Author Topic: malware having trouble eliminating HELP (Read 5924 times)

jmfft · « **on:** March 25, 2008, 03:06:45 PM »

I have a malware that has imbedded itself on my computer. I have run AGC and Spybot and elminated the following files: egcomlib_1035.dll, secure.exe, oggview.dll, Files Secure 2.1.lnk. Spybot detected and supposedly corrected win32.agent.gvu but it keeps returning. Whenever I open Internet Explorer or switch sites on explorer the following message appears "Your computer was infected by an unknown trojan. It's dangerous for your system (critical files can be lost)! Click OK to download the antispyware program." When I have opened thiswindow it appears to be a prompt to purchase IEDefender. Any help would be appreciated. Attached is a copy of a Hijackthis log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:58:55 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\usb.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\Antivirus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.mytelus.com/new_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch

-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} -

C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-

CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164

\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-

us\msntb.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {BE0C6EB3-C144-49D4-8ED9-801906A00A31} -

C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} -

C:\WINDOWS\ausctv32a.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1

\MORPHE~1\MORPHE~1.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program

Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} -

C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32

\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [navapp] C:\Program

Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Vvwwwgf] C:\Program Files\Bqxq\Xlmsg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a3drt17h] C:\WINDOWS\System32\a3drt17h.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch

Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -

atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1

\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02

\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-

Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Instant Access] rundll32.exe

EGCOMLIB_1035.dll,InstantAccess
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program

Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1

\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared

Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6

\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

/RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning]

C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC

Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning]

C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903

\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903

\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS

eCare\bin\matcli.exe
O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYCA
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:

{document.location='http://neosexvideo.com/webmasters/df044/access.htm';}
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1

\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo -

http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo -

http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo -

http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-

5.9.0.25/peaks/peaks-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-

seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-

seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-

5.9.1.18/wordwhomp/wordwhomp-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo -

http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo -

http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo -

http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} -

http://akamai.downloadv3.com/binaries/P2EC..._1015_EN_XP.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol)

- http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus

scanner) -

http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl

Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite)

- http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) -

http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1}

(CPlayFirstPiratePoppersControl Object) -

http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} -

http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-

dl.real.com/068a14a671217e260718/netzip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4

Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader

Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib

Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl)

- http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -

http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) -

http://download-

games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher

.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) -

http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) -

http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) -

http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} -

http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) -

http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} -

http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) -

http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry

Information Class) -

http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) -

http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) -

http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class)

- http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -

http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game

Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object)

- http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -

https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) -

http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games â€“ Backgammon) -

http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-

00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-

2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity

Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) -

http://www.boomspeed.com/sfhelpers/backgrounds/582.gif

--
End of file - 17863 bytes

guestolo · « **Reply #1 on:** March 25, 2008, 10:44:03 PM »

Welcome jmfft
your running an older version of Hijackthis
Can you do the following please
Download the latest version of the Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Before you copy the log, can you click on FORMAT and UNCHECK WORD WRAP
This will eliminate the spaces in your log

Come back here and post a fresh hijackthis log please

jmfft · « **Reply #2 on:** March 25, 2008, 11:25:42 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:55 PM, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/new_homepage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us4.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {BE0C6EB3-C144-49D4-8ED9-801906A00A31} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} - C:\WINDOWS\ausctv32a.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Vvwwwgf] C:\Program Files\Bqxq\Xlmsg.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [a3drt17h] C:\WINDOWS\System32\a3drt17h.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYCA
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:{document.location='http://neosexvideo.com/webmasters/df044/access.htm';}
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Blooop by pogo - http://game1.pogo.com/v/8.1.6.3/applet/cas...scade-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ca...nasta-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/dr...poker-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/v/8.1.5.27/applet/gin2/gin2-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/v/8.1.6.21/applet/ma...jong2-en_US.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/v/8.1.6.21/applet/fl...inger-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/v/8.1.5.27/applet/po...ppit2-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sp...pider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/v/8.1.5.27/applet/sq...chies-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/v/8.1.5.27/applet/ho...oldem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet-5.9.0.25/peak...s-ob-assets.cab
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: TruePass EPF 7,0,100,739 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: Word Whomp by pogo - http://whomp.pogo.com/applet-5.9.1.18/word...p-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/v/8.1.6.21/applet/wh...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/v/8.1.5.42/applet/wo...djong-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/v/8.1.5.27/applet/wo...class-en_US.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1015_EN_XP.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€“ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://sympatico.zone.msn.com/bingame/rtlw...bGameLoader.cab
O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://sympatico.zone.msn.com/bingame/pppp...rs.1.0.0.39.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/068a14a671217e...ip/RdxIE601.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://sympatico.zone.msn.com/bingame/amad...t/atomaders.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/online2/pog...mesLauncher.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://sympatico.zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab55579.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://sympatico.zone.msn.com/bingame/zpag...vl.cab55579.cab
O16 - DPF: {A5180646-FE0F-4C97-AA29-2A0F41515623} - http://sympatico.zone.msn.com/bingame/zpag...S2.cab61895.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BCF9A64D-1440-4404-863C-F5DF2B99F798} (Catan Online Game) - http://zone.msn.com/bingame/zpagames/zpa_catan.cab36135.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€“ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://games.pogo.com/online2/pogo/mahjong...ameLauncher.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (MSN Games â€“ Backgammon) - http://zone.msn.com/bingame/zpagames/ZPA_B...on.cab64162.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.boomspeed.com/sfhelpers/backgrounds/582.gif

--
End of file - 17070 bytes

guestolo · « **Reply #3 on:** March 25, 2008, 11:26:52 PM »

Please download Navilog1 by IL-MAFIOSO and save to desktop
from the following link:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

* Extract its contents to the desktop.
* Double click on navilog1.exe to install it on your computer.
* When the installation is complete, the tool will start automatically.
* If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
* Press E for English from the language Menu.
* Type 1 in the next Menu to select Search and press Enter.
* Wait for the Scan to finish (It may take a reasonable amount of time)
* Press any key as requested .
* A new document will be produced: fixnavi.txt.
* Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

jmfft · « **Reply #4 on:** March 25, 2008, 11:50:03 PM »

Search Navipromo version 3.5.1 began on Tue 03/25/2008 at 22:43:10.15

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Program Files\navilog1
Actual User Account : "Owner"

Updated on 23.03.2008 at 22h00 by IL-MAFIOSO

Microsoft Windows XP [Version 5.1.2600]
Version Internet Explorer : 7.0.5730.11
Filesystem type : NTFS

Done in normal mode

*** Searching for installed Software ***

*** Search folders in C:\WINDOWS ***

*** Search folders in C:\Program Files ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Search folders in "C:\Documents and Settings\Owner\applic~1" ***

*** Search folders in "C:\Documents and Settings\Owner\locals~1\applic~1" ***

*** Search folders in "C:\Documents and Settings\Owner\startm~1\programs" ***

*** Search folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs ***

*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net

No file found

*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in C:\WINDOWS\system32 *

* Scan in "C:\Documents and Settings\Owner\locals~1\applic~1" *

* Scan in "C:\docume~1\Administrator\locals~1\applic~1" *

*** Search files ***

C:\WINDOWS\Downloaded Program Files\EGAUTH.inf found !
C:\WINDOWS\tmlpcert2005 found !
C:\WINDOWS\system32\mseggrpid.dll found !

