win32.agent.gvu

[indfin]

Hi Folks:

I am new here and only marginally comfortable with computer-related stuff.  My computer recently got infected with win32.agent.gvu.  I ran spybot but that didn't help.  If anyone can help me remove this from my computer, I would be really thankful.

[guestolo]

Hi indfin
Let's start by doing the following please

Download Hijackthis Installer from [color=\"#FF0000\"]HERE[/color]
For an alternate download location, you can try HERE
SAVE it to your desktop
Double click on HJTInstall.exe to run it
Choose Install

Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum----It is all important!

[indfin]

Thanks much for replying.  I did as you said and here is the Hijack This Log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:20 AM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: VideoInput - {AC16362B-5EDF-4E46-B7F6-EC24BB76E8C4} - C:\WINDOWS\kona.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10330 bytes

I will wait to hear from you for the next step.  Thanks again!!

[guestolo]

Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
We'll need it later

If you have previously downloaded Smitfraudfix, delete your copy, and carry on with the following instructions

Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We'll need this later

Print these set of instructions, or save them to a text file on desktop for reference

Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

In safe mode

====================================

Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

Click Exit on the Main menu to close the program.
================================================
Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't
Remain back to Normal Windows
I'll need to see the log it generates later, by default it is located at
C:\rapport.txt
============================================
Post back the following:

1. Run a fresh scan>>save logfile with Hijackthis and post the fresh log
2. Post the report from Smitfraudfix>>C:\Rapport.txt

[indfin]

Once again, thank you.  Also, just to let you know, the problem is only with IE; Firefox works fine.

[color=\"#800080\"]Here is the HJT log file:[/color]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:44 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9651 bytes

________________________________________________________________________________
_________________________

[color=\"#800080\"]Following is the Smitfraud log:[/color]


SmitFraudFix v2.319

Scan done at 22:35:04.40, Tue 04/29/2008
Run from C:\Documents and Settings\Harit\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
C:\WINDOWS\kona.dll deleted.


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1933D728-F182-4254-ACF8-2D2F155DB39C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1933D728-F182-4254-ACF8-2D2F155DB39C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1933D728-F182-4254-ACF8-2D2F155DB39C}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Regards

[guestolo]

How is IE running now?
Can you also post another log for me
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Remember, also let me know if IE is still experiencing problems

[indfin]

Now, ...........MAGICALLY!!!.............IE is running fine.  Thank you so very much!!

Following is the Uninstall file:

Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player
AIM 6
AIM Toolbar 5.0
ALPS Touch Pad Driver
Apple Software Update
biolsp patch
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Conexant HDA D110 MDC V.92 Modem
Dell Embassy Trust Suite by Wave Systems
Dell Resource CD
Digital Line Detect
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
ESC Home Page Plugin
ETS Upgrade
foobar2000 v0.9.5
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
J2SE Runtime Environment 5.0 Update 6
Java(tm) 6 Update 3
Java(tm) 6 Update 5
LimeWire 4.16.2
LiveUpdate 1.7 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee SecurityCenter
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
mIWA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (2.0.0.14)
mPfMgr
mPfWiz
mProSafe
mSSO
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mWMI
mXML
mZConfig
NetWaiting
NTRU TCG Software Stack
NVIDIA Drivers
O2Micro USB Smart Card Reader
PowerDVD
Preboot Manager
Private Information Manager
QuickSet
QuickTime
SearchAssist
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Wizards
SopCast 3.0.1
Spybot - Search & Destroy
TVUPlayer 2.3.5.3
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb949037)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
upekmsi
URL Assistant
Viewpoint Media Player
Wave Infrastructure Installer
Wave Support Software
Winamp
Windows Driver Package - Dell Inc. PBADRV System  (09/25/2006 6.0.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader  (02/05/2007 1.1.3.7)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859

Thank you and Kind regards.

[guestolo]

Sorry for the delay

Can you do the following please

Access your Add and remove Programs and uninstall
Viewpoint Media Player

Afterwards,
 
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
[color=\"blue\"]Updating Java:[/color]

• Download the latest version of  Java Runtime Environment (JRE) 6.
  
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6".
  
• Click the "Download" button to the right.
  
• In the Window that opens, select Windows,  check the "agree" box and click Continue.
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.

- Examples of older versions in Add or Remove Programs:

• Java 2 Runtime Environment, SE v1.4.2
• J2SE Runtime Environment 5.0
• J2SE Runtime Environment 5.0 Update 2

• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe that you downloaded to install the newest version.
  

Post back one last fresh hijackthis log and let me know how things are running please

[indfin]

Thank you, once again.

First, an unrelated question:  My other computer has now begun to act up.  Everytime I search on Google, it takes me to ad sites, and not the search item link I click on.  The culprits, I think, are "Zlob.dnschanger" and "Zlob.dnschanger.rtk".  Again, this happens only in IE and not in Firefox.  Can you please help me with ths too and do I need to start a separate Topic for this.

Now back to the issue at hand.  The computer is running fine.

I Removed the Java Runtime programs as you had instructed and I also Removed (I don't know if I was supposed to) "Java(tm) 6 Update 3" and "Java(tm) 6 Update 5".

Follwoing is the HJT log after installing the latest Java version:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:04 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1071009
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9441 bytes

Thank you and Best regards.

[guestolo]

Can you post a fresh hijackthis log from the other computer please
This computer looks good

[indfin]

Thanks.  Here is the HJT from the other computer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:23 AM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\csrss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\system32\drivers\KodakCCS.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS.000\system32\ScsiAccess.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\Explorer.EXE
C:\WINDOWS.000\System32\alg.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS.000\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS.000\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dotNetInstallerBoot] C:\DOCUME~1\hj\LOCALS~1\Temp\RarSFX0\TripStalker_BootStrapper.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS.000\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS.000\system32\ScsiAccess.EXE

--
End of file - 9078 bytes

[indfin]

I uninstalled McAfee (subscription expired) since posting my HJT log, and installed the free version of AVG Antivirus.  Did not know if it made a difference, but here is the new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:09 PM, on 5/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\csrss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\Explorer.EXE
C:\WINDOWS.000\system32\drivers\KodakCCS.exe
C:\WINDOWS.000\system32\ScsiAccess.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\SOUNDMAN.EXE
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS.000\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS.000\System32\alg.exe
C:\WINDOWS.000\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS.000\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.000\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dotNetInstallerBoot] C:\DOCUME~1\hj\LOCALS~1\Temp\RarSFX0\TripStalker_BootStrapper.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS.000\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS.000\system32\ScsiAccess.EXE

--
End of file - 8803 bytes

Thanks.

[guestolo]

Try the following

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows

Let's ensure Zlob is removed
Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
We'll need it later

If you have previously downloaded Smitfraudfix, delete your copy, and carry on with the following instructions

Download [color=\"red\"]SmitfraudFix[/color][/url] (by S!Ri)
Extract the contents (a folder named SmitfraudFix) to your Desktop.
We'll need this later

Print these set of instructions, or save them to a text file on desktop for reference

Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

In safe mode

====================================

Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

Click Exit on the Main menu to close the program.
================================================
Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't
Remain back to Normal Windows
I'll need to see the log it generates later, by default it is located at
C:\rapport.txt
============================================
Post back the following:

1. Run a fresh scan>>save logfile with Hijackthis and post the fresh log
2. Post the report from Smitfraudfix>>C:\Rapport.txt

[indfin]

OK, here they are:

[color=\"#800080\"]HJT Log:[/color]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:15 PM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\csrss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\WINDOWS.000\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS.000\system32\drivers\KodakCCS.exe
C:\WINDOWS.000\system32\ScsiAccess.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS.000\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS.000\System32\wbem\wmiprvse.exe
C:\WINDOWS.000\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://us.dbrasweb.db.com/llclient/dbraswe....com+AXXPEE.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS.000\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS.000\system32\ScsiAccess.EXE

--
End of file - 6371 bytes


[color=\"#800080\"]SmitFraudFix Report:[/color]

