 iclicks.net
127.0.0.1 icon.clickthru.net
127.0.0.1 idgsearch.com
127.0.0.1 ie.marketdart.com
127.0.0.1 ie.targetwords.com
127.0.0.1 ie.twrds.com
127.0.0.1 iefeadsl.com
127.0.0.1 ieplugin.com
127.0.0.1 igetnet.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 image.adjuggler.com
127.0.0.1 image.i1img.com
127.0.0.1 image.imgfarm.com
127.0.0.1 image.masterstats.com
127.0.0.1 image.ugo.com
127.0.0.1 image2000.mtreexxx.net
127.0.0.1 image-catcher.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 images.adultplex.com
127.0.0.1 images.atweb.com
127.0.0.1 images.bonzi.com
127.0.0.1 images.cybereps.com
127.0.0.1 images.exitexchange.com
127.0.0.1 images.go2net.com
127.0.0.1 images.rambler.ru
127.0.0.1 images.speedbit.com
127.0.0.1 images.targetwords.com
127.0.0.1 images.tibsystems.com
127.0.0.1 images.trafficmp.com
127.0.0.1 images1.paycounter.com
127.0.0.1 images2.vpptechnologies.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 imageserver1.thruport.com
127.0.0.1 img.3721.com
127.0.0.1 img.7meta.com
127.0.0.1 img.adsag.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 img.lop.com
127.0.0.1 img.msgtag.com
127.0.0.1 img.peopleonpage.com
127.0.0.1 img.rn11.com
127.0.0.1 img.webring.com
127.0.0.1 img1.webring.com
127.0.0.1 imgfarm.com
127.0.0.1 imgserv.adbutler.com
127.0.0.1 impfr.tradedoubler.com
127.0.0.1 impgb.tradedoubler.com
127.0.0.1 impit.tradedoubler.com
127.0.0.1 impress.targetwords.com
127.0.0.1 impression.7search.com
127.0.0.1 impse.tradedoubler.com
127.0.0.1 in.mainentrypoint.com
127.0.0.1 in.netster.com
127.0.0.1 in.paycounter.com
127.0.0.1 inboxrewards.com
127.0.0.1 includes.all2save.com
127.0.0.1 indiads.com
127.0.0.1 inet-traffic.com
127.0.0.1 infinity.zango.com
127.0.0.1 info.browserdirect.net
127.0.0.1 info.browserpal.com
127.0.0.1 info.securegetaway.com
127.0.0.1 info.spylog.ru
127.0.0.1 infostart.com
127.0.0.1 innovativemarketing.com
127.0.0.1 install.browsertoolbar.com
127.0.0.1 install.global-netcom.de
127.0.0.1 install.redswoosh.com
127.0.0.1 install.redswoosh.net
127.0.0.1 install.searchmiracle.com
127.0.0.1 install.sidesearch.lycos.com
127.0.0.1 install.spywarelabs.com
127.0.0.1 install.stardialer.de
127.0.0.1 install.xxxtoolbar.com
127.0.0.1 installdollars.com
127.0.0.1 instant-access.nocreditcard.com
127.0.0.1 instant-access.nocreditcard.net
127.0.0.1 instant-access.nocreditcardgay.com
127.0.0.1 instant-access.sex-explorer.com
127.0.0.1 int.sitestat.com
127.0.0.1 internal.vx2.cc
127.0.0.1 internetantispy.com
127.0.0.1 internet-optimizer.com
127.0.0.1 internetwasher.com
127.0.0.1 ipend.datastorm.biz
127.0.0.1 ipinsight.com
127.0.0.1 iquicksearch.net
127.0.0.1 is1.crawler.com
127.0.0.1 i--search.com
127.0.0.1 isearchtech.com
127.0.0.1 ispdialer.com
127.0.0.1 istarthere.com
127.0.0.1 itxt.vibrantmedia.com
127.0.0.1 jdaf.com
127.0.0.1 jethomepage.com
127.0.0.1 jetseeker.com
127.0.0.1 jmm.livestat.com
127.0.0.1 join.movienetworks.com
127.0.0.1 join.popcorn.net
127.0.0.1 join4free.cf.mtreexxx.net
127.0.0.1 join4free.com
127.0.0.1 jp1.sb01.com
127.0.0.1 jraun.com
127.0.0.1 js.count.cc
127.0.0.1 js.cybermonitor.com
127.0.0.1 js.domainsponsor.com
127.0.0.1 js.livehelper.com
127.0.0.1 js.statistici.ro
127.0.0.1 js6.clickzs.com
127.0.0.1 js7.clickzs.com
127.0.0.1 junior.apk.net
127.0.0.1 k17177.bins.lop.com
127.0.0.1 kabanga.com
127.0.0.1 karmajunction.com
127.0.0.1 kazanon.com
127.0.0.1 klipads.dvlabs.com
127.0.0.1 klounada.com
127.0.0.1 krd.realcities.com
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 landing.domainsponsor.com
127.0.0.1 lasagne.adlogix.com
127.0.0.1 laurel.netster.com
127.0.0.1 lbvh2.ttsg.com
127.0.0.1 lc.squarepath.com
127.0.0.1 legal.electronic-group.com
127.0.0.1 letssearch.com
127.0.0.1 libereco.net
127.0.0.1 lidan.com
127.0.0.1 link.affiliatebot.com
127.0.0.1 link.masterstats.com
127.0.0.1 link.rawtocash.net
127.0.0.1 link.siccash.com
127.0.0.1 link4link.com
127.0.0.1 linkexchange.ru
127.0.0.1 linklist.cc
127.0.0.1 links.outster.com
127.0.0.1 links.sextracker.com
127.0.0.1 linksummary.com
127.0.0.1 linktracker.angelfire.com
127.0.0.1 linktracker.tripod.com
127.0.0.1 list.ru
127.0.0.1 list2004.com
127.0.0.1 listincestsites.com
127.0.0.1 lists.adroar.com
127.0.0.1 lists.directcoupons.com