*** Search specific Registry keys ***

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :

2)Heuristic Search :

* In C:\WINDOWS\system32 :

* In "C:\Documents and Settings\Owner\locals~1\applic~1" :

* In ""C:\docume~1\Administrator\locals~1\applic~1"" :

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :

*** Search completed on Tue 03/25/2008 at 22:57:28.60 ***

guestolo · « **Reply #5 on:** March 26, 2008, 12:14:21 AM »

Can you run a few fixes for me
I may not see the results till tomorrow, but keep me informed how things are running afterwards

If you have previously downloaded any of the following 2 tools, I need you to delete your copies and get the most up to date ones
=Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We'll need this later

=Download this file - Combofix.exe and save it ONLY to your desktop
Again, we'll need it later

=Download ResetTeaTimer.bat
http://downloads.subratam.org/ResetTeaTimer.bat
to your desktop. (In case you use Firefox, rightclick the link and choose "save as").

PRINT the remainder of these instructions, or save them to a text file on desktop for reference
Physically disconnect the cable to the internet

Disable ALL the following:
Leave them disabled till we have completed these fixes please:

Disable AVG Anti-Spyware as follows:

* Launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
* The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield'
* Then right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".

Disable SpybotSD TeaTimer, as it may hinder the removal of the infection.
To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Close Spybot

Doubleclick ResetTeaTimer.bat and let it run.
This will only take a few seconds.

Do a "System scan only" with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {ACB3E0B7-7D0C-40B7-99B3-3EEACDF86BFB} - C:\WINDOWS\mslagent\4b_1,0,1,1_mslagent.dll (file missing)

O2 - BHO: C:\WINDOWS\lbbho.dll - {BE0C6EB3-C144-49D4-8ED9-801906A00A31} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: Media Player Classic - {D2A8552D-4340-413E-B94E-245827FBC269} - C:\WINDOWS\ausctv32a.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\MORPHE~1.DLL (file missing)

O3 - Toolbar: Morpheus Toolbar - {119DBEDA-9c41-4F97-94B4-B6BCD01133CF} - C:\Program Files\Morpheus Toolbar\morpheustoolbar.dll (file missing)

O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Vvwwwgf] C:\Program Files\Bqxq\Xlmsg.exe

O4 - HKLM\..\Run: [a3drt17h] C:\WINDOWS\System32\a3drt17h.exe

O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGCOMLIB_1035.dll,InstantAccess
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=zuzeb004YYCA
O8 - Extra context menu item: >>> HARDCORE MOVIES <<< - java script:{document.location='http://neosexvideo.com/webmasters/df044/access.htm';}

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC..._1015_EN_XP.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/068a14a671217e...ip/RdxIE601.cab

O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In safe mode

====================================
Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process
Reboot back to Normal Windows

I'll need to see the log it generates later, by default it is located at
C:\rapport.txt
============================================

At this time, ensure that AVG ANTIVIRUS is disable so it won't interfere in this next fix

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
ComboFix by default will reboot your computer, this is Normal
By default it will save a copy to C:\Combofix.txt
I'll need to see this log later
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Back in Windows and after combofix has created it's log

Double click on Navilog1 shortcut icon on your desktop to run it.

Press E for English from the language Menu.
On main menu, choose 2
Follow the instructions and wait.
The tool will then advise you that it will restart your computer.
Save your open documents, if any, and close all windows.
Press any key as requested.
If your computer doesn't restart automatically, restart it manually.
Choose your usual session if necessary.
Wait for the *** Cleaning stage complete! â€¦.*** message (Please be patient. It may take a reasonable amount of time).
A new notepad document will be produced.
Please save the document to a convenient location
Your desktop will now appear.

Connect back to the Internet
If you don't get a connection within a minute, reboot the computer

Post back all the following

1. Post the log from Combofix>>C:\ComboFix.txt
2. Post a fresh Hijackthis log
3. Post the report from Smitfraudfix>>C:\Rapport.txt
4. Post the new log from Navilog

NOTE: It may take more than one reply to post the above 4 logs, please do so if needed

jmfft · « **Reply #6 on:** March 26, 2008, 12:16:16 AM »

will do. thanks for the help!

jmfft · « **Reply #7 on:** March 26, 2008, 01:11:10 AM »