SmitFraudFix v2.319

Scan done at 14:41:48.76, Sat 05/03/2008
Run from C:\Documents and Settings\hj\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 www.bns2.net
127.0.0.1 www.bns1.net
127.0.0.1 www.rgs2.net
127.0.0.1 www.rgs1.net
127.0.0.1 www.cms2.net
127.0.0.1 www.cms1.net
127.0.0.1 cys3.net
127.0.0.1 cys2.net
127.0.0.1 cys1.net
127.0.0.1 www.kapsules.org
127.0.0.1 www.bonzi.com
127.0.0.1 dev.bde.com.au
127.0.0.1 localhost
127.0.0.1 www.k-lite.tk
127.0.0.1 http://www.kazanon.com/
127.0.0.1 litetk.com
127.0.0.1 www.mp3downloadhq.com
127.0.0.1 www.easymusicdownload.com
127.0.0.1 easymusicdownload.com
127.0.0.1 www.mp3madeeasy.com
127.0.0.1 www.monstershare.com
127.0.0.1 monstershare.com
127.0.0.1 www.edonkey.com
127.0.0.1 www.madeformusic.com
127.0.0.1 www.ondemandmp3.com
127.0.0.1 www.mp3u.com
127.0.0.1 www.mp3specialty.com
127.0.0.1 music-download-world.com
127.0.0.1 song-download-world.com
127.0.0.1 www.flixs.net
127.0.0.1 www.ishareit.net
127.0.0.1 www.ishareit.com
127.0.0.1 www.download-doctor.com
127.0.0.1 www.ezmp3download.com
127.0.0.1 www.freesoftusa.com
127.0.0.1 mp3-network.com
127.0.0.1 www.mp3-network.com
127.0.0.1 www.mp3grandcentral.net
127.0.0.1 www.mp333.com
127.0.0.1 www.emule.biz
127.0.0.1 www.rippro.com
127.0.0.1 k-lite-legal.com
127.0.0.1 www.kaaza.com
127.0.0.1 secure.Webstartz.com
127.0.0.1 www.kazza.de
127.0.0.1 kazza.com
127.0.0.1 www.edonkey-2000.de
127.0.0.1 www.edonkey-bot.de
127.0.0.1 www.edonkey-edonkey2000.de
127.0.0.1 www.edonkey-hilfe.de
127.0.0.1 www.edonkey-morpheus-forum.de
127.0.0.1 www.emule-hilfe.de
127.0.0.1 www.file-sharing-forum.de
127.0.0.1 www.filesharing-forum.de
127.0.0.1 www.imesh-download.de
127.0.0.1 www.1md.de
127.0.0.1 www.mariodolzer.de
127.0.0.1 www.morpheus-forum.de
127.0.0.1 www.overnet-download.de
127.0.0.1 www.overnet-hilfe.de
127.0.0.1 www.winmx-download.de
127.0.0.1 www.winmx-hilfe.de
127.0.0.1 www.download-und-hilfe.de
127.0.0.1 www.filesharing-hilfe-forum.de
127.0.0.1 www.musik-download.biz
127.0.0.1 www.mp3downloads.ch
127.0.0.1 www.songfly.com
127.0.0.1 1stsoftwaredownloads.com
127.0.0.1 morpheus-download-morpheus.com
127.0.0.1 www.icisnet.org
127.0.0.1 software.global-netcom.de
127.0.0.1 www.filesharing-download.de
127.0.0.1 www.p2p.tm
127.0.0.1 www.filesharing-center.de
127.0.0.1 www.filesharing-tools.de
127.0.0.1 www.interscilsa.com
127.0.0.1 www.dvd-download-free.com
127.0.0.1 www.howtominibooks.com
127.0.0.1 www.internetmovies.com
127.0.0.1 www.rippro.net
127.0.0.1 www.musicmoviesbooks.com
127.0.0.1 www.getmp3music.com
127.0.0.1 www1.ishareit.com
127.0.0.1 www.filesharing-software.de
127.0.0.1 www.firewarez.com
127.0.0.1 www.k-lite.co.uk
127.0.0.1 kazzaa.info
127.0.0.1 www.morpheusp2p.com
127.0.0.1 www.mudima.com
127.0.0.1 www.download-central.com
127.0.0.1 www.dingosoft.net
127.0.0.1 www.downloads-unlimited.com
127.0.0.1 klserver.port5.com
127.0.0.1 rippro.net
127.0.0.1 compgenie.host.sk
127.0.0.1 www.musicdownloadcenter.com
127.0.0.1 www.kazza-lite.net
127.0.0.1 sitefinder.Verisign.com    # Verisign has joined the game
127.0.0.1 sitefinder-idn.Verisign.com    # of trying to hijack mistyped
127.0.0.1                     # URLs to their site.
127.0.0.1                 #up CSS on livejournal
127.0.0.1                     # problems with NPR.org
127.0.0.1 06272002-dbase.hitcountz.net  # Web bugs in spam
127.0.0.1 1ca.cqcounter.com
127.0.0.1 2001-007.com
127.0.0.1 ad-logics.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 adclient.rottentomatoes.com
127.0.0.1 adcodes.aim4media.com
127.0.0.1 adcounter.globeandmail.com
127.0.0.1 adcounter.theglobeandmail.com
127.0.0.1 adlog.com.com                 # Used by Ziff Davis to serve
127.0.0.1 admanmail.com
127.0.0.1 ads.specificpop.com
127.0.0.1 ads.tiscali.com
127.0.0.1 ads.tiscali.it
127.0.0.1 adtech.de
127.0.0.1 anm.intelli-direct.com
127.0.0.1 askmen.thruport.com
127.0.0.1 banner.0catch.com
127.0.0.1 best-search.cc    #spyware
127.0.0.1 bilbo.counted.com
127.0.0.1 bluestreak.com
127.0.0.1 c1.statcounter.com
127.0.0.1 c1.thecounter.com
127.0.0.1 c1.xxxcounter.com
127.0.0.1 c2.gostats.com
127.0.0.1 c2.thecounter.com
127.0.0.1 c3.gostats.com
127.0.0.1 c3.thecounter.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 cashcounter.com
127.0.0.1 cgi.hotstat.nl
127.0.0.1 click.atdmt.com
127.0.0.1 click.fivemtn.com
127.0.0.1 click.payserve.com
127.0.0.1 click.silvercash.com
127.0.0.1 clickspring.net    #used by a spyware product called PurityScan
127.0.0.1 clit13.sextracker.com
127.0.0.1 clit15.sextracker.com
127.0.0.1 clit2.sextracker.com
127.0.0.1 clit6.sextracker.com
127.0.0.1 clit8.sextracker.com
127.0.0.1 clk.aboxdeal.com
127.0.0.1 cnn.entertainment.printthis.clickability.com
127.0.0.1 collector.deepmetrix.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 count.paycounter.com
127.0.0.1 counter.aaddzz.com
127.0.0.1 counter.bloke.com
127.0.0.1 counter.digits.com
127.0.0.1 counter.hitslink.com
127.0.0.1 counter.rambler.ru
127.0.0.1 counter.yadro.ru
127.0.0.1 counter10.bravenet.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.bravenet.com
127.0.0.1 counter17.bravenet.com
127.0.0.1 counter19.bravenet.com
127.0.0.1 counter2.freeware.de
127.0.0.1 counter2.hitslink.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter26.bravenet.com
127.0.0.1 counter27.bravenet.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter32.bravenet.com
127.0.0.1 counter34.bravenet.com
127.0.0.1 counter39.bravenet.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter41.bravenet.com
127.0.0.1 counter43.bravenet.com
127.0.0.1 counter45.bravenet.com
127.0.0.1 counter47.bravenet.com
127.0.0.1 counter49.bravenet.com
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter50.bravenet.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.bravenet.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 counters.honesty.com
127.0.0.1 counters.xaraonline.com
127.0.0.1 data.coremetrics.com
127.0.0.1 data.webads.co.nz
127.0.0.1 dclk.themarketer.com
127.0.0.1 delivery.loopingclick.com
127.0.0.1 dimeprice.com        # "spam bugs"
127.0.0.1 directads.mcafee.com
127.0.0.1 dwclick.com
127.0.0.1 economisttestcollect.insightfirst.com
127.0.0.1 ehg-amerix.hitbox.com
127.0.0.1 ehg-ati.hitbox.com
127.0.0.1 ehg-bestbuy.hitbox.com
127.0.0.1 ehg-bskyb.hitbox.com
127.0.0.1 ehg-cafepress.hitbox.com
127.0.0.1 ehg-cbs.hitbox.com
127.0.0.1 ehg-closetmaid.hitbox.com
127.0.0.1 ehg-crain.hitbox.com
127.0.0.1 ehg-dig.hitbox.com
127.0.0.1 ehg-eckounlimited.hitbox.com
127.0.0.1 ehg-espn.hitbox.com           # Visits to espn.com
127.0.0.1 ehg-foundation.hitbox.com
127.0.0.1 ehg-foxsports.hitbox.com
127.0.0.1 ehg-groceryworks.hitbox.com
127.0.0.1 ehg-idg.hitbox.com
127.0.0.1 ehg-ignitemedia.hitbox.com
127.0.0.1 ehg-liveperson.hitbox.com
127.0.0.1 ehg-mindshare.hitbox.com
127.0.0.1 ehg-mybc.hitbox.com
127.0.0.1 ehg-oreilley.hitbox.com
127.0.0.1 ehg-oreilly.hitbox.com
127.0.0.1 ehg-sonybssc.hitbox.com
127.0.0.1 ehg-sonyelec.hitbox.com
127.0.0.1 ehg-sonyny.hitbox.com
127.0.0.1 ehg-space.hitbox.com
127.0.0.1 ehg-sportsline.hitbox.com
127.0.0.1 ehg-techtarget.hitbox.com
127.0.0.1 ehg-tigerdirect.hitbox.com
127.0.0.1 ehg-uniontrib.hitbox.com
127.0.0.1 ehg-viacom.hitbox.com
127.0.0.1 ehg-wachovia.hitbox.com
127.0.0.1 ehg.commjun.hitbox.com
127.0.0.1 ehg.hitbox.com                # Many sites including espn.com
127.0.0.1 ehg.mindshare.hitbox.com
127.0.0.1 fastclick.net
127.0.0.1 fastcounter.bcentral.com
127.0.0.1 fcstats.bcentral.com
127.0.0.1 flycast.com
127.0.0.1 g-wizzads.net
127.0.0.1 gator.com
127.0.0.1 gcrim.cincinnati.com
127.0.0.1 gcrim.flatoday.com
127.0.0.1 gcrim.idehostatesman.com
127.0.0.1 gcrim.tennessean.com
127.0.0.1 gcrim.thedailyjournal.com
127.0.0.1 gcrim.thejournalnews.com
127.0.0.1 gostats.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 hc2.humanclick.com
127.0.0.1 hit2.hotlog.ru
127.0.0.1 hit37.chark.dk
127.0.0.1 hit37.chart.dk
127.0.0.1 hit39.chart.dk
127.0.0.1 hit5.hotlog.ru
127.0.0.1 hitbox.com
127.0.0.1 hits.webstat.com
127.0.0.1 http300.edge.ru4.com
127.0.0.1 images.dailydiscounts.com    # "spam bugs"
127.0.0.1 imp.clickability.com
127.0.0.1 impacts.alliancehub.com       # "spam bugs"
127.0.0.1 impit.tradedouble.com
127.0.0.1 insightfirst.com
127.0.0.1 int.sitestat.com