127.0.0.1 live.sex-explorer.com
127.0.0.1 liveperson.net
127.0.0.1 lives.sex-explorer.com
127.0.0.1 livingnet.adtech.de
127.0.0.1 lmcd.us.intellitxt.com
127.0.0.1 loadown.net
127.0.0.1 lobby.sexlist.com
127.0.0.1 locator.imagesrvr.com
127.0.0.1 locators.com
127.0.0.1 log.statistici.ro
127.0.0.1 log.trafic.ro
127.0.0.1 loga.hit-parade.com
127.0.0.1 loga.xiti.com
127.0.0.1 logc13.xiti.com
127.0.0.1 logo.affiliatebot.com
127.0.0.1 logoplugin.com
127.0.0.1 logp.xiti.com
127.0.0.1 logs.roings.com
127.0.0.1 logv20.xiti.com
127.0.0.1 logv3.xiti.com
127.0.0.1 look2me.com
127.0.0.1 looking-for.cc
127.0.0.1 look-today.com
127.0.0.1 lop.com
127.0.0.1 loudcash.com
127.0.0.1 loveadot.com
127.0.0.1 ls0.net
127.0.0.1 lstat.susanin.com
127.0.0.1 luckyhomepage.com
127.0.0.1 luckysearch.net
127.0.0.1 lustler.com
127.0.0.1 lycos.com.org
127.0.0.1 lycos-eu.imrworldwide.com
127.0.0.1 lz.mainentrypoint.com
127.0.0.1 m.rmbclick.com
127.0.0.1 m1.nedstatbasic.net
127.0.0.1 magic.3721.com
127.0.0.1 mail.mailwiper.com
127.0.0.1 mail.netster.com
127.0.0.1 mail.searchalot.com
127.0.0.1 mail.vx2.cc
127.0.0.1 mailwiper.com
127.0.0.1 main.netster.com
127.0.0.1 main.vpptechnologies.com
127.0.0.1 mainentrypoint.com
127.0.0.1 mair.net
127.0.0.1 manipulatingtheicesurface.com
127.0.0.1 maps.netster.com
127.0.0.1 mark.3721.com
127.0.0.1 marketdart.com
127.0.0.1 marketscore.com
127.0.0.1 marnet.us
127.0.0.1 martfinder.com
127.0.0.1 mass-traffic.com
127.0.0.1 master.mx-targeting.com
127.0.0.1 masterdialer.de
127.0.0.1 mature.xxxcounter.com
127.0.0.1 mau.sextracker.com
127.0.0.1 maxexp.com
127.0.0.1 maximuncash.com
127.0.0.1 mb.crawler.com
127.0.0.1 mds.centrport.net
127.0.0.1 measurement.redsheriff.com
127.0.0.1 media.adrevolver.com
127.0.0.1 media.altnet.com
127.0.0.1 media.exchange-it.com
127.0.0.1 media.gigex.com
127.0.0.1 media.pointroll.com
127.0.0.1 media.popunder.com
127.0.0.1 media.rapid-pass.net
127.0.0.1 mediacharger.com
127.0.0.1 medialoads.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediatrack.popupsponsor.com
127.0.0.1 mediatrack.revenue.net
127.0.0.1 mega.directwebsearch.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 megadialer.com
127.0.0.1 megaporn.cf.mtreexxx.net
127.0.0.1 megapornbucks.com
127.0.0.1 members.sexroulette.com
127.0.0.1 members.swimsuitnetwork.com
127.0.0.1 membersplugin.com
127.0.0.1 memorymeter.com
127.0.0.1 messagebroadcaster.net
127.0.0.1 meta.3721.com
127.0.0.1 micorsoft.com
127.0.0.1 microsoft.com.org
127.0.0.1 microsoit.com
127.0.0.1 mig29here.com
127.0.0.1 mindseti.com
127.0.0.1 minisearch.startnow.com
127.0.0.1 mirror.pointroll.com
127.0.0.1 mirrors.egwn.net
127.0.0.1 mirrorsearch.speedbit.com
127.0.0.1 misc.outster.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mm.delfinproject.com
127.0.0.1 mmm.roings.com
127.0.0.1 mn.myquicksearch.com
127.0.0.1 mojo.com
127.0.0.1 mojosearch.com
127.0.0.1 moniker.qsrch.com
127.0.0.1 more.teens3.com
127.0.0.1 movie-browser.com
127.0.0.1 movies-etc.com
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 mp.medialoads.com
127.0.0.1 mp3.popcorn.net
127.0.0.1 mp3today.net
127.0.0.1 mpamexit.com
127.0.0.1 mr.myquicksearch.com
127.0.0.1 msearch.3721.com
127.0.0.1 msgtag.com
127.0.0.1 msview.cc
127.0.0.1 msxml.blowsearch.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 mt1.climaxbucks.com
127.0.0.1 mt1.mtree.com
127.0.0.1 mt111.mtree.com
127.0.0.1 mt112.mtree.com
127.0.0.1 mt113.mtree.com
127.0.0.1 mt123.mtree.com
127.0.0.1 mt19.mtree.com
127.0.0.1 mt2.mtree.com
127.0.0.1 mt20.mtree.com
127.0.0.1 mt21.mtree.com
127.0.0.1 mt22.mtree.com
127.0.0.1 mt23.climaxbucks.com
127.0.0.1 mt23.mtree.com
127.0.0.1 mt31.mtree.com
127.0.0.1 mt32.mtree.com
127.0.0.1 mt33.mtree.com
127.0.0.1 mt34.mtree.com
127.0.0.1 mt37.mtree.com
127.0.0.1 mt44.mtree.com
127.0.0.1 mt78.mtree.com
127.0.0.1 mt90.mtree.com
127.0.0.1 mt94.mtree.com
127.0.0.1 mtree.com
127.0.0.1 mtreexxx.net
127.0.0.1 multi1.rmuk.co.uk
127.0.0.1 multimpp.com
127.0.0.1 musiccity.streamcastnetworks.com
127.0.0.1 music-downloads.audioseek.net
127.0.0.1 mvr.us
127.0.0.1 mvr3d.net
127.0.0.1 mvtracker.com
127.0.0.1 mx253.sb03.com
127.0.0.1 my.iwon.com
127.0.0.1 my.spylog.com
127.0.0.1 myaffiliateprogram.com
127.0.0.1 myc