Navipromo Removal version 3.5.1 started on Wed 03/26/2008 at 0:09:22.71Fix running from C:\Program Files\navilog1Session actuelle : "Owner" Actual User Account : "Owner" Updated on 23.03.2008 at 22h00 by IL-MAFIOSOMicrosoft Windows XP [Version 5.1.2600]Internet Explorer : 7.0.5730.11Filesystem type : NTFSAutomatic removal with Catchme and GNS results *** fsbl1.txt not found ***(Check that Catchme found nothing in Search Mode) *** Deleting with Backups GenericNaviSearch results **** Deletion in C:\WINDOWS\System32 ** Deletion in "C:\Documents and Settings\Owner\locals~1\applic~1" * * Deletion in "C:\docume~1\Administrator\locals~1\applic~1" * *** Deleting folders in C:\WINDOWS ****** Deleting folders in C:\Program Files ****** Deleting folders in C:\DOCUME~1\ALLUSE~1\APPLIC~1 ****** Deleting folders in "C:\Documents and Settings\Owner\applic~1" *** *** Deleting folders in "C:\Documents and Settings\Owner\locals~1\applic~1" *** *** Deleting folders in "C:\Documents and Settings\Owner\startm~1\programs" *** *** Deleting folders in C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs *** *** Deleting files ****** Deleting temporary files ***Cleaning of C:\WINDOWS\Temp done !Cleaning of C:\Documents and Settings\Owner\locals~1\Temp done !*** Complementary Search ***(Search specific files)1)Deletion with backups new Instant Access files:2)Heuristic search and deletion with backups :* In C:\WINDOWS\system32 ** In "C:\Documents and Settings\Owner\locals~1\applic~1" * * In "C:\docume~1\Administrator\locals~1\applic~1" * *** Copy Registry to Backupnavi folder ***Backing up Registry done !*** Cleaning Registry ***Registry cleaned*** Certificates ***Egroup Certificate not found !Electronic-Group Certificate not found !OOO-Favorit Certificate not found !Sunny-Day-Design-Ltd Certificate not found !*** Cleaning stage complete on Wed 03/26/2008 at 0:12:49.46 ***SmitFraudFix v2.308Scan done at 23:47:02.75, Tue 03/25/2008Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTThe filesystem type is NTFSFix run in safe modeÂ»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» SharedTaskScheduler Before SmitFraudFix!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dllÂ»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» Killing processÂ»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.1001-search.info127.0.0.1 1001-search.info127.0.0.1 www.100888290cs.com127.0.0.1 100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.123topsearch.com127.0.0.1 123topsearch.com127.0.0.1 www.132.com127.0.0.1 132.com127.0.0.1 www.136136.net127.0.0.1 136136.net127.0.0.1 www.139mm.com127.0.0.1 139mm.com127.0.0.1 www.163ns.com127.0.0.1 163ns.com127.0.0.1 171203.com127.0.0.1 17-plus.com127.0.0.1 www.1800searchonline.com127.0.0.1 1800searchonline.com127.0.0.1 www.180searchassistant.com127.0.0.1 180searchassistant.com127.0.0.1 www.180solutions.com127.0.0.1 180solutions.com127.0.0.1 www.181.365soft.info127.0.0.1 181.365soft.info127.0.0.1 www.1987324.com127.0.0.1 1987324.com127.0.0.1 www.1-domains-registrations.com127.0.0.1 1-domains-registrations.com127.0.0.1 www.1-extreme.biz127.0.0.1 1-extreme.biz127.0.0.1 www.1sexparty.com127.0.0.1 1sexparty.com127.0.0.1 www.1stantivirus.com127.0.0.1 1stantivirus.com127.0.0.1 www.1stpagehere.com127.0.0.1 1stpagehere.com127.0.0.1 www.1stsearchportal.com127.0.0.1 1stsearchportal.com127.0.0.1 2.82211.net127.0.0.1 www.2006ooo.com127.0.0.1 www.2007-download.com127.0.0.1 2007-download.com127.0.0.1 www.2020search.com127.0.0.1 2020search.com127.0.0.1 20x2p.com127.0.0.1 www.24.365soft.info127.0.0.1 24.365soft.info127.0.0.1 www.24-7pharmacy.info127.0.0.1 24-7pharmacy.info127.0.0.1 www.24-7searching-and-more.com127.0.0.1 24-7searching-and-more.com127.0.0.1 www.24teen.com127.0.0.1 24teen.com127.0.0.1 www.2every.net127.0.0.1 2every.net127.0.0.1 2ndpower.com127.0.0.1 www.2search.com127.0.0.1 2search.com127.0.0.1 www.2search.org127.0.0.1 2search.org127.0.0.1 www.2squared.com127.0.0.1 2squared.com127.0.0.1 www.3322.org127.0.0.1 3322.org127.0.0.1 365soft.info127.0.0.1 www.36site.com127.0.0.1 36site.com127.0.0.1 3721.com127.0.0.1 39-93.com127.0.0.1 www.3abetterinternet.com127.0.0.1 3abetterinternet.com127.0.0.1 www.3bay.it127.0.0.1 3bay.it127.0.0.1 www.3ebay.it127.0.0.1 3ebay.it127.0.0.1 www.3xclipsonline.com127.0.0.1 3xclipsonline.com127.0.0.1 www.3xcurves.com127.0.0.1 3xcurves.com127.0.0.1 www.3xfestival.com127.0.0.1 3xfestival.com127.0.0.1 www.3x-festival.com127.0.0.1 3x-festival.com127.0.0.1 www.3x-galls.com127.0.0.1 3x-galls.com127.0.0.1 www.3xmiracle.com127.0.0.1 3xmiracle.com127.0.0.1 www.3xmoviesblog.com127.0.0.1 3xmoviesblog.com127.0.0.1 www.404dns.com127.0.0.1 404dns.com127.0.0.1 www.4199.com127.0.0.1 4199.com127.0.0.1 www.4corn.net127.0.0.1 4corn.net127.0.0.1 www.4ebay.it127.0.0.1 4ebay.it127.0.0.1 4klm.com127.0.0.1 www.4mpg.com127.0.0.1 4mpg.com127.0.0.1 www.4repubblica.it127.0.0.1 4repubblica.it127.0.0.1 www.4softget.com127.0.0.1 4softget.com127.0.0.1 