127.0.0.1 jkearns.freestats.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 linktrack.bravenet.com
127.0.0.1 log.btopenworld.com
127.0.0.1 logs.comics.com
127.0.0.1 logs.eresmas.com
127.0.0.1 logv18.xiti.com
127.0.0.1 logv32.xiti.com
127.0.0.1 logv4.xiti.com
127.0.0.1 m1.nedstatbasic.net
127.0.0.1 mailcheckisp.biz    # "spam bugs"
127.0.0.1 media101.sitebrand.com
127.0.0.1 mediatrack.revenue.net
127.0.0.1 mt122.mtree.com
127.0.0.1 multi1.rmuk.co.uk
127.0.0.1 mvs.mediavantage.de
127.0.0.1 nedstat.s0.nl
127.0.0.1 nl.sitestat.com
127.0.0.1 okcounter.com
127.0.0.1 p.reuters.com
127.0.0.1 partner.alerts.Email Removed
127.0.0.1 paxito.sitetracker.com
127.0.0.1 perso.estat.com
127.0.0.1 pmg.ad-logics.com
127.0.0.1 postclick.adcentriconline.com
127.0.0.1 prof.estat.com
127.0.0.1 s10.sitemeter.com
127.0.0.1 s11.sitemeter.com
127.0.0.1 s12.sitemeter.com
127.0.0.1 s13.sitemeter.com
127.0.0.1 s14.sitemeter.com
127.0.0.1 s15.sitemeter.com
127.0.0.1 s16.sitemeter.com
127.0.0.1 s17.sitemeter.com
127.0.0.1 s18.sitemeter.com
127.0.0.1 s2.statcounter.com
127.0.0.1 scrooge.channelcincinnati.com
127.0.0.1 scrooge.channeloklahoma.com
127.0.0.1 scrooge.click10.com
127.0.0.1 scrooge.clickondetroit.com
127.0.0.1 scrooge.nbcsandiego.com
127.0.0.1 scrooge.newsnet5.com
127.0.0.1 scrooge.thebostonchannel.com
127.0.0.1 scrooge.thedenverchannel.com
127.0.0.1 scrooge.theindychannel.com
127.0.0.1 scrooge.thekansascitychannel.com
127.0.0.1 scrooge.theomahachannel.com
127.0.0.1 scrooge.wesh.com
127.0.0.1 scrooge.wftv.com
127.0.0.1 scrooge.wsoctv.com
127.0.0.1 scrooge.wtov9.com
127.0.0.1 servedby.valuead.com
127.0.0.1 sm1.sitemeter.com
127.0.0.1 sm2.sitemeter.com
127.0.0.1 sm3.sitemeter.com
127.0.0.1 sm4.sitemeter.com
127.0.0.1 sm5.sitemeter.com
127.0.0.1 sm6.sitemeter.com
127.0.0.1 sm7.sitemeter.com
127.0.0.1 sm8.sitemeter.com
127.0.0.1 sm9.sitemeter.com
127.0.0.1 sovereign.sitetracker.com
127.0.0.1 spinbox.maccentral.com
127.0.0.1 ss.tiscali.com
127.0.0.1 ss.tiscali.it
127.0.0.1 st.sageanalyst.net
127.0.0.1 stat.onestat.com
127.0.0.1 stat.webmedia.pl
127.0.0.1 stat.www.fi
127.0.0.1 stat1.z-stat.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 static.smni.com        # Santa Monica - popunders
127.0.0.1 statik.topica.com
127.0.0.1 stats.absol.co.za
127.0.0.1 stats.clickability.com
127.0.0.1 stats.groupninetyfour.com
127.0.0.1 stats.idsoft.com
127.0.0.1 stats.jippii.com
127.0.0.1 stats.klsoft.com
127.0.0.1 stats.revenue.net
127.0.0.1 stats.surfaid.ihost.com
127.0.0.1 stats.www.ibm.com
127.0.0.1 stats1.clicktracks.com
127.0.0.1 statse.webtrendslive.com    # Fortune.com among others
127.0.0.1 superstats.com
127.0.0.1 targetnet.com
127.0.0.1 tates.freestats.com
127.0.0.1 te.newsday.com    # web bugs
127.0.0.1 te.suntimes.com    # web bugs
127.0.0.1 te.thestar.ca        # web bugs
127.0.0.1 te.thestar.com    # web bugs
127.0.0.1 te.trb.com        # web bugs
127.0.0.1 the.sextracker.com
127.0.0.1 track.directleads.com
127.0.0.1 track.domainsponsor.com
127.0.0.1 track.ft.com
127.0.0.1 track.homestead.com
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tracker.tradedoubler.com
127.0.0.1 tracking.iol.co.za
127.0.0.1 truehits1.gits.net.th
127.0.0.1 u3102.47.spylog.com
127.0.0.1 u3608.20.spylog.com
127.0.0.1 u4056.56.spylog.com
127.0.0.1 u574.07.spylog.com
127.0.0.1 u977.40.spylog.com
127.0.0.1 valueclick.com
127.0.0.1 valueclick.net
127.0.0.1 visit.theglobeandmail.com     # Visits to theglobeandmail.com
127.0.0.1 vsii.spindox.net
127.0.0.1 w104.hitbox.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w128.hitbox.com
127.0.0.1 w131.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web1.realtracker.com
127.0.0.1 web2.realtracker.com
127.0.0.1 web3.realtracker.com
127.0.0.1 web4.realtracker.com
127.0.0.1 webbug.seatreport.com    # web bugs
127.0.0.1 webcounter.goweb.de
127.0.0.1 webhit.aftenposten.no
127.0.0.1 webhit.afterposten.no
127.0.0.1 webmasterkai.sitetracker.com
127.0.0.1 webpdp.gator.com    
127.0.0.1 www.2001-007.com
127.0.0.1 www.247realmedia.com
127.0.0.1 www.addfreestats.com
127.0.0.1 www.bar.ry2002.02-ry014.snpr.hotmx.hair.zaam.net  # In spam
127.0.0.1 www.bigbadted.com
127.0.0.1 www.bluestreak.com
127.0.0.1 www.clickclick.com
127.0.0.1 www.clickspring.net    #used by a spyware product called PurityScan
127.0.0.1 www.clixgalore.com
127.0.0.1 www.directgrowthhormone.com
127.0.0.1 www.dwclick.com
127.0.0.1 www.emaildeals.biz
127.0.0.1 www.estats4all.com
127.0.0.1 www.fxcounters.com
127.0.0.1 www.gator.com
127.0.0.1 www.hitbox.com
127.0.0.1 www.metareward.com        # web bugs in spam
127.0.0.1 www.naturalgrowthstore.biz
127.0.0.1 www.nedstat.com
127.0.0.1 www.originalicons.com    # installs IE extension
127.0.0.1 www.popuptrafic.com
127.0.0.1 www.premiumsmail.net
127.0.0.1 www.rightstats.com
127.0.0.1 www.specificclick.com
127.0.0.1 www.specificpop.com
127.0.0.1 www.statcount.com
127.0.0.1 www.statcounter.com
127.0.0.1 www.statsession.com
127.0.0.1 www.trafficmagnet.net         # web bugs in spam
127.0.0.1 www.v61.com
127.0.0.1 www.web-stat.com
127.0.0.1 www.whereugetxxx.com
127.0.0.1 www1.addfreestats.com
127.0.0.1 www101.coolsavings.com
127.0.0.1 www2.addfreestats.com
127.0.0.1 www2.pagecount.com
127.0.0.1 www3.addfreestats.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www6.click-fr.com
127.0.0.1 www60.valueclick.com
127.0.0.1 www7.counter.bloke.com
127.0.0.1 devfw.imrworldwide.com
127.0.0.1 fe1-au.imrworldwide.com
127.0.0.1 fe1-fi.imrworldwide.com
127.0.0.1 fe1-it.imrworldwide.com
127.0.0.1 fe2-au.imrworldwide.com
127.0.0.1 fe3-au.imrworldwide.com
127.0.0.1 fe3-gc.imrworldwide.com
127.0.0.1 fe3-uk.imrworldwide.com
127.0.0.1 fe4-uk.imrworldwide.com
127.0.0.1 imrworldwide.com
127.0.0.1 ninemsn.imrworldwide.com
127.0.0.1 rc-au.imrworldwide.com
127.0.0.1 redsheriff.com
127.0.0.1 server-au.imrworldwide.com
127.0.0.1 server-br.imrworldwide.com
127.0.0.1 server-ca.imrworldwide.com
127.0.0.1 server-de.imrworldwide.com
127.0.0.1 server-dk.imrworldwide.com
127.0.0.1 server-fi.imrworldwide.com
127.0.0.1 server-fr.imrworldwide.com
127.0.0.1 server-hk.imrworldwide.com
127.0.0.1 server-it.imrworldwide.com
127.0.0.1 server-jp.imrworldwide.com
127.0.0.1 server-no.imrworldwide.com
127.0.0.1 server-nz.imrworldwide.com
127.0.0.1 server-se.imrworldwide.com
127.0.0.1 server-sg.imrworldwide.com
127.0.0.1 server-stockh.imrworldwide.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 server-us.imrworldwide.com
127.0.0.1 telstra.imrworldwide.com
127.0.0.1 www.imrworldwide.com
127.0.0.1 www.imrworldwide.com.au
127.0.0.1 www.redsheriff.com
127.0.0.1 102.112.2o7.net
127.0.0.1 192.168.112.2o7.net
127.0.0.1 ancestrymsn.112.2o7.net
127.0.0.1 angmar.112.2o7.net
127.0.0.1 angts.112.2o7.net
127.0.0.1 angvac.112.2o7.net
127.0.0.1 canwest.112.2o7.net
127.0.0.1 cbEmail Removed112.2o7.net
127.0.0.1 cbsncaasports.112.2o7.net
127.0.0.1 cbspgatour.112.2o7.net
127.0.0.1 cbsspln.112.2o7.net
127.0.0.1 cfrfa.112.2o7.net
127.0.0.1 classifiedscanada.112.2o7.net
127.0.0.1 cnetnews.112.2o7.net
127.0.0.1 denverpost.112.2o7.net
127.0.0.1 dischannel.112.2o7.net
127.0.0.1 execulink.112.2o7.net
127.0.0.1 f2nsmh.112.2o7.net
127.0.0.1 f2ntheage.112.2o7.net
127.0.0.1 georgewbush.112.2o7.net
127.0.0.1 georgewbushcom.112.2o7.net
127.0.0.1 gpaper108.112.2o7.net
127.0.0.1 gpaper109.112.2o7.net
127.0.0.1 gpaper110.112.2o7.net
127.0.0.1 gpaper111.112.2o7.net
127.0.0.1 gpaper112.112.2o7.net
127.0.0.1 gpaper113.112.2o7.net
127.0.0.1 gpaper114.112.2o7.net
127.0.0.1 gpaper115.112.2o7.net
127.0.0.1 gpaper116.112.2o7.net
127.0.0.1 gpaper117.112.2o7.net
127.0.0.1 gpaper118.112.2o7.net
127.0.0.1 gpaper119.112.2o7.net
127.0.0.1 gpaper120.112.2o7.net
127.0.0.1 gpaper121.112.2o7.net
127.0.0.1 gpaper122.112.2o7.net
127.0.0.1 gpaper123.112.2o7.net
127.0.0.1 gpaper124.112.2o7.net
127.0.0.1 gpaper125.112.2o7.net
127.0.0.1 gpaper126.112.2o7.net
127.0.0.1 gpaper127.112.2o7.net
127.0.0.1 gpaper128.112.2o7.net
127.0.0.1 gpaper129.112.2o7.net
127.0.0.1 gpaper133.112.2o7.net
127.0.0.1 gpaper138.112.2o7.net
127.0.0.1 gpaper144.112.2o7.net
127.0.0.1 gpaper147.112.2o7.net
127.0.0.1 gpaper151.112.2o7.net
127.0.0.1 gpaper154.112.2o7.net
127.0.0.1 gpaper158.112.2o7.net
127.0.0.1 gpaper164.112.2o7.net
127.0.0.1 gpaper166.112.2o7.net
127.0.0.1 gpaper176.112.2o7.net
127.0.0.1 gpaper177.112.2o7.net
