Welcome Guest ( Log In | Register )

      
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
2 Pages V   1 2 >  
 Closed TopicStart new topic
My computer is infected Malware and Trojan Virus found [RESOLVED], My desktop has been changed to a red background that says "Your pr
Kizzy
post Feb 29 2008, 10:55 AM
Post #1


Member
**
Posts: 38
OS: Windows XP
Help!!!!!!!!! helpsmilie.gif
It all started when all of a sudden I begin to get pop ups. one said "Security Alert: Spyware Found Your computer is infected with the last version of PSW.x'Vir trojan. PSW trojans steal your Private information such as: passwords, Ip-addresses, credit card information, registration details, documents, etc. click this baloon to remove PSW.x-vir spyware."
Another one said "System Alert: Malware threats Your computer is infected with a back door Trojan taht allows the remote attacker to perform various malicious actions. click this baloon to download malware removal software."
The third one said "Security warning: New variant of SpyBot@MXt Your system in unprotected from new verision of SpyBot@MXt trojan. SpyBot@MXt is a trojan Hourse that steals information and gathers email addresses from the compromised computer. click ok to download antivirus software and pass system scan to delete/quarantine infected files."
Then my Desktop background changed to a red color and it said "Your privacy is in danger download privacy protection software now." I already had Spybot, Spyware Blaster, Spyware Guard, and Avast Antivirus installed before I got the pop ups. Could I had too much spyware protection on my computer? Well, I ran my Spybot and It found Smitfraud-c, SpyLocked. FakeAlart, Win32.BHD.je, Zlob. Downloader.vdt, Zlob. Downloader.vcd. When I tried to remove the problems my computer froze up.
I did the preparation and when I ran the AVG scan in safe mode and restart my computer my desktop turns white and I get a message that has Windows Internet Explorer on top and says"Cannot find 'file:///C:/WINDOWS/Privacy-danger/index.htm'.Make sure the path or Internet address is correct.
I nolonger get the Security Alerts or Security warnings but I dont know if my computer is free of Spyware and Trojans. Please help!!!!

HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:36:28 AM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/P...000030.0000010e
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9d.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/ht...ALStreaming.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172946596421
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...224/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O21 - SSODL: bdmanager - {DC027BDA-0C73-459B-A461-C984940276F1} - C:\WINDOWS\bdmanager.dll (file missing)
O21 - SSODL: KbdPrx - {4086594d-4bc7-46f9-8b62-fad73d7207d5} - C:\WINDOWS\Installer\{4086594d-4bc7-46f9-8b62-fad73d7207d5}\KbdPrx.dll
O21 - SSODL: bxlrvps - {E32133B8-BFB6-4DF5-A308-51AF9F0E1C47} - C:\WINDOWS\bxlrvps.dll (file missing)
O21 - SSODL: alofkmn - {840C24E6-87BB-4FDB-9F13-408A22B512D0} - C:\WINDOWS\alofkmn.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 11587 bytes

SUPERAntiSpyware Scan Log
Generated 02/28/2008 at 11:39 AM

Application Version : 3.6.1000

Core Rules Database Version : 3411
Trace Rules Database Version: 1403

Scan type : Complete Scan
Total Scan Time : 01:50:52

Memory items scanned : 532
Memory threats detected : 3
Registry items scanned : 6003
Registry threats detected : 20
File items scanned : 61020
File threats detected : 13

Trojan.Media-Codec/V5
C:\PROGRAM FILES\NETPROJECT\SCM.EXE
C:\PROGRAM FILES\NETPROJECT\SCM.EXE
C:\PROGRAM FILES\NETPROJECT\SBUN.EXE

Trojan.Smitfraud Variant
C:\WINDOWS\SYSTEM32\HEUVTH.DLL
C:\WINDOWS\SYSTEM32\HEUVTH.DLL
HKLM\Software\Classes\CLSID\{699fabf8-1087-491f-b57c-80a68929d82b}
HKCR\CLSID\{699FABF8-1087-491F-B57C-80A68929D82B}
HKCR\CLSID\{699FABF8-1087-491F-B57C-80A68929D82B}\InProcServer32
HKCR\CLSID\{699FABF8-1087-491F-B57C-80A68929D82B}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{699fabf8-1087-491f-b57c-80a68929d82b}

Trojan.Net-ALO/NMC
C:\WINDOWS\ALOFKMN.DLL
C:\WINDOWS\ALOFKMN.DLL

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger

Trojan.Media-Codec/V4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#some [ C:\Program Files\NetProject\scit.exe ]
HKCR\videoPl.chl
HKCR\videoPl.chl\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software#Publisher

Adware.E404 Helper/Hij
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version

Trojan.Net-AGX/NMC
C:\WINDOWS\ADMGCX.DLL

Adware.SXGAdvisor
C:\WINDOWS\DMDVPNWGP.DLL

This post has been edited by Kizzy: Feb 29 2008, 11:14 AM
Go to the top of the page
 
+Quote Post
andrewuk
post Feb 29 2008, 02:11 PM
Post #2


Trusted Helper
Group Icon
Posts: 2,791
From: London, UK
OS: XP
Hi Kizzy

welcome back to geekstogo.

looks like you had a smitfraud infection. so before we tackle the other malware i can see in your logs we will ensure that this infection is all gone.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

andrewuk
Go to the top of the page
 
+Quote Post
Kizzy
post Feb 29 2008, 05:50 PM
Post #3


Member
**
Posts: 38
OS: Windows XP
Hi andrewuk,
Thank you for your reply. I've downloaded and ran SmitfraudFix. Here is a copy of my report.