www.5iscali.it127.0.0.1 5iscali.it127.0.0.1 www.5repubblica.it127.0.0.1 5repubblica.it127.0.0.1 www.5starvideos.com127.0.0.1 5starvideos.com127.0.0.1 www.5tiscali.it127.0.0.1 5tiscali.it127.0.0.1 www.5zgmu7o20kt5d8yq.com127.0.0.1 5zgmu7o20kt5d8yq.com127.0.0.1 www.680180.net127.0.0.1 680180.net127.0.0.1 www.6iscali.it127.0.0.1 6iscali.it127.0.0.1 www.6njaga.com127.0.0.1 6njaga.com127.0.0.1 www.6sek.com127.0.0.1 6sek.com127.0.0.1 www.6tiscali.it127.0.0.1 6tiscali.it127.0.0.1 www.70-music.com127.0.0.1 70-music.com127.0.0.1 www.7322.com127.0.0.1 7322.com127.0.0.1 75tz.com127.0.0.1 www.777search.com127.0.0.1 777search.com127.0.0.1 www.777top.com127.0.0.1 777top.com127.0.0.1 www.7939.com127.0.0.1 7939.com127.0.0.1 www.7search.com127.0.0.1 7search.com127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com127.0.0.1 www.80-music.com127.0.0.1 80-music.com127.0.0.1 82211.net127.0.0.1 8866.org127.0.0.1 www.888.com127.0.0.1 888.com127.0.0.1 www.8ad.com127.0.0.1 8ad.com127.0.0.1 www.90-music.com127.0.0.1 90-music.com127.0.0.1 www.9505.com127.0.0.1 9505.com127.0.0.1 www.971searchbox.com127.0.0.1 971searchbox.com127.0.0.1 a.bestmanage.org127.0.0.1 www.aaabesthomepage.com127.0.0.1 aaabesthomepage.com127.0.0.1 aaasexypics.com127.0.0.1 www.aaawebfinder.com127.0.0.1 aaawebfinder.com127.0.0.1 www.aaqadarsztriv.com127.0.0.1 aaqadarsztriv.com127.0.0.1 www.aaqada-rsztriv.com127.0.0.1 aaqada-rsztriv.com127.0.0.1 www.aaqadaueorn.com127.0.0.1 aaqadaueorn.com127.0.0.1 www.aaqada-ueorn.com127.0.0.1 aaqada-ueorn.com127.0.0.1 www.aaqada-ygco.com127.0.0.1 aaqada-ygco.com127.0.0.1 www.aaqada-ymct.com127.0.0.1 aaqada-ymct.com127.0.0.1 aavc.com127.0.0.1 www.abcdperformance.com127.0.0.1 abcdperformance.com127.0.0.1 www.abc-find.info127.0.0.1 abc-find.info127.0.0.1 www.abcsearch.com127.0.0.1 abcsearch.com127.0.0.1 www.abetterinternet.com127.0.0.1 abetterinternet.com127.0.0.1 www.abnetsoft.info127.0.0.1 abnetsoft.info127.0.0.1 www.aboutclicker.com127.0.0.1 aboutclicker.com127.0.0.1 www.abrp.net127.0.0.1 abrp.net127.0.0.1 www.absolutee.com127.0.0.1 absolutee.com127.0.0.1 www.abyssmedia.com127.0.0.1 abyssmedia.com127.0.0.1 www.ac66.cn127.0.0.1 ac66.cn127.0.0.1 access.Navinetwork.com127.0.0.1 access.rapid-pass.net127.0.0.1 www.accessactivexvideo.com127.0.0.1 accessactivexvideo.com127.0.0.1 www.accessclips.com127.0.0.1 accessclips.com127.0.0.1 www.access-dvd.com127.0.0.1 access-dvd.com127.0.0.1 www.accesskeygenerator.com127.0.0.1 accesskeygenerator.com127.0.0.1 www.accessorygeeks.com127.0.0.1 accessorygeeks.com127.0.0.1 www.accessthefuture.net127.0.0.1 accessthefuture.net127.0.0.1 www.accessvid.net127.0.0.1 accessvid.net127.0.0.1 www.acemedic.com127.0.0.1 acemedic.com127.0.0.1 www.ace-webmaster.com127.0.0.1 ace-webmaster.com127.0.0.1 acjp.com127.0.0.1 www.acrobat-2007.com127.0.0.1 acrobat-2007.com127.0.0.1 www.acrobat-8.com127.0.0.1 acrobat-8.com127.0.0.1 www.acrobat-center.com127.0.0.1 acrobat-center.com127.0.0.1 www.acrobat-hq.com127.0.0.1 acrobat-hq.com127.0.0.1 www.acrobatreader-8.com127.0.0.1 acrobatreader-8.com127.0.0.1 www.acrobat-reader-8.de127.0.0.1 acrobat-reader-8.de127.0.0.1 www.acrobat-stop.com127.0.0.1 acrobat-stop.com127.0.0.1 www.actionbreastcancer.org127.0.0.1 actionbreastcancer.org127.0.0.1 www.activesearcher.info127.0.0.1 activesearcher.info127.0.0.1 www.activexaccessobject.com127.0.0.1 activexaccessobject.com127.0.0.1 www.activexaccessvideo.com127.0.0.1 activexaccessvideo.com127.0.0.1 www.activexemedia.com127.0.0.1 activexemedia.com127.0.0.1 www.activexmediaobject.com127.0.0.1 activexmediaobject.com127.0.0.1 www.activexmediapro.com127.0.0.1 activexmediapro.com127.0.0.1 www.activexmediasite.com127.0.0.1 activexmediasite.com127.0.0.1 www.activexmediasoftware.com127.0.0.1 activexmediasoftware.com127.0.0.1 www.activexmediasource.com127.0.0.1 activexmediasource.com127.0.0.1 www.activexmediatool.com127.0.0.1 activexmediatool.com127.0.0.1 www.activexmediatour.com127.0.0.1 activexmediatour.com127.0.0.1 www.activexsoftwares.com127.0.0.1 activexsoftwares.com127.0.0.1 www.activexsource.com127.0.0.1 activexsource.com127.0.0.1 www.activexupdate.com127.0.0.1 activexupdate.com127.0.0.1 www.activexvideo.com127.0.0.1 activexvideo.com127.0.0.1 www.activexvideotool.com127.0.0.1 activexvideotool.com127.0.0.1 www.ad.marketingsector.com127.0.0.1 ad.marketingsector.com127.0.0.1 www.ad.mokead.com127.0.0.1 ad.mokead.com127.0.0.1 ad.oinadserver.com127.0.0.1 ad.outerinfoads.com127.0.0.1 www.ad25.com127.0.0.1 ad25.com127.0.0.1 www.ad45.com127.0.0.1 ad45.com127.0.0.1 www.ad77.com127.0.0.1 ad77.com127.0.0.1 www.ad86.com127.0.0.1 ad86.com127.0.0.1 www.adamsupportgroup.org127.0.0.1 adamsupportgroup.org127.0.0.1 www.adarmor.com127.0.0.1 adarmor.com127.0.0.1 www.adasearch.com127.0.0.1 adasearch.com127.0.0.1 adaware.cc127.0.0.1 www.adawarenow.com127.0.0.1 adawarenow.com127.0.0.1 adchannel.contextplus.net127.0.0.1 www.addetect.com127.0.0.1 addetect.com127.0.0.1 www.add-hhh.info127.0.0.1 add-hhh.info127.0.0.1 