127.0.0.1 gpaper180.112.2o7.net
127.0.0.1 gpaper183.112.2o7.net
127.0.0.1 gpaper202.112.2o7.net
127.0.0.1 gpaper204.112.2o7.net
127.0.0.1 hchrmain.112.2o7.net
127.0.0.1 homesclick.112.2o7.net
127.0.0.1 hpglobal.112.2o7.net
127.0.0.1 hphqglobal.112.2o7.net
127.0.0.1 intelglobal.112.2o7.net
127.0.0.1 laxpsd.112.2o7.net
127.0.0.1 mgtbo.112.2o7.net
127.0.0.1 mlbglobal.112.2o7.net
127.0.0.1 mngidmn.112.2o7.net
127.0.0.1 mngislctrib.112.2o7.net
127.0.0.1 mxmacromedia.112.2o7.net
127.0.0.1 neber.112.2o7.net
127.0.0.1 nmcommancomedia.112.2o7.net
127.0.0.1 nmkawartha.112.2o7.net
127.0.0.1 nmminneapolis.112.2o7.net
127.0.0.1 nmsacramento.112.2o7.net
127.0.0.1 novellcom.112.2o7.net
127.0.0.1 nytbglobe.112.2o7.net
127.0.0.1 nytglobe.112.2o7.net
127.0.0.1 nythglobe.112.2o7.net
127.0.0.1 nytimesglobal.112.2o7.net
127.0.0.1 nytimesnonsampled.112.2o7.net
127.0.0.1 nytimesnoonsampled.112.2o7.net
127.0.0.1 nytrlakeland.112.2o7.net
127.0.0.1 nytrsarasota.112.2o7.net
127.0.0.1 pulpantagraph.112.2o7.net
127.0.0.1 rckymtnnws.112.2o7.net
127.0.0.1 thinkgeek.112.2o7.net
127.0.0.1 verisonwildcard.112.2o7.net
127.0.0.1 2.marketbanker.com
127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 a.as-eu.falkag.net
127.0.0.1 a.as-us.falkag.net
127.0.0.1 a.mktw.net
127.0.0.1 a.tribalfusion.com
127.0.0.1 a.websponsors.com
127.0.0.1 a3.suntimes.com
127.0.0.1 abcnews.footprint.net
127.0.0.1 ac.rnm.ca
127.0.0.1 actionflash.com
127.0.0.1 actionsplash.com
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad-souk.com
127.0.0.1 ad.71i.de
127.0.0.1 ad.abcnews.com
127.0.0.1 ad.aboutwebservices.com
127.0.0.1 ad.adex3.flycast.com
127.0.0.1 ad.adition.de
127.0.0.1 ad.adition.net
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.aftonbladet.se
127.0.0.1 ad.asv.de
127.0.0.1 ad.deviantart.com
127.0.0.1 ad.espn.starwave.com
127.0.0.1 ad.eurosport.com
127.0.0.1 ad.horvitznewspapers.net
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ad.iwin.com
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.moscowtimes.ru
127.0.0.1 ad.nate.com
127.0.0.1 ad.network60.com
127.0.0.1 ad.preferences.com
127.0.0.1 ad.pro-advertising.com
127.0.0.1 ad.repubblica.it
127.0.0.1 ad.showbizz.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.smni.com
127.0.0.1 ad.suprnova.org
127.0.0.1 ad.tbn.ru
127.0.0.1 ad.tv2.no
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 ad.usatoday.com
127.0.0.1 ad.webprovider.com
127.0.0.1 ad01.focalink.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 ad02.focalink.com
127.0.0.1 ad03.focalink.com
127.0.0.1 ad04.focalink.com
127.0.0.1 ad05.focalink.com
127.0.0.1 ad06.focalink.com
127.0.0.1 ad07.focalink.com
127.0.0.1 ad08.focalink.com
127.0.0.1 ad09.focalink.com
127.0.0.1 ad1.hotel.com
127.0.0.1 ad1.lbn.ru
127.0.0.1 ad1.peel.com
127.0.0.1 ad10.focalink.com
127.0.0.1 ad11.focalink.com
127.0.0.1 ad12.focalink.com
127.0.0.1 ad13.focalink.com
127.0.0.1 ad14.focalink.com
127.0.0.1 ad15.focalink.com
127.0.0.1 ad16.focalink.com
127.0.0.1 ad17.focalink.com
127.0.0.1 ad18.focalink.com
127.0.0.1 ad19.focalink.com
127.0.0.1 ad2.hotel.com
127.0.0.1 ad2.lbn.ru
127.0.0.1 ad2.pamedia.com
127.0.0.1 ad2.peel.com
127.0.0.1 ad2.smni.com
127.0.0.1 ad3.lbn.ru
127.0.0.1 ad4.lbn.ru
127.0.0.1 ad5.lbn.ru
127.0.0.1 adbot.theonion.com
127.0.0.1 adcentric.randomseed.com
127.0.0.1 adcentriconline.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 adcycle.icpeurope.net
127.0.0.1 adex1.flycast.com
127.0.0.1 adex2.flycast.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adgraphics.theonion.com
127.0.0.1 adgroup.naver.com
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 adimage.asia1.com.sg
127.0.0.1 adimage.asiaone.com
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimages.go.com
127.0.0.1 adimages.mp3.com
127.0.0.1 adincl.gopher.com
127.0.0.1 adj1.thruport.com
127.0.0.1 adj10.thruport.com
127.0.0.1 adj11.thruport.com
127.0.0.1 adj12.thruport.com
127.0.0.1 adj13.thruport.com
127.0.0.1 adj14.thruport.com
127.0.0.1 adj15.thruport.com
127.0.0.1 adj16.thruport.com
127.0.0.1 adj16r1.thruport.com
127.0.0.1 adj17.thruport.com
127.0.0.1 adj18.thruport.com
127.0.0.1 adj2.thruport.com
127.0.0.1 adj3.thruport.com
127.0.0.1 adj4.thruport.com
127.0.0.1 adj5.thruport.com
127.0.0.1 adj6.thruport.com
127.0.0.1 adj7.thruport.com
127.0.0.1 adj8.thruport.com
127.0.0.1 adj9.thruport.com
127.0.0.1 adjuggler.yourdictionary.com
127.0.0.1 adman.freeze.com
127.0.0.1 admanager.btopenworld.com
127.0.0.1 admedia.xoom.com
127.0.0.1 admin.digitalacre.com
127.0.0.1 adnet.chicago.tribune.com
127.0.0.1 adnetwork.nextgen.net
127.0.0.1 adng.ascii24.com
127.0.0.1 adpepper.dk
127.0.0.1 adpick.switchboard.com
127.0.0.1 adpulse.ads.targetnet.com
127.0.0.1 adpush.dreamscape.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adremote.timeinc.net
127.0.0.1 ads-direct.prodigy.net
127.0.0.1 ads.accelerator-media.com
127.0.0.1 ads.active.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addesktop.com
127.0.0.1 ads.addynamix.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.admonitor.net
127.0.0.1 ads.adsag.com
127.0.0.1 ads.adtegrity.net
127.0.0.1 ads.adviva.net
127.0.0.1 ads.adworldnetwork.com
127.0.0.1 ads.ah-ha.com
127.0.0.1 ads.allsites.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 ads.anm.co.uk
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.as4x.tmcs.ticketmaster.ca
127.0.0.1 ads.asia1.com
127.0.0.1 ads.asia1.com.sg
127.0.0.1 ads.astalavista.us
127.0.0.1 ads.auctioncity.co.nz
127.0.0.1 ads.bangkokpost.co.th
127.0.0.1 ads.banner.t-online.de
127.0.0.1 ads.beliefnet.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 ads.bluemountain.com
127.0.0.1 ads.bonnint.net
127.0.0.1 ads.box.sk
127.0.0.1 ads.businessweek.com
127.0.0.1 ads.camrecord.com
127.0.0.1 ads.canoe.ca
127.0.0.1 ads.cbc.ca
127.0.0.1 ads.champs-elysees.com
127.0.0.1 ads.channel4.com
127.0.0.1 ads.checkm8.co.za
127.0.0.1 ads.chumcity.com
127.0.0.1 ads.clickability.com
127.0.0.1 ads.clickad.com.pl
127.0.0.1 ads.clickagents.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.clickthru.net
127.0.0.1 ads.collegemix.com
127.0.0.1 ads.coopson.com
127.0.0.1 ads.courierpostonline.com
127.0.0.1 ads.cpsgsoftware.com
127.0.0.1 ads.democratandchronicle.com
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.deviantart.com
127.0.0.1 ads.digital-digest.com
127.0.0.1 ads.digitalacre.com
127.0.0.1 ads.digitalhealthcare.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 ads.discovery.com
127.0.0.1 ads.drf.com
127.0.0.1 ads.economist.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.euniverseads.com
127.0.0.1 ads.examiner.net
127.0.0.1 ads.exhedra.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.flabber.nl
127.0.0.1 ads.fool.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.fredericksburg.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.ft.com
127.0.0.1 ads.gamespy.com
127.0.0.1 ads.gamespyid.com
127.0.0.1 ads.gateway.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.gorillanation.com
127.0.0.1 ads.granadamedia.com
127.0.0.1 ads.greenvilleonline.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hamptonroads.com
127.0.0.1 ads.hamtonroads.com
127.0.0.1 ads.hardwarezone.com
127.0.0.1 ads.heraldsun.com
127.0.0.1 ads.hitcents.com
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.icq.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.illuminatednation.com
127.0.0.1 ads.indiatimes.com
127.0.0.1 ads.indystar.com
127.0.0.1 ads.inetdirectories.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.injersey.com
127.0.0.1 ads.iol.co.il
127.0.0.1 ads.isat-tech.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 ads.jacksonville.com
127.0.0.1 ads.jeneauempire.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.kleinman.com
127.0.0.1 ads.ksl.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.linksponsor.com
127.0.0.1 ads.linktracking.net
127.0.0.1 ads.list-universe.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mcafee.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.mgnetwork.com
127.0.0.1 ads.mindsetnetwork.com
127.0.0.1 ads.mircx.com
127.0.0.1 ads.mm.ap.org
127.0.0.1 ads.mouseplanet.com
127.0.0.1 ads.mustangworks.com
127.0.0.1 ads.mytelus.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 ads.nationalreview.com
127.0.0.1 ads.nerve.com
127.0.0.1 ads.newcity.com