Guest · « **Reply #10 on:** December 20, 2004, 09:23:00 PM »

Hi Umzee, I just seen you online

Go back into the registry delete
LOL and ZESOFT
Make sure you only remove those ones

Also, delete the files found bad by Rav's

Post back a fresh hijackthis log afterwards and let me know how things are running

It appears you added a custom host file or possibly one added by Spybot?
Did you set those in your hosts file
It's not a bad thing to have entries like this
127.0.0.1 1000stars.ru
as bad sites trying to force popup ads and such will be redirected to your local host

Let me know

ummzee · « **Reply #11 on:** December 21, 2004, 12:41:28 AM »

Things are better, at least the multiple screens stopped opening when I open my brower. However, when I use a search site (google, metacrawler, etc.) I am being redirected again, so I am not able to use a search engine at the moment.

I was aksed to post my host file earlier so I did. However, I am not sure what they reveal except what has been loaded into the browser. Are you telling me to make another entry to the host file?

I was told earlier to stop the services of LOL and Zesoft

Logfile of HijackThis v1.99.0
Scan saved at 11:35:55 PM, on 12/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Palm\HOTSYNC.EXE
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe

guestolo · « **Reply #12 on:** December 21, 2004, 01:13:04 AM »

Ahh, I didn't know you couldn't access search sites

First can you download and unzip to a folder of your choice
http://members.aol.com/toadbee/hoster.zip
We'll need this later

Let's create a fresh Restore point
Start>>All Programs>>Accessories>>System Tools>>system restore
Create a fresh restore point
Name it and click the Create button
This is just so you have a backup

Print the rest of this out or save it to a notepad file on your desktop for easy access
Restart your computer into safe mode

Can you access your registry---Again be careful
Just delete what I ask you
I had you go here before
Go to Start>>Run>>Type in regedit and hit Enter or OK
Expand(+) these keys
+HKEY_LOCAL_MACHINE
+SYSTEM
+CurrentControlSet
+Services

Look for these keys on the left hand side and let me know if you see them, but this time right click on them and delete them
LOL
ZESOFT

Now that your comfortable in the registry
Follow these instructions by Symantec on what to look for and delete in the registry
the ones I've bolded if they exist

Quote

Navigate to this Key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

# Adds one of the following values: Look on the right hand side for

"Sys29"="%System%\winoko32.exe"
"Sys29"="%System%\winjnp32.exe"

so that the adware runs when you start Windows.