www.addictivetechnologies.com127.0.0.1 addictivetechnologies.com127.0.0.1 www.addictivetechnologies.net127.0.0.1 addictivetechnologies.net127.0.0.1 www.addioerrori.com127.0.0.1 addioerrori.com127.0.0.1 www.add-manager.com127.0.0.1 add-manager.com127.0.0.1 www.adgate.info127.0.0.1 adgate.info127.0.0.1 www.adintelligence.net127.0.0.1 adintelligence.net127.0.0.1 www.adioserrores.com127.0.0.1 adioserrores.com127.0.0.1 www.adipics.com127.0.0.1 adipics.com127.0.0.1 www.adlogix.com127.0.0.1 adlogix.com127.0.0.1 www.admin2cash.biz127.0.0.1 admin2cash.biz127.0.0.1 adnet-plus.com127.0.0.1 www.adnetserver.com127.0.0.1 adnetserver.com127.0.0.1 adobe-download-now.com127.0.0.1 www.adobe-downloads.com127.0.0.1 adobe-downloads.com127.0.0.1 www.adobe-reader-8.fr127.0.0.1 adobe-reader-8.fr127.0.0.1 www.adprotect.com127.0.0.1 adprotect.com127.0.0.1 ads.centralmedia.ws127.0.0.1 ads.k8l.info127.0.0.1 ads.kmpads.com127.0.0.1 ads.kw.revenue.net127.0.0.1 ads.marketingsector.com127.0.0.1 ads.searchingbooth.com127.0.0.1 ads.z-quest.com127.0.0.1 ads1.revenue.net127.0.0.1 www.ads183.com127.0.0.1 ads183.com127.0.0.1 www.adscontex.com127.0.0.1 adscontex.com127.0.0.1 www.adservices1.enhance.com127.0.0.1 adservices1.enhance.com127.0.0.1 adservs.com127.0.0.1 www.adsextend.net127.0.0.1 adsextend.net127.0.0.1 www.adshttp.com127.0.0.1 adshttp.com127.0.0.1 www.adsniffer.com127.0.0.1 adsniffer.com127.0.0.1 www.adsonwww.com127.0.0.1 adsonwww.com127.0.0.1 www.adspics.com127.0.0.1 adspics.com127.0.0.1 www.adsrevenue.net127.0.0.1 adsrevenue.net127.0.0.1 www.adtrak.net127.0.0.1 adtrak.net127.0.0.1 adtrgt.com127.0.0.1 www.adult777search.info127.0.0.1 adult777search.info127.0.0.1 www.adultan.com127.0.0.1 adultan.com127.0.0.1 www.adult-engine-search.com127.0.0.1 adult-engine-search.com127.0.0.1 www.adult-erotic-guide.net127.0.0.1 adult-erotic-guide.net127.0.0.1 www.adultfilmsite.com127.0.0.1 adultfilmsite.com127.0.0.1 www.adult-friends-finder.net127.0.0.1 adult-friends-finder.net127.0.0.1 adultgambling.org127.0.0.1 adult-host.org127.0.0.1 www.adulthyperlinks.com127.0.0.1 adulthyperlinks.com127.0.0.1 www.adultmovieplus.com127.0.0.1 adultmovieplus.com127.0.0.1 www.adult-mpg.net127.0.0.1 adult-mpg.net127.0.0.1 adult-personal.us127.0.0.1 adultsgames.net127.0.0.1 www.adultsonlyvids.com127.0.0.1 adultsonlyvids.com127.0.0.1 www.adultsper.com127.0.0.1 adultsper.com127.0.0.1 www.adulttds.com127.0.0.1 adulttds.com127.0.0.1 www.adultzoneworld.com127.0.0.1 adultzoneworld.com127.0.0.1 www.advcash.biz127.0.0.1 advcash.biz127.0.0.1 advert.exaccess.ru127.0.0.1 www.advertisemoney.info127.0.0.1 advertisemoney.info127.0.0.1 advertising.paltalk.com127.0.0.1 www.advertising-money.info127.0.0.1 advertising-money.info127.0.0.1 ad-ware.cc127.0.0.1 www.ad-w-a-r-e.com127.0.0.1 ad-w-a-r-e.com127.0.0.1 www.a-d-w-a-r-e.com127.0.0.1 a-d-w-a-r-e.com127.0.0.1 www.adware.pro127.0.0.1 adware.pro127.0.0.1 www.adwarealert.com127.0.0.1 adwarealert.com127.0.0.1 www.ad-warealert.com127.0.0.1 ad-warealert.com127.0.0.1 www.adwarearrest.com127.0.0.1 adwarearrest.com127.0.0.1 www.adwarebazooka.com127.0.0.1 adwarebazooka.com127.0.0.1 www.adwarecommander.com127.0.0.1 adwarecommander.com127.0.0.1 www.adwarefinder.com127.0.0.1 adwarefinder.com127.0.0.1 www.adwaregold.com127.0.0.1 adwaregold.com127.0.0.1 www.adwarepatrol.com127.0.0.1 adwarepatrol.com127.0.0.1 www.adwareplatinum.com127.0.0.1 adwareplatinum.com127.0.0.1 www.adwareprotectionsite.com127.0.0.1 adwareprotectionsite.com127.0.0.1 www.adwarepunisher.com127.0.0.1 adwarepunisher.com127.0.0.1 www.adwareremover.ws127.0.0.1 adwareremover.ws127.0.0.1 www.adwaresafety.com127.0.0.1 adwaresafety.com127.0.0.1 www.adwarexp.com127.0.0.1 adwarexp.com127.0.0.1 affiliate.idownload.com127.0.0.1 www.aflgate.com127.0.0.1 aflgate.com127.0.0.1 africaspromise.org127.0.0.1 agava.com127.0.0.1 agava.ru127.0.0.1 agentstudio.com127.0.0.1 www.aginegialle.it127.0.0.1 aginegialle.it127.0.0.1 aifind.info127.0.0.1 www.aifind.info127.0.0.1 www.airtleworld.com127.0.0.1 airtleworld.com127.0.0.1 www.aitalia.it127.0.0.1 aitalia.it127.0.0.1 akamai.downloadv3.com127.0.0.1 www.aklitalia.it127.0.0.1 aklitalia.it127.0.0.1 akril.com127.0.0.1 alcatel.ws127.0.0.1 www.alertspy.com127.0.0.1 alertspy.com127.0.0.1 www.alfacleaner.com127.0.0.1 alfacleaner.com127.0.0.1 alfa-search.com127.0.0.1 www.alialia.it127.0.0.1 alialia.it127.0.0.1 www.aliotalia.it127.0.0.1 aliotalia.it127.0.0.1 www.alirtalia.it127.0.0.1 alirtalia.it127.0.0.1 www.alitaia.it127.0.0.1 alitaia.it127.0.0.1 www.alitaklia.it127.0.0.1 alitaklia.it127.0.0.1 www.alitala.it127.0.0.1 alitala.it127.0.0.1 www.alitali.it127.0.0.1 alitali.it127.0.0.1 www.alitaliaq.it127.0.0.1 alitaliaq.it127.0.0.1 www.alitalias.it127.0.0.1 alitalias.it127.0.0.1 www.alitaliaz.it127.0.0.1 alitaliaz.it127.0.0.1 www.alitalioa.it127.0.0.1 alitalioa.it127.0.0.1 www.alitalisa.it127.0.0.1 alitalisa.it127.0.0.1 www.alitaliua.it127.0.0.1 alitaliua.it127.0.0.1 www.alitalkia.it127.0.0.1 alitalkia.it127.0.0.1 www.alitaloia.it127.0.0.1 