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.northjersey.com
127.0.0.1 ads.ntadvice.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.nyjournalnews.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.omaha.com
127.0.0.1 ads.orsm.net
127.0.0.1 ads.osdn.com
127.0.0.1 ads.parrysound.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.pennyweb.com
127.0.0.1 ads.pg.valueclick.net
127.0.0.1 ads.pilotonline.com
127.0.0.1 ads.pointroll.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.pressdemo.com
127.0.0.1 ads.prisacom.com
127.0.0.1 ads.pro-market.net
127.0.0.1 ads.queendom.com
127.0.0.1 ads.quicken.com
127.0.0.1 ads.rackshack.net
127.0.0.1 ads.realcities.com
127.0.0.1 ads.rediff.com
127.0.0.1 ads.register.com
127.0.0.1 ads.revenue.net
127.0.0.1 ads.roanoke.com
127.0.0.1 ads.rodale.com
127.0.0.1 ads.rondomondo.com
127.0.0.1 ads.savannahnow.com
127.0.0.1 ads.scabee.com
127.0.0.1 ads.schwabtrader.com
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.simtel.com
127.0.0.1 ads.sitemeter.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.snowball.com
127.0.0.1 ads.sohh.com
127.0.0.1 ads.space.com
127.0.0.1 ads.specificclick.com
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.spymac.net
127.0.0.1 ads.starbanner.com
127.0.0.1 ads.stephensmedia.com
127.0.0.1 ads.stileproject.com
127.0.0.1 ads.stupid.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.techtv.com
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 ads.the15thinternet.com
127.0.0.1 ads.theglobeandmail.com    
127.0.0.1 ads.theolympian.com
127.0.0.1 ads.thestar.com        #Toronto Star
127.0.0.1 ads.thewebfreaks.com
127.0.0.1 ads.timesunion.com
127.0.0.1 ads.top500.org                #TOP500 SuperComputer Site
127.0.0.1 ads.toronto.com
127.0.0.1 ads.townhall.com
127.0.0.1 ads.track.net
127.0.0.1 ads.traderonline.com
127.0.0.1 ads.tricityherald.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tromaville.com
127.0.0.1 ads.tucows.com
127.0.0.1 ads.ucomics.com
127.0.0.1 ads.valuead.com
127.0.0.1 ads.vegas.com
127.0.0.1 ads.veloxia.com
127.0.0.1 ads.vnuemedia.com
127.0.0.1 ads.weather.com
127.0.0.1 ads.web.Email Removed
127.0.0.1 ads.web.compuserve.com
127.0.0.1 ads.webcoretech.com
127.0.0.1 ads.webmd.com
127.0.0.1 ads.websponsors.com
127.0.0.1 ads.whi.co.nz
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zap2it.com
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads01.hyperbanner.net
127.0.0.1 ads02.focalink.com
127.0.0.1 ads02.hyperbanner.net
127.0.0.1 ads03.focalink.com
127.0.0.1 ads03.hyperbanner.net
127.0.0.1 ads04.focalink.com
127.0.0.1 ads04.hyperbanner.net
127.0.0.1 ads05.focalink.com
127.0.0.1 ads05.hyperbanner.net
127.0.0.1 ads06.focalink.com
127.0.0.1 ads06.hyperbanner.net
127.0.0.1 ads07.focalink.com
127.0.0.1 ads07.hyperbanner.net
127.0.0.1 ads08.focalink.com
127.0.0.1 ads08.hyperbanner.net
127.0.0.1 ads09.focalink.com
127.0.0.1 ads09.hyperbanner.net
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ads1.advance.net
127.0.0.1 ads1.advertwizard.com
127.0.0.1 ads1.ami-admin.com
127.0.0.1 ads1.canoe.ca
127.0.0.1 ads1.globeandmail.com
127.0.0.1 ads1.jev.co.za
127.0.0.1 ads1.realcities.com
127.0.0.1 ads1.revenue.net
127.0.0.1 ads1.sptimes.com
127.0.0.1 ads1.theglobeandmail.com
127.0.0.1 ads1.ucomics.com
127.0.0.1 ads1.udc.advance.net
127.0.0.1 ads1.updated.com
127.0.0.1 ads1.virtumundo.com
127.0.0.1 ads1.zdnet.com
127.0.0.1 ads10.focalink.com
127.0.0.1 ads10.hyperbanner.net
127.0.0.1 ads11.focalink.com
127.0.0.1 ads11.hyperbanner.net
127.0.0.1 ads12.focalink.com
127.0.0.1 ads12.hyperbanner.net
127.0.0.1 ads13.focalink.com
127.0.0.1 ads13.hyperbanner.net
127.0.0.1 ads14.bpath.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads14.hyperbanner.net
127.0.0.1 ads15.focalink.com
127.0.0.1 ads15.hyperbanner.net
127.0.0.1 ads16.focalink.com
127.0.0.1 ads16.hyperbanner.net
127.0.0.1 ads17.focalink.com
127.0.0.1 ads17.hyperbanner.net
127.0.0.1 ads18.focalink.com
127.0.0.1 ads18.hyperbanner.net
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.ad-flow.com
127.0.0.1 ads2.advance.net
127.0.0.1 ads2.advertwizard.com
127.0.0.1 ads2.canoe.ca
127.0.0.1 ads2.clickad.com
127.0.0.1 ads2.newtimes.com
127.0.0.1 ads2.osdn.com
127.0.0.1 ads2.realcities.com
127.0.0.1 ads2.udc.advance.net
127.0.0.1 ads2.virtumundo.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.ad-flow.com
127.0.0.1 ads3.advance.net
127.0.0.1 ads3.advertwizard.com
127.0.0.1 ads3.canoe.ca
127.0.0.1 ads3.freebannertrade.com
127.0.0.1 ads3.realcities.com
127.0.0.1 ads3.virtumundo.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads36.hyperbanner.net
127.0.0.1 ads4.ad-flow.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads4.advertwizard.com
127.0.0.1 ads4.canoe.ca
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads4.realcities.com
127.0.0.1 ads4.virtumundo.com
127.0.0.1 ads5.ad-flow.com
127.0.0.1 ads5.advance.net
127.0.0.1 ads5.advertwizard.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 ads5.udc.advance.net
127.0.0.1 ads5.virtumundo.com
127.0.0.1 ads6.ad-flow.com
127.0.0.1 ads6.advertwizard.com
127.0.0.1 ads7.ad-flow.com
127.0.0.1 ads7.advance.net
127.0.0.1 ads7.advertwizard.com
127.0.0.1 ads8.ad-flow.com
127.0.0.1 ads8.advertwizard.com
127.0.0.1 ads9.ad-flow.com
127.0.0.1 ads9.advertwizard.com
127.0.0.1 adsatt.abcnews.starwave.com
127.0.0.1 adsatt.espn.starwave.com
127.0.0.1 adserv.aip.org
127.0.0.1 adserv.bravenet.com
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserv2.bravenet.com
127.0.0.1 adserve.viaarena.com
127.0.0.1 adserver.71i.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adserver.aim4media.com
127.0.0.1 adserver.airmiles.ca
127.0.0.1 adserver.ancestry.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 adserver.dnps.com
127.0.0.1 adserver.eham.net
127.0.0.1 adserver.eva2000.com
127.0.0.1 adserver.freenet.de
127.0.0.1 adserver.friendfinder.com
127.0.0.1 adserver.gamesquad.net
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.gorillanation.com
127.0.0.1 adserver.hardwareanalysis.com
127.0.0.1 adserver.harktheherald.com
127.0.0.1 adserver.hellasnet.gr
127.0.0.1 adserver.hg-computer.de
127.0.0.1 adserver.humanux.com
127.0.0.1 adserver.ign.com
127.0.0.1 adserver.ixm.co.uk
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.journalinteractive.com
127.0.0.1 adserver.linktrader.co.uk
127.0.0.1 adserver.lunarpages.com
127.0.0.1 adserver.m2kcore.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.news.com.au
127.0.0.1 adserver.newtimes.com
127.0.0.1 adserver.nydailynews.com
127.0.0.1 adserver.nzoom.com
127.0.0.1 adserver.phillyburbs.com
127.0.0.1 adserver.securityfocus.com
127.0.0.1 adserver.terra.com.br
127.0.0.1 adserver.thisislondon.co.uk
127.0.0.1 adserver.tilted.net
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.trader.ca
127.0.0.1 adserver.trb.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 adserver.ugo.com
127.0.0.1 adserver.yahoo.com
127.0.0.1 adserver01.ancestry.com
127.0.0.1 adserver1.backbeatmedia.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adserver2.creative.com
127.0.0.1 adsfac.net
127.0.0.1 adsintl.starwave.com
127.0.0.1 adsnew.userfriendly.org
127.0.0.1 adsr3pg.com.br
127.0.0.1 adsrc.bankrate.com
127.0.0.1 adsremote.scripps.com
127.0.0.1 adsrv.heraldtribune.com
127.0.0.1 adsrv.hpg.com.br
127.0.0.1 adsrv.iol.co.za
127.0.0.1 adsrv.news.com.au
127.0.0.1 adsrv.tuscaloosanews.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 adtracking.vinden.nlfrm
127.0.0.1 adv.bannercity.ru
127.0.0.1 adv.bbanner.it
127.0.0.1 adv.surinter.net
127.0.0.1 adv.wp.pl
127.0.0.1 adveng.hiasys.com
127.0.0.1 advert.bayarea.com
127.0.0.1 advertising.gfxartist.com
127.0.0.1 advertising.hiasys.com
127.0.0.1 adverts.ecn.co.uk
127.0.0.1 adviva.net
127.0.0.1 adx.adrenalinesk.sk
127.0.0.1 affiliate.Email Removed
127.0.0.1 affiliate.cfdebt.com
127.0.0.1 ajcclassifieds.com
127.0.0.1 ak.imgfarm.com
127.0.0.1 akaads-espn.starwave.com
127.0.0.1 alliance.adbureau.net
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 americansingles.click-url.com
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 apps5.oingo.com
127.0.0.1 arsconsole.global-intermedia.com
127.0.0.1 as1.falkag.de
127.0.0.1 au.ads.link4ads.com
127.0.0.1 au.adserver.yahoo.com
127.0.0.1 aureate.com
127.0.0.1 banner.coza.com