# Adds the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Elitum
HKEY_CURRENT_USER\SOFTWARE\LQ

to hold configuration data for the adware.

# Adds the following registry keys:

HKEY_CURRENT_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA880F}
HKEY_CURRENT_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81C3A}

so that the adware displays a toolbar in Internet Explorer.

Exit Registry editor
Look for these files and folders in boldand delete them if they exist
You may also want to do a search for them

# Creates some of the following files:

C:\WINDOWS\Winoko.exe
C:\WINDOWS\Winjnp32.exe
C:\WINDOWS\Bkmsf32.dat
C:\Winupdate.exe and C:\Ed.exe.
and folder
C:\WINDOWS\EliteBar

# Creates multiple files in C:\WINDOWS\EliteBar.

After you have done that
Navigate to this folder
C:\WINDOWS\SYSTEM32\DRIVERS\ETC
Open the ETC folder and look for HOSTS or Host.bak and delete them if found
Don't delete any other files with other names, just the above
You may have to take the check out of READ ONLY in it's properties

Restart back into Normal mode
Open Hoster---Let it create a new Hosts file
Then click the button Restore Original Hosts

Follow this link to show you how to reset your Customize search settings from Symantec
http://sarc.com/avcenter/venc/data/adware....e.elitebar.html

Post back one more hijackthis log and let me know how it's going

ummzee · « **Reply #13 on:** December 21, 2004, 02:54:52 AM »

Things are looking good!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> I have my search engine BACK! I don't use any of the optional choices offered, I use metacrawler.com but when I t

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' /> sted it, it worked. THANK YOU.

I have learned a lot during this clean-up. I would like to learn more. I will keep an eye on the problems of others to see what I can learn. I would like to donate to the site to help keep the good work going. Please let me know where that can be done. Let me know if there is anything else I need to do. If I missed something, I WILL BE BACK!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Peace

Logfile of HijackThis v1.99.0
Scan saved at 1:51:09 AM, on 12/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\Ati2evxx.exe
c:\antivirus\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\ANTIVI~1\ETRUST~1\VetTray.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\wdfmgr.exe
c:\antivirus\eTrust EZ Antivirus\VetMsg.exe
C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\mqsvc.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\WINDOWS\System32\cidaemon.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\5sn574x3.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [VetTray] c:\ANTIVI~1\ETRUST~1\VetTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\antivirus\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096438447079
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...412/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FFCC69BC-6003-4622-B4EC-EA3C2938A038}: NameServer = 151.197.0.38 151.197.0.39
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA ISafe - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service - Computer Associates International, Inc. - c:\antivirus\eTrust EZ Antivirus\VetMsg.exe

guestolo · « **Reply #14 on:** December 21, 2004, 03:13:14 AM »

Have Hijackthis fix checked this entry with all other windows closed
O16 - DPF: {5E8FD788-C323-4357-AB76-7CBCEFBA573C} (SpyBouncer.SBDownloader) - http://www.spybouncer.com/downloader.ocx

At this time you should disable system restore---Restart your computer---enable system Restore
This will ensure that you don't restore no nasties
and creates a fresh restore point
Link will explain how
http://vil.nai.com/vil/SystemHelpDocs/Disa...eSysRestore.htm

To help keep your computer clean
You should install this free app.

Add extra security while
silently protecting you, without running in the background

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html
Just run it once, and check for updates every couple of weeks, enable all protection after every update

Hold onto Spybot and Ad-Aware and check for updates every couple of weeks and run scans
You can do a Smart System scan with Ad-Aware, it's faster, run a full system scan once in awhile
You may also want to use Spybot's Immunize feature
Open Spybot>>Click Immunize>>OK>>Immunize at the top

Stay safe

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'

\' />

I'm not sure about Donations

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />
I'm kind of a Free Lancer I guess, hee hee
take care

TheTechGuide Forum

News:

Author Topic: Highjack Log (Read 4852 times)

ummzee

Highjack Log

guestolo

Highjack Log

Guest_Ummzee

Highjack Log

guestolo

Highjack Log

Guest

Highjack Log

guestolo

Highjack Log

logon results

Highjack Log

Guest

Highjack Log

guestolo

Highjack Log

Guest

Highjack Log

Guest

Highjack Log

ummzee

Highjack Log

guestolo

Highjack Log

ummzee

Highjack Log

guestolo

Highjack Log