alitaloia.it127.0.0.1 www.alitaluia.it127.0.0.1 alitaluia.it127.0.0.1 www.alitaslia.it127.0.0.1 alitaslia.it127.0.0.1 www.alitlia.it127.0.0.1 alitlia.it127.0.0.1 www.alitralia.it127.0.0.1 alitralia.it127.0.0.1 www.alitsalia.it127.0.0.1 alitsalia.it127.0.0.1 www.aliutalia.it127.0.0.1 aliutalia.it127.0.0.1 www.ALL1COUNT.NET127.0.0.1 ALL1COUNT.NET127.0.0.1 www.all4internet.com127.0.0.1 all4internet.com127.0.0.1 allabtcars.com127.0.0.1 allabtjeeps.com127.0.0.1 www.all-bittorrent.com127.0.0.1 all-bittorrent.com127.0.0.1 www.allcollisions.com127.0.0.1 allcollisions.com127.0.0.1 allcybersearch.com127.0.0.1 www.allcybersearch.com127.0.0.1 www.alldnserrors.com127.0.0.1 alldnserrors.com127.0.0.1 www.all-downloads-now.com127.0.0.1 all-downloads-now.com127.0.0.1 www.all-edonkey.com127.0.0.1 all-edonkey.com127.0.0.1 www.allertaminacce.com127.0.0.1 allertaminacce.com127.0.0.1 allforadult.com127.0.0.1 allhyperlinks.com127.0.0.1 www.alliesecurity.com127.0.0.1 alliesecurity.com127.0.0.1 all-inet.com127.0.0.1 allinternetbusiness.com127.0.0.1 www.all-limewire.com127.0.0.1 all-limewire.com127.0.0.1 www.allmegabucks.com127.0.0.1 allmegabucks.com127.0.0.1 www.allprotections.com127.0.0.1 allprotections.com127.0.0.1 www.allresultz.net127.0.0.1 allresultz.net127.0.0.1 www.allsearch.us127.0.0.1 allsearch.us127.0.0.1 www.allsecuritynotes.com127.0.0.1 allsecuritynotes.com127.0.0.1 www.allsecuritysite.com127.0.0.1 allsecuritysite.com127.0.0.1 www.allstarsvideos.net127.0.0.1 allstarsvideos.net127.0.0.1 www.alltiettantivirus.com127.0.0.1 alltiettantivirus.com127.0.0.1 www.alltruesoftware.com127.0.0.1 alltruesoftware.com127.0.0.1 www.allvideoactivex.com127.0.0.1 allvideoactivex.com127.0.0.1 www.almanah.biz127.0.0.1 almanah.biz127.0.0.1 almarvideos.com127.0.0.1 www.aloitalia.it127.0.0.1 aloitalia.it127.0.0.1 www.aluitalia.it127.0.0.1 aluitalia.it127.0.0.1 www.amaena.com127.0.0.1 amaena.com127.0.0.1 amandamountains.com127.0.0.1 www.amateurliveshow.com127.0.0.1 amateurliveshow.com127.0.0.1 www.amediasoftware.com127.0.0.1 amediasoftware.com127.0.0.1 www.amediasource.com127.0.0.1 amediasource.com127.0.0.1 www.americanautobargains.com127.0.0.1 americanautobargains.com127.0.0.1 www.americancarbargains.com127.0.0.1 americancarbargains.com127.0.0.1 american-teens.net127.0.0.1 amigeek.com127.0.0.1 www.amigobore.com127.0.0.1 amigobore.com127.0.0.1 amisbusiness.com127.0.0.1 www.ampmsearch.com127.0.0.1 ampmsearch.com127.0.0.1 www.analcord.com127.0.0.1 analcord.com127.0.0.1 analmovi.com127.0.0.1 www.anarchylolita.com127.0.0.1 anarchylolita.com127.0.0.1 anarchyporn.com127.0.0.1 www.andromedical.com127.0.0.1 andromedical.com127.0.0.1 www.animepornmag.com127.0.0.1 animepornmag.com127.0.0.1 anin.org127.0.0.1 www.anjpn-avxiz.biz127.0.0.1 anjpn-avxiz.biz127.0.0.1 www.anjpnzqav.biz127.0.0.1 anjpnzqav.biz127.0.0.1 www.anjpn-zqav.biz127.0.0.1 anjpn-zqav.biz127.0.0.1 annaromeo.com127.0.0.1 www.antiddos.us127.0.0.1 antiddos.us127.0.0.1 www.Antiespiadorado.com127.0.0.1 Antiespiadorado.com127.0.0.1 www.Antiespionspack.com127.0.0.1 Antiespionspack.com127.0.0.1 www.Antigusanos2008.com127.0.0.1 Antigusanos2008.com127.0.0.1 www.antispamassistant.com127.0.0.1 antispamassistant.com127.0.0.1 www.antispamdeluxe.com127.0.0.1 antispamdeluxe.com127.0.0.1 www.Antispionage.com127.0.0.1 Antispionage.com127.0.0.1 www.Antispionagepro.com127.0.0.1 Antispionagepro.com127.0.0.1 www.antispyadvanced.com127.0.0.1 antispyadvanced.com127.0.0.1 www.antispydns.biz127.0.0.1 antispydns.biz127.0.0.1 www.antispylab.com127.0.0.1 antispylab.com127.0.0.1 www.antispysolutions.com127.0.0.1 antispysolutions.com127.0.0.1 www.antispyware.com127.0.0.1 antispyware.com127.0.0.1 www.antispywareboot.com127.0.0.1 antispywareboot.com127.0.0.1 www.antispywarebot.com127.0.0.1 antispywarebot.com127.0.0.1 www.antispywarebox.com127.0.0.1 antispywarebox.com127.0.0.1 www.antispywaredownloads.com127.0.0.1 antispywaredownloads.com127.0.0.1 antispywaresuite.com127.0.0.1 www.antispywaresuite.com127.0.0.1 Antispywaresuite.com127.0.0.1 www.Antispywaresuite.com127.0.0.1 www.antispywareupdates.net127.0.0.1 antispywareupdates.net127.0.0.1 www.antispywarexp.com127.0.0.1 antispywarexp.com127.0.0.1 www.Antispyweb.net127.0.0.1 Antispyweb.net127.0.0.1 www.Antiver2008.com127.0.0.1 Antiver2008.com127.0.0.1 www.antivermins.com127.0.0.1 antivermins.com127.0.0.1 www.anti-vermins.com127.0.0.1 anti-vermins.com127.0.0.1 www.antivir2007.com127.0.0.1 antivir2007.com127.0.0.1 www.antivirgear.com127.0.0.1 antivirgear.com127.0.0.1 www.antivirus.fastfreedownload.com127.0.0.1 antivirus.fastfreedownload.com127.0.0.1 www.antivirusadvance.com127.0.0.1 antivirusadvance.com127.0.0.1 www.antivirusaskeladd.com127.0.0.1 antivirusaskeladd.com127.0.0.1 www.antivirusgereedschap.com127.0.0.1 antivirusgereedschap.com127.0.0.1 www.antivirusgolden.com127.0.0.1 antivirusgolden.com127.0.0.1 www.antivirus-hq.net127.0.0.1 antivirus-hq.net127.0.0.1 www.antiviruspcsuite.com127.0.0.1 antiviruspcsuite.com127.0.0.1 