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.northsky.com
127.0.0.1 banner.oddcast.com
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banner2.inet-traffic.com
127.0.0.1 bannerads.anytimenews.com
127.0.0.1 bannerads.zwire.com
127.0.0.1 bannerimages.0catch.com
127.0.0.1 bannerpower.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 banners.affiliatefuture.com
127.0.0.1 banners.bol.se
127.0.0.1 banners.directnic.com
127.0.0.1 banners.dnastudio.com
127.0.0.1 banners.easydns.com
127.0.0.1 banners.expressindia.com
127.0.0.1 banners.img.uol.com.br
127.0.0.1 banners.japantoday.com
127.0.0.1 banners.ksl.com
127.0.0.1 banners.linkbuddies.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.netcraft.com
127.0.0.1 banners.nextcard.com
127.0.0.1 banners.pennyweb.com
127.0.0.1 banners.tucson.com
127.0.0.1 banners.valuead.com
127.0.0.1 banners.webmasterplan.com
127.0.0.1 banners.wunderground.com
127.0.0.1 banners1.linkbuddies.com
127.0.0.1 banners2.castles.org
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 bell.adcentriconline.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 betterperformance.goldenopps.info
127.0.0.1 bfast.com
127.0.0.1 bidclix.net
127.0.0.1 bild.ivwbox.de
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c1.zedo.com
127.0.0.1 c2.zedo.com
127.0.0.1 c3.zedo.com
127.0.0.1 c4.maxserving.com
127.0.0.1 c4.zedo.com
127.0.0.1 c5.zedo.com
127.0.0.1 c6.zedo.com
127.0.0.1 c7.zedo.com
127.0.0.1 cache.unicast.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 cashflowmarketing.com
127.0.0.1 cdn2.adsdk.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 clickit.go2net.com
127.0.0.1 clicks.adultplex.com
127.0.0.1 clipserv.adclip.com
127.0.0.1 clk.cloudyisland.com
127.0.0.1 cmhtml.overture.com
127.0.0.1 cmn1lsm2.beliefnet.com
127.0.0.1 commerce.www.ibm.com
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 content.ad-flow.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 count.casino-trade.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 dart.chron.com
127.0.0.1 db4.net-filter.com
127.0.0.1 dev.adforum.com
127.0.0.1 djbanners.deadjournal.com
127.0.0.1 dl.ncbuy.com
127.0.0.1 dnads.directnic.com
127.0.0.1 ehg-acdsystems.hitbox.com
127.0.0.1 ehg-legonewyorkinc.hitbox.com
127.0.0.1 engage.everyone.net
127.0.0.1 engage.speedera.net
127.0.0.1 erie.smartage.com
127.0.0.1 espn.footprint.net
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 etype.adbureau.net
127.0.0.1 euniverseads.com
127.0.0.1 exits1.webquest.net
127.0.0.1 exits2.webquest.net
127.0.0.1 ezboard.bigbangmedia.com
127.0.0.1 faz.ivwbox.de
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gavzad.keenspot.com
127.0.0.1 gcirm.burlingtonfreepress.com
127.0.0.1 gcirm.citizen-times.com
127.0.0.1 gcirm.dmregister.com
127.0.0.1 gcirm.gannett-tv.com
127.0.0.1 gcirm.lsj.com
127.0.0.1 gcirm.tennessean.com
127.0.0.1 gcrim.democratandchronicle.com
127.0.0.1 gcrim.theolympian.com
127.0.0.1 gm.preferences.com
127.0.0.1 got2goshop.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 gravitron.chron.com
127.0.0.1 grfx.mp3.com
127.0.0.1 gs1.idsales.co.uk
127.0.0.1 guptamedianetwork.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 http300.content.ru4.com
127.0.0.1 ieee.adbureau.net
127.0.0.1 if.bbanner.it
127.0.0.1 image.i1img.com
127.0.0.1 image.linkexchange.com
127.0.0.1 imageads.canoe.ca
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 images.clickfinders.com
127.0.0.1 images.cybereps.com
127.0.0.1 images.emapadserver.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 imgserv.adbutler.com
127.0.0.1 imp.partner2profit.com
127.0.0.1 impact.cossette-webpact.com
127.0.0.1 impes.tradedoubler.com
127.0.0.1 impse.tradedoubler.com
127.0.0.1 inl.adbureau.net
127.0.0.1 itxt.vibrantmedia.com
127.0.0.1 ivwbox.de
127.0.0.1 jl29jd25sm24mc29.com
127.0.0.1 kansas.valueclick.com
127.0.0.1 kicker.ivwbox.de
127.0.0.1 klipmart.dvlabs.com
127.0.0.1 klipmart.forbes.com
127.0.0.1 knight.economist.com
127.0.0.1 lanzar.publicidadweb.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 links.dot.tk
127.0.0.1 linktracker.angelfire.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 lnads.osdn.com
127.0.0.1 load.focalex.com
127.0.0.1 lt.angelfire.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 manuel.theonion.com
127.0.0.1 matrix.mediavantage.de
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 mds.centrport.net
127.0.0.1 media.adcentriconline.com
127.0.0.1 media.bonnint.net
127.0.0.1 media.fastclick.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 media1.fastclick.net
127.0.0.1 media10.fastclick.net
127.0.0.1 media11.fastclick.net
127.0.0.1 media12.fastclick.net
127.0.0.1 media13.fastclick.net
127.0.0.1 media2.fastclick.net
127.0.0.1 media2.travelzoo.com
127.0.0.1 media3.fastclick.net
127.0.0.1 media4.fastclick.net
127.0.0.1 media5.fastclick.net
127.0.0.1 media6.fastclick.net
127.0.0.1 media7.fastclick.net
127.0.0.1 media8.fastclick.net
127.0.0.1 media9.fastclick.net
127.0.0.1 mediacharger.com
127.0.0.1 messagia.adcentric.proximi-t.com
127.0.0.1 mii-image.adjuggler.com
127.0.0.1 mjx.ads.nwsource.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 mt58.mtree.com
127.0.0.1 nb.netbreak.com.au
127.0.0.1 nbc.adbureau.net
127.0.0.1 netcomm.spinbox.net
127.0.0.1 netshelter.adtrix.com
127.0.0.1 network.realmedia.com
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nitrous.exitfuel.com
127.0.0.1 nitrous.internetfuel.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 nx-adv0005.247realmedia.com
127.0.0.1 nytadvertising.nytimes.com
127.0.0.1 oas-central.realmedia.com
127.0.0.1 oas-eu.247realmedia.com
127.0.0.1 oas.foxnews.com
127.0.0.1 oas.lee.net
127.0.0.1 oas.startribune.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 oasads.whitepages.com
127.0.0.1 oascentral.abclocal.go.com
127.0.0.1 oascentral.adage.com
127.0.0.1 oascentral.bostonherald.com
127.0.0.1 oascentral.clearchannel.com
127.0.0.1 oascentral.construction.com
127.0.0.1 oascentral.crainsdetroit.com
127.0.0.1 oascentral.drphil.com
127.0.0.1 oascentral.foxnews.com
127.0.0.1 oascentral.sina.com
127.0.0.1 oascentral.sina.com.hk
127.0.0.1 oascentral.theonion.com
127.0.0.1 oascentral.theonionavclub.com
127.0.0.1 oascentral.thesmokinggun.com
127.0.0.1 oascentral.thespark.com
127.0.0.1 oascentral.wwe.com
127.0.0.1 oasis.zmh.zope.com
127.0.0.1 oassis.zmh.zope.com
127.0.0.1 offers.impower.com
127.0.0.1 onlineads.magicvalley.com
127.0.0.1 openad.travelnow.com
127.0.0.1 overflow.adsoftware.com
127.0.0.1 oz.valueclick.com
127.0.0.1 pagead.googlesyndication.com
127.0.0.1 pagead1.googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 partner.ah-ha.com
127.0.0.1 partner01.oingo.com
127.0.0.1 partner02.oingo.com
127.0.0.1 partner03.oingo.com
127.0.0.1 ph-ad01.focalink.com
127.0.0.1 ph-ad02.focalink.com
127.0.0.1 ph-ad03.focalink.com
127.0.0.1 ph-ad04.focalink.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad06.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad08.focalink.com
127.0.0.1 ph-ad09.focalink.com
127.0.0.1 ph-ad10.focalink.com
127.0.0.1 ph-ad11.focalink.com
127.0.0.1 ph-ad12.focalink.com
127.0.0.1 ph-ad13.focalink.com
127.0.0.1 ph-ad14.focalink.com
127.0.0.1 ph-ad15.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 ph-ad19.focalink.com
127.0.0.1 ph-ad20.focalink.com
127.0.0.1 phg.hitbox.com
127.0.0.1 phpads.cnpapers.com
127.0.0.1 phpads.macbidouille.com
127.0.0.1 popup.matchmaker.com
127.0.0.1 popups.ad-logics.com
127.0.0.1 popups.infostart.com
127.0.0.1 primetime.ad.primetime.net
127.0.0.1 ptrads.mp3.com
127.0.0.1 publicidades.redtotalonline.com
127.0.0.1 q.azcentral.com
127.0.0.1 realads.realmedia.com
127.0.0.1 realmedia-a800.d4p.net        # Scientific American
127.0.0.1 red01.as-eu.falkag.net
127.0.0.1 red01.as-us.falkag.net
127.0.0.1 red02.as-eu.falkag.net
127.0.0.1 red02.as-us.falkag.net
127.0.0.1 red03.as-eu.falkag.net
127.0.0.1 red03.as-us.falkag.net
127.0.0.1 red04.as-eu.falkag.net
127.0.0.1 red04.as-us.falkag.net
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 regio.adlink.de
127.0.0.1 remotead.cnet.com
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 rmedia.boston.com
127.0.0.1 rotabanner100.utro.ru
127.0.0.1 s0b.bluestreak.com
127.0.0.1 search.freeonline.com
127.0.0.1 secure-au.imrworldwide.com