www.antiviruspremium.com127.0.0.1 antiviruspremium.com127.0.0.1 www.anti-virus-pro.com127.0.0.1 anti-virus-pro.com127.0.0.1 www.antivirusprotector.com127.0.0.1 antivirusprotector.com127.0.0.1 www.antivirusscherm.com127.0.0.1 antivirusscherm.com127.0.0.1 www.antivirussecuritypro.com127.0.0.1 antivirussecuritypro.com127.0.0.1 www.antivirus-stop.com127.0.0.1 antivirus-stop.com127.0.0.1 antiworm2008.com127.0.0.1 www.antiworm2008.com127.0.0.1 Antiworm2008.com127.0.0.1 www.Antiworm2008.com127.0.0.1 www.Antiwurm2008.com127.0.0.1 Antiwurm2008.com127.0.0.1 antrocity.com127.0.0.1 www.anyofus.com127.0.0.1 anyofus.com127.0.0.1 www.anysn.seproger.com127.0.0.1 anysn.seproger.com127.0.0.1 anything4health.com127.0.0.1 www.apicpreview.com127.0.0.1 apicpreview.com127.0.0.1 www.appealcircuit.com127.0.0.1 appealcircuit.com127.0.0.1 www.approvedlinks.com127.0.0.1 approvedlinks.com127.0.0.1 apps.deskwizz.com127.0.0.1 apps.webservicehost.com127.0.0.1 www.aprotectedpage.com127.0.0.1 aprotectedpage.com127.0.0.1 apsua.com127.0.0.1 www.archivioadulti.com127.0.0.1 archivioadulti.com127.0.0.1 www.archiviosex.net127.0.0.1 archiviosex.net127.0.0.1 aregay.com127.0.0.1 www.ares.click-new-download.com127.0.0.1 ares.click-new-download.com127.0.0.1 www.ares-freebie.com127.0.0.1 ares-freebie.com127.0.0.1 www.arespro2007.com127.0.0.1 arespro2007.com127.0.0.1 www.aresultra.com127.0.0.1 aresultra.com127.0.0.1 www.ares-usa.com127.0.0.1 ares-usa.com127.0.0.1 arheo.com127.0.0.1 arizonaweb.org127.0.0.1 armitageinn.com127.0.0.1 www.arquivojpgs.smtp.ru127.0.0.1 arquivojpgs.smtp.ru127.0.0.1 artachnid.com127.0.0.1 art-func.com127.0.0.1 art-xxx.com127.0.0.1 www.asafebrowser.com127.0.0.1 asafebrowser.com127.0.0.1 www.asafetyalways.com127.0.0.1 asafetyalways.com127.0.0.1 www.asafetynotice.com127.0.0.1 asafetynotice.com127.0.0.1 www.asafetypage.com127.0.0.1 asafetypage.com127.0.0.1 www.asdbiz.biz127.0.0.1 asdbiz.biz127.0.0.1 www.asdeykuddq.com127.0.0.1 asdeykuddq.com127.0.0.1 www.asecurebar.com127.0.0.1 asecurebar.com127.0.0.1 www.asecureboard.com127.0.0.1 asecureboard.com127.0.0.1 www.asecurevalue.com127.0.0.1 asecurevalue.com127.0.0.1 www.asecurityissue.com127.0.0.1 asecurityissue.com127.0.0.1 www.asecuritynotice.com127.0.0.1 asecuritynotice.com127.0.0.1 www.asecuritypaper.com127.0.0.1 asecuritypaper.com127.0.0.1 www.asecuritystuff.com127.0.0.1 asecuritystuff.com127.0.0.1 asiankingkong.com127.0.0.1 www.asianpornmag.com127.0.0.1 asianpornmag.com127.0.0.1 www.asiantoolbar.com127.0.0.1 asiantoolbar.com127.0.0.1 www.asidseiupc.com127.0.0.1 asidseiupc.com127.0.0.1 www.aslitalia.it127.0.0.1 aslitalia.it127.0.0.1 ass-gals.com127.0.0.1 www.assureprotection.com127.0.0.1 assureprotection.com127.0.0.1 asta-killer.com127.0.0.1 www.asupereva.it127.0.0.1 asupereva.it127.0.0.1 www.ataprogram.com127.0.0.1 ataprogram.com127.0.0.1 athenrye.com127.0.0.1 www.atotalsafety.com127.0.0.1 atotalsafety.com127.0.0.1 www.atrueprotection.com127.0.0.1 atrueprotection.com127.0.0.1 www.atruesecurity.com127.0.0.1 atruesecurity.com127.0.0.1 www.attackware.com127.0.0.1 attackware.com127.0.0.1 www.attrezzi.biz127.0.0.1 attrezzi.biz127.0.0.1 www.aucunsvirus.com127.0.0.1 aucunsvirus.com127.0.0.1 www.aulde.net127.0.0.1 aulde.net127.0.0.1 www.aupereva.it127.0.0.1 aupereva.it127.0.0.1 www.autobargains.org127.0.0.1 autobargains.org127.0.0.1 www.autobargainsnetwork.com127.0.0.1 autobargainsnetwork.com127.0.0.1 www.autocontext.begun.ru127.0.0.1 autocontext.begun.ru127.0.0.1 autoescrowpay.com127.0.0.1 www.avadvance.com127.0.0.1 avadvance.com127.0.0.1 www.avast.free-software-center.com127.0.0.1 avast.free-software-center.com127.0.0.1 www.avast-2007.com127.0.0.1 avast-2007.com127.0.0.1 www.avast-downloads.com127.0.0.1 avast-downloads.com127.0.0.1 www.avast-hq.com127.0.0.1 avast-hq.com127.0.0.1 www.avforce.com127.0.0.1 avforce.com127.0.0.1 www.avg.grab-it-today.net127.0.0.1 avg.grab-it-today.net127.0.0.1 www.avg.softwarecenterz.com127.0.0.1 avg.softwarecenterz.com127.0.0.1 www.avg-secure.com127.0.0.1 avg-secure.com127.0.0.1 avian-ads.com127.0.0.1 www.avideoaxaccess.com127.0.0.1 avideoaxaccess.com127.0.0.1 www.avideosurfer.com127.0.0.1 avideosurfer.com127.0.0.1 www.aviewersoft.com127.0.0.1 aviewersoft.com127.0.0.1 www.avpcheckupdate.com127.0.0.1 avpcheckupdate.com127.0.0.1 www.avsmanufacture.com127.0.0.1 avsmanufacture.com127.0.0.1 www.avsystemcare.com127.0.0.1 avsystemcare.com127.0.0.1 www.avxizaaqada.biz127.0.0.1 avxizaaqada.biz127.0.0.1 www.avxiz-anjpn.biz127.0.0.1 avxiz-anjpn.biz127.0.0.1 www.avxizueorn.biz127.0.0.1 avxizueorn.biz127.0.0.1 www.avxiz-ueorn.biz127.0.0.1 avxiz-ueorn.biz127.0.0.1 www.avxiz-vtvcp.biz127.0.0.1 avxiz-vtvcp.biz127.0.0.1 www.avxiz-ygco.biz127.0.0.1 avxiz-ygco.biz127.0.0.1 www.avxiz-zqav.biz127.0.0.1 avxiz-zqav.biz127.0.0.1 www.awarenesstech.com127.0.0.1 awarenesstech.com127.0.0.1 www.awarninglist.com127.0.0.1 awarninglist.com127.0.0.1 awbeta.net-nucleus.com127.0.0.1 www.awesomehomepage.com127.0.0.1 awesomehomepage.com127.0.0.1 awmcash.biz127.0.0.1 awmdabest.com127.0.0.1 www.axemediasoftware.com127.0.0.1 axemediasoftware.com127.0.0.1 www.aximageobject.com127.0.0.1 aximageobject.com127.0.0.1 www.axmediaproject.com127.0.0.1 axmediaproject.com127.0.0.1 www.axmediasoftware.com127.0.0.1 axmediasoftware.com127.0.0.1 www.axmediasolutions.com127.0.0.1 axmediasolutions.com127.0.0.1 www.axobjectpage.com127.0.0.1 axobjectpage.com127.0.0.1 www.axobjectsource.com127.0.0.1 axobjectsource.com127.0.0.1 www.axsoftwaretool.com127.0.0.1 axsoftwaretool.com127.0.0.1 www.axvideoproject.com127.0.0.1 axvideoproject.com127.0.0.1 www.axvideosetup.com127.0.0.1 axvideosetup.com127.0.0.1 ayakawamura.com127.0.0.1 ayb.dns-look-up.com127.0.0.1 ayb.netbios-wait.com127.0.0.1 ayumitaniguchi.com127.0.0.1 azebar.com127.0.0.1 www.azureusclub.com127.0.0.1 azureusclub.com127.0.0.1 www.azureus-freebie.com127.0.0.1 azureus-freebie.com127.0.0.1 www.azzetta.it127.0.0.1 azzetta.it127.0.0.1 b.casalemedia.com127.0.0.1 b122.mcboo.com127.0.0.1 www.babe.k-lined.com127.0.0.1 babe.k-lined.com127.0.0.1 www.babe.the-killer.bz127.0.0.1 babe.the-killer.bz127.0.0.1 www.babenet.com127.0.0.1 babenet.com127.0.0.1 www.babespornmag.com127.0.0.1 babespornmag.com127.0.0.1 www.babeweb.de127.0.0.1 babeweb.de127.0.0.1 www.baccarat-other.info127.0.0.1 baccarat-other.info127.0.0.1 www.Backstripgirls.com127.0.0.1 Backstripgirls.com127.0.0.1 backup.mabou.org127.0.0.1 www.balotierra.com127.0.0.1 balotierra.com127.0.0.1 bannedhost.net127.0.0.1 barbudafarms.com127.0.0.1 www.bardownload.com127.0.0.1 bardownload.com127.0.0.1 barnandfence.com127.0.0.1 batsearch.com127.0.0.1 baygraphicsllc.com127.0.0.1 bbbsearch.com127.0.0.1 bb-search.com127.0.0.1 www.bcnproduction.com127.0.0.1 bcnproduction.com127.0.0.1 bdsmlibrary.net127.0.0.1 www.bdsmpornmag.com127.0.0.1 bdsmpornmag.com127.0.0.1 www.bearshare.click-new-download.com127.0.0.1 bearshare.click-new-download.com127.0.0.1 www.bearshare.download-me.info127.0.0.1 bearshare.download-me.info127.0.0.1 www.bearshare.mp3-muzic.com127.0.0.1 bearshare.mp3-muzic.com127.0.0.1 www.bearshare-download.org127.0.0.1 bearshare-download.org127.0.0.1 www.bearshare-downloads.net127.0.0.1 bearshare-downloads.net127.0.0.1 www.bearsharelive.co.uk127.0.0.1 bearsharelive.co.uk127.0.0.1 www.bearshare-music-downloads.com127.0.0.1 bearshare-music-downloads.com127.0.0.1 www.bearsharepro2007.com127.0.0.1 bearsharepro2007.com127.0.0.1 www.bearshare-usa.com127.0.0.1 bearshare-usa.com127.0.0.1 bedhome.com127.0.0.1 bediadance.com127.0.0.1 www.beebappyy.biz127.0.0.1 beebappyy.biz127.0.0.1 www.begin2search.com127.0.0.1 begin2search.com127.0.0.1 bellabasketsfl.com127.0.0.1 bernaolatwin.com127.0.0.1 www.beruijindegunhadesun.com127.0.0.1 beruijindegunhadesun.com127.0.0.1 www.best3xclips.com127.0.0.1 best3xclips.com127.0.0.1 www.bestadults.com127.0.0.1 bestadults.com127.0.0.1 best-counter.com127.0.0.1 bestcrawler.com127.0.0.1 www.bestdailyvids.com127.0.0.1 bestdailyvids.com127.0.0.1 bestfor.ru127.0.0.1 www.best[censored]vids.com127.0.0.1 best[censored]vids.com127.0.0.1 best-hardpics.com127.0.0.1 www.bestmanage.org127.0.0.1 bestmanage.org127.0.0.1 www.bestmanage0.org127.0.0.1 bestmanage0.org127.0.0.1 www.bestmanage1.org127.0.0.1 bestmanage1.org127.0.0.1 www.bestmanage2.org127.0.0.1 bestmanage2.org127.0.0.1 www.bestmanage3.org127.0.0.1 bestmanage3.org127.0.0.1 www.bestmanage4.org127.0.0.1 bestmanage4.org127.0.0.1 www.bestmanage5.org127.0.0.1 bestmanage5.org127.0.0.1 www.bestmanage6.org127.0.0.1 bestmanage6.org127.0.0.1 www.bestmanage7.org127.0.0.1 bestmanage7.org127.0.0.1 www.bestmanage8.org127.0.0.1 bestmanage8.org127.0.0.1 www.bestmanage9.org127.0.0.1 bestmanage9.org127.0.0.1 www.bestoffersnetworks.com127.0.0.1 bestoffersnetworks.com127.0.0.1 bestporngate.com127.0.0.1 www.bestsafetyguide.net127.0.0.1 bestsafetyguide.net127.0.0.1 www.bestsearch.cc127.0.0.1 bestsearch.cc127.0.0.1 www.best-spyware.info127.0.0.1 best-spyware.info127.0.0.1 www.best-targeted-traffic.com127.0.0.1 best-targeted-traffic.com127.0.0.1 www.best-voyeur.info127.0.0.1 best-voyeur.info127.0.0.1 bestweblinks.com127.0.0.1 best-winning-casino.com127.0.0.1 www.bestworldgirls-for-u.net127.0.0.1 bestworldgirls-for-u.net127.0.0.1 www.bestxclips.com127.0.0.1 bestxclips.com127.0.0.1 bestxporno.com127.0.0.1 www.bestxxxmpegs.com127.0.0.1 bestxxxmpegs.com127.0.0.1 www.bettersearch.biz127.0.0.1 bettersearch.biz127.0.0.1 www.bgazzetta.it127.0.0.1 bgazzetta.it127.0.0.1 www.bgoogle.it127.0.0.1 bgoogle.it127.0.0.1 www.bigtrafficnetwork.com127.0.0.1 bigtrafficnetwork.com127.0.0.1 www.bigwww.com127.0.0.1 bigwww.com127.0.0.1 bin.errorprotector.com127.0.0.1 bins.media-motor.net127.0.0.1 bins2.media-motor.net127.0.0.1 bis.180solutions.com127.0.0.1 bitchesonline.net127.0.0.1 www.bitcomet-freebie.com127.0.0.1 bitcomet-freebie.com127.0.0.1 www.bittorrent.click-new-download.com127.0.0.1 bittorrent.click-new-download.com127.0.0.1 biz.biz127.0.0.1

News:

Author Topic: malware having trouble eliminating HELP (Read 5924 times)