127.0.0.1 secure.webconnect.net
127.0.0.1 securerunner.com
127.0.0.1 servads.aip.org
127.0.0.1 servedby.advertising.com
127.0.0.1 server.as5000.com
127.0.0.1 server.iad.liveperson.net
127.0.0.1 server01.popupmoney.com
127.0.0.1 sfads.osdn.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 shinystat.shiny.it
127.0.0.1 simg.zedo.com
127.0.0.1 skill.skilljam.com
127.0.0.1 specialoffers.Email Removed
127.0.0.1 speed.pointroll.com           # Microsoft
127.0.0.1 spiegel.ivwbox.de
127.0.0.1 spin.spinbox.net
127.0.0.1 spinbox.consumerreview.com
127.0.0.1 sponsor1.com
127.0.0.1 ssads.osdn.com
127.0.0.1 st.valueclick.com
127.0.0.1 stat.dealtime.com
127.0.0.1 static.admaximize.com
127.0.0.1 static.everyone.net
127.0.0.1 static.firehunt.com
127.0.0.1 stats2.dooyoo.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 sview.avenuea.com
127.0.0.1 techreview-images.adbureau.net
127.0.0.1 techreview.adbureau.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tmsads.tribune.com
127.0.0.1 topica.advertserve.com
127.0.0.1 touche.adcentric.proximi-t.com
127.0.0.1 tower.adexpedia.com
127.0.0.1 transfer.go.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 ttarget.adbureau.net
127.0.0.1 twnads.weather.ca             # Canadian Weather Network
127.0.0.1 u0.extreme-dm.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 uk.i1.yimg.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 us.adserver.yahoo.com
127.0.0.1 usads.vibrantmedia.com
127.0.0.1 utils.mediageneral.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 venus.goclick.com
127.0.0.1 view.atdmt.com
127.0.0.1 view.avenuea.com
127.0.0.1 view.iballs.a1.avenuea.com
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 w.extreme-dm.com
127.0.0.1 w0.extreme-dm.com
127.0.0.1 w1.extreme-dm.com
127.0.0.1 w2.extreme-dm.com
127.0.0.1 w3.extreme-dm.com
127.0.0.1 w4.extreme-dm.com
127.0.0.1 w5.extreme-dm.com
127.0.0.1 w6.extreme-dm.com
127.0.0.1 w7.extreme-dm.com
127.0.0.1 w8.extreme-dm.com
127.0.0.1 w9.extreme-dm.com
127.0.0.1 web.nyc.ads.Email Removed.co
127.0.0.1 web1b.netreflector.com
127.0.0.1 webads.bizservers.com
127.0.0.1 weeklyad.target.com
127.0.0.1 wwbtads.com
127.0.0.1 www.3qqq.net
127.0.0.1 www.3turtles.com
127.0.0.1 www.404errorpage.com
127.0.0.1 www.5thavenue.com
127.0.0.1 www.ad-souk.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.ad.tomshardware.com
127.0.0.1 www.adbanner.gr
127.0.0.1 www.adforum.com
127.0.0.1 www.adimages.beeb.com
127.0.0.1 www.admex.com
127.0.0.1 www.adpepper.dk
127.0.0.1 www.adpowerzone.com
127.0.0.1 www.adreporting.com
127.0.0.1 www.ads.revenue.net
127.0.0.1 www.adsoftware.com
127.0.0.1 www.adtrix.com
127.0.0.1 www.affiliateclick.com
127.0.0.1 www.aureate.com
127.0.0.1 www.banner4all.dk
127.0.0.1 www.boonsolutions.com
127.0.0.1 www.bugsbanner.it
127.0.0.1 www.bulkclicks.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.buyhitscheap.com
127.0.0.1 www.click10.com
127.0.0.1 www.clickbank.com
127.0.0.1 www.clicktilluwin.com
127.0.0.1 www.clickxchange.com
127.0.0.1 www.coolsavings.com
127.0.0.1 www.cpabank.com
127.0.0.1 www.crazypopups.com
127.0.0.1 www.datatech.es
127.0.0.1 www.digimedia.com
127.0.0.1 www.direc-tory.tk
127.0.0.1 www.e-bannerx.com
127.0.0.1 www.eads.com
127.0.0.1 www.ehg-rr.hitbox.com
127.0.0.1 www.fast-adv.it
127.0.0.1 www.fineclicks.com
127.0.0.1 www.focalex.com
127.0.0.1 www.fusionbanners.com
127.0.0.1 www.gatoradvertisinginformationnetwork.com
127.0.0.1 www.getloan.com
127.0.0.1 www.gopopup.com
127.0.0.1 www.guesstheview.com
127.0.0.1 www.guptamedianetwork.com
127.0.0.1 www.hightrafficads.com
127.0.0.1 www.idealcasino.net
127.0.0.1 www.idirect.com
127.0.0.1 www.ijacko.net
127.0.0.1 www.indiads.com
127.0.0.1 www.infinite-ads.com          # www.shareactor.com
127.0.0.1 www.interstitialzone.com
127.0.0.1 www.iwin.com
127.0.0.1 www.jetseeker.com
127.0.0.1 www.jl29jd25sm24mc29.com
127.0.0.1 www.joinfree.ro
127.0.0.1 www.leadgreed.com
127.0.0.1 www.linkhut.com
127.0.0.1 www.lottoforever.com
127.0.0.1 www.media2.travelzoo.com
127.0.0.1 www.merchantapp.com
127.0.0.1 www.my-stats.com
127.0.0.1 www.myaffiliateprogram.com
127.0.0.1 www.myuitm.com
127.0.0.1 www.netpalnow.com
127.0.0.1 www.netpaloffers.net
127.0.0.1 www.ontheweb.com
127.0.0.1 www.parsads.com
127.0.0.1 www.paypopup.com
127.0.0.1 www.popupad.net
127.0.0.1 www.popuptraffic.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.radiate.com
127.0.0.1 www.rankyou.com
127.0.0.1 www.rtcode.com
127.0.0.1 www.securerunner.com
127.0.0.1 www.servedby.advertising.com
127.0.0.1 www.shoppingjobshere.com
127.0.0.1 www.smartadserver.com
127.0.0.1 www.speedyclick.com
127.0.0.1 www.sponsoradulto.com
127.0.0.1 www.subsitesadserver.co.uk
127.0.0.1 www.textbanners.net
127.0.0.1 www.top20free.com
127.0.0.1 www.treeloot.com
127.0.0.1 www.tutop.com
127.0.0.1 www.tuttosessogratis.org
127.0.0.1 www.ukbanners.com
127.0.0.1 www.uproar.com
127.0.0.1 www.utarget.co.uk
127.0.0.1 www.valueclick.com
127.0.0.1 www.virtumundo.com
127.0.0.1 www.webcashvideos.com
127.0.0.1 www.websponsors.com
127.0.0.1 www.whatuwhatuwhatuwant.com
127.0.0.1 www.windaily.com
127.0.0.1 www.winnerschoiceservices.com
127.0.0.1 www.xbn.ru                    # exclusive banner network (Russian)
127.0.0.1 www1.ad.tomshardware.com
127.0.0.1 www1.bannerspace.com
127.0.0.1 www10.ad.tomshardware.com
127.0.0.1 www10.indiads.com
127.0.0.1 www10.paypopup.com
127.0.0.1 www11.ad.tomshardware.com
127.0.0.1 www12.ad.tomshardware.com
127.0.0.1 www13.ad.tomshardware.com
127.0.0.1 www14.ad.tomshardware.com
127.0.0.1 www15.ad.tomshardware.com
127.0.0.1 www2.ad.tomshardware.com
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.ad.tomshardware.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www4.ad.tomshardware.com
127.0.0.1 www4.bannerspace.com
127.0.0.1 www5.ad.tomshardware.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.ad.tomshardware.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.ad.tomshardware.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 www74.valueclick.com
127.0.0.1 www8.ad.tomshardware.com
127.0.0.1 www81.valueclick.com
127.0.0.1 www9.ad.tomshardware.com
127.0.0.1 xlonhcld.xlontech.net
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.adserver.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 zads.zedo.com
127.0.0.1 zdads.e-media.com
127.0.0.1 us.b1.yimg.com
127.0.0.1 us.c1.yimg.com
127.0.0.1 us.d1.yimg.com
127.0.0.1 us.e1.yimg.com
127.0.0.1 us.f1.yimg.com
127.0.0.1 us.g1.yimg.com
127.0.0.1 us.h1.yimg.com
127.0.0.1 us.j1.yimg.com
127.0.0.1 us.k1.yimg.com
127.0.0.1 us.l1.yimg.com
127.0.0.1 us.m1.yimg.com
127.0.0.1 us.n1.yimg.com
127.0.0.1 us.o1.yimg.com
127.0.0.1 us.p1.yimg.com
127.0.0.1 us.q1.yimg.com
127.0.0.1 us.r1.yimg.com
127.0.0.1 us.s1.yimg.com
127.0.0.1 us.t1.yimg.com
127.0.0.1 us.u1.yimg.com
127.0.0.1 us.v1.yimg.com
127.0.0.1 us.w1.yimg.com
127.0.0.1 us.x1.yimg.com
127.0.0.1 us.y1.yimg.com
127.0.0.1 us.z1.yimg.com
127.0.0.1 incestland.com
127.0.0.1 www.asiansforu.com
127.0.0.1 www.datanotary.com
127.0.0.1 www.entercasino.com
127.0.0.1 www.incestdot.com
127.0.0.1 www.incestgold.com
127.0.0.1 www.mangayhentai.com
127.0.0.1 www.realincestvideos.com
127.0.0.1 www.searchv.com
127.0.0.1 www.secretosx.com
127.0.0.1 www.seductiveamateurs.com    
127.0.0.1 www.xxxnations.com
127.0.0.1 www.xxxnightly.com
127.0.0.1 www.xxxtoolbar.com
127.0.0.1 warez4u.us
127.0.0.1 www.warez4u.us
127.0.0.1 forum.warez4u.us
127.0.0.1 www.forum.warez4u.us
127.0.0.1 startpage.warez4u.us
127.0.0.1 www.startpage.warez4u.us
127.0.0.1 www-k-lite.tk
127.0.0.1 www.www-k-lite.tk
127.0.0.1 klite.prv.pl
127.0.0.1 www.klite.prv.pl
127.0.0.1 klite.republika.pl
127.0.0.1 www.klite.republika.pl
127.0.0.1 lesres.prv.pl
127.0.0.1 www.lesres.prv.pl
127.0.0.1 lesres.republika.pl
127.0.0.1 www.lesres.republika.pl
127.0.0.1 k-lite.twistedpc.us
127.0.0.1 www.k-lite.twistedpc.us
127.0.0.1 www.filesharing.prv.pl
127.0.0.1 www.starosta.iglu.cz
127.0.0.1 starosta.iglu.cz
127.0.0.1 www.fortis.a4.pl
127.0.0.1 fortis.a4.pl
127.0.0.1 klite.a4.pl
127.0.0.1 www.klite.a4.pl
127.0.0.1 www.fullinstaller.a4.pl
127.0.0.1 fullinstaller.a4.pl
127.0.0.1 kmd260.a4.pl
127.0.0.1 www.kmd260.a4.pl
127.0.0.1 filesharing.prv.pl
127.0.0.1 purple.serverstoday.com
127.0.0.1 overpro.com
127.0.0.1 data.overpro.com
127.0.0.1 ad.newEmail Removed

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS.000\system32\migicons.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9CB600EA-1E09-43FF-9491-36A91BF70AFD}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9CB600EA-1E09-43FF-9491-36A91BF70AFD}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9CB600EA-1E09-43FF-9491-36A91BF70AFD}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: NameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220 208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220 208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220 208.67.222.222


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdqae.exe"

kdqae.exe detected !
use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done.
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Thank you!

[guestolo]

Can you do the following please
download FixWareout from one of these sites and save it too your desktop
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe


Do a "System scan only" with Hijackthis and put a check next to these entries:

O17 - HKLM\System\CCS\Services\Tcpip\..\{71B3D8EA-0C7F-4B33-9486-DC2064C4CBF9}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FA2A991-9158-4DA4-A4FF-3430AA4675FE}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220 208.67.222.222


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis


Double click on Fixwareout.exe on desktop
 Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.  You will be asked to reboot your computer; please do so.  Your system may take longer than usual to load; this is normal.

Post back all the following:
1. Post the report from FixWareout>>report.txt in the C:\Fixwareout folder
2. Run a fresh scan>save logfile with hijackthis post it's log

[indfin]

Here's the FixWareout Report:

Username "hj" - 05/04/2008 12:51:21 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdqae.exe"

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.
 
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS.000\TEMP\kdqae.ren 63437 08/04/2004

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS.000\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


And here's the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:26 PM, on 5/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS.000\System32\smss.exe
C:\WINDOWS.000\system32\winlogon.exe
C:\WINDOWS.000\system32\services.exe
C:\WINDOWS.000\system32\lsass.exe
C:\WINDOWS.000\system32\svchost.exe
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS.000\system32\drivers\KodakCCS.exe
C:\WINDOWS.000\system32\ScsiAccess.EXE
C:\WINDOWS.000\System32\svchost.exe
C:\WINDOWS.000\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS.000\system32\wuauclt.exe
C:\WINDOWS.000\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.000\system32\ctfmon.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - http://www.yapta.com/user (file missing)
O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.000\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://us.dbrasweb.db.com/llclient/dbraswe....com+AXXPEE.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...99/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS.000\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS.000\system32\ScsiAccess.EXE

--
End of file - 5712 bytes

Thank you!

[guestolo]

How is everything running on this computer now?

[indfin]

The problem is gone, thank you!

One more question....can I now delete all the programs I downloaded (SmitFraud, FixWareout, etc.) for the cleanup?

Thanks again and best regards.

[guestolo]

On both computers you can do the following

download the [color=\"red\"]OTMoveIt2 by OldTimer[/color][/url].

• Save it to your desktop.
  
• Double-click OTMoveIt2.exe to run it.
  
• Click the Cleanup! button
  A list will be downloaded>>Allow it Internet access if prompted by your Firewall
  Don't change anything in this list
  
• Select Yes at the prompt
  Wait for the confirmation box to open to reboot the computer
  Don't mouseclick during the wait as you may cause the tool to stall
  
• Select Yes to reboot Now
  

NOTE: This procedure will also delete OTMoveit.exe from desktop

If after rebooting, Smitfraudfix , Fixwareout, files remain, you can manually delete them
your choice to hold onto ATF-Cleaner.exe or simply delete it

Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Select>>Create a New restore point
Give it a name, any name,
 and click Create
Windows will prompt when it was created successfully
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster  by JavaCool  

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Take a look at miekiemoes site with other ideas on How to prevent Malware:

I hope that helps  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[indfin]

Ok...did all that.  Thanks a ton for your help.  Both computers are running fine.

The one problem computer left is the one with a bad wireless connection.  That one I will post in a new topic once I can get the wireless connection to work properly.

Thanks again and Best wishes!!