SmitFraudFix v2.299

Scan done at 17:39:20.35, Fri 02/29/2008
Run from C:\Documents and Settings\Kirsten\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 hk.digitaltrends.com
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\fkxvkns.exe FOUND !
C:\WINDOWS\fsxloqf.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kirsten


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Kirsten\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Kirsten\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: KbdPrx.dll
SSODL: KbdPrx - {4086594d-4bc7-46f9-8b62-fad73d7207d5}


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{BE506650-0D08-4C39-92D6-A97C94492D8C}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{BE506650-0D08-4C39-92D6-A97C94492D8C}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS2\Services\Tcpip\..\{BE506650-0D08-4C39-92D6-A97C94492D8C}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2810EB22-763D-4D0C-9450-64BBD1758685}: DhcpNameServer=208.67.220.220,208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{BE506650-0D08-4C39-92D6-A97C94492D8C}: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Go to the top of the page
 
+Quote Post
andrewuk
post Feb 29 2008, 06:01 PM
Post #4


Trusted Helper
Group Icon
Posts: 2,791
From: London, UK
OS: XP
ok, i can still see traces of the smitfraud infection, so we will remove it now and then do a deeper scan of your machine.


====STEP 1====
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


====STEP 2====
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.



In your next reply could i see:
1. the rapport.txt log
2. the 2 DSS logs

there will be a lot of information to post, so you may have to post it over more than one reply to ensure it is all posted.

andrewuk
Go to the top of the page
 
+Quote Post
Kizzy
post Feb 29 2008, 08:50 PM
Post #5


Member
**
Posts: 38
OS: Windows XP
I did the SmitfraudFix.exe clean in safe mode and ran the Deckard's System Scanner the only notepad that opened was the main.txt notepad. Here is the copy of the SmitFraud report. The DSS main.txt will be in one of the following post because my post was too long and I had to break them up.

SmitFraudFix v2.299

Scan done at 19:13:44.04, Fri 02/29/2008
Run from C:\Documents and Settings\Kirsten\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 banners.absolpublisher.com
127.0.0.1 tracking.absolstats.com
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 acilot.cn #[Malicious.Links.Codec]
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
127.0.0.1 web.acumenpi.com #[AdvertPro]
127.0.0.1 ad.ad24.ru
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adagencypro.com
127.0.0.1 ads.adap.tv
127.0.0.1 ad.pop1.adbn.ru
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
127.0.0.1 adc2.adcentriconline.com
127.0.0.1 adcp.adcentriconline.com
127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
127.0.0.1 content.adcentriconline.com
127.0.0.1 media.adcentriconline.com
127.0.0.1 publicis.adcentriconline.com
127.0.0.1 ad-clix.com
127.0.0.1 www.ad-clix.com
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
127.0.0.1 e13.media.addynamix.com
127.0.0.1 www.adeos.eu
127.0.0.1 adcode.adengage.com
127.0.0.1 stats2.adengage.com
127.0.0.1 www.adengage.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com
127.0.0.1 www.ad4ever.com
127.0.0.1 track.adform.net
127.0.0.1 adfun.ru
127.0.0.1 ad1.adfun.ru
127.0.0.1 ad2.adfun.ru
127.0.0.1 ad3.adfun.ru
127.0.0.1 ad4.adfun.ru
127.0.0.1 www.adfusion.com
127.0.0.1 harvest.adgardener.com
127.0.0.1 harvest6.adgardener.com
127.0.0.1 harvest7.adgardener.com
127.0.0.1 harvest8.adgardener.com
127.0.0.1 harvest11.adgardener.com
127.0.0.1 harvest12.adgardener.com
127.0.0.1 harvest13.adgardener.com
127.0.0.1 harvest163.adgardener.com
127.0.0.1 harvest176.adgardener.com
127.0.0.1 seeds.adgardener.com
127.0.0.1 www.adgroups.net
127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
127.0.0.1 www.adgauge.com
127.0.0.1 host1.adhese.be #[Adhese Datamine Tag]
127.0.0.1 host2.adhese.be
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net]
127.0.0.1 host4.adhese.be
127.0.0.1 ads.adhsm.adhese.com
127.0.0.1 pool.adhsm.adhese.com
127.0.0.1 ssl3.adhost.com
127.0.0.1 www2.adhost.com
127.0.0.1 ads.adhostingsolutions.com #[eTrust.Tracking.Cookie]
127.0.0.1 www.adimpact.com
127.0.0.1 www.adinventoryrecorder.com #[server down?]
127.0.0.1 adfarm1.adition.com
127.0.0.1 imagesrv.adition.com
127.0.0.1 ad.adition.net
127.0.0.1 adsearch.adkontekst.pl
127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking.Cookie]
127.0.0.1 pk.adlandpro.com
127.0.0.1 te.adlandpro.com #[eTrust.Tracking.Cookie]
127.0.0.1 trafficex.adlandpro.com
127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking.Cookie]
127.0.0.1 engine.adland.ru #[eTrust.Tracking.Cookie]
127.0.0.1 publicidad.adlead.com
127.0.0.1 www.adlimg03.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 rc.de.adlink.net #[eTrust.Tracking.Cookie]
127.0.0.1 tr.de.adlink.net
127.0.0.1 ads3.adman.gr #[eTrust.Tracking.Cookie]
127.0.0.1 r2d2.adman.gr
127.0.0.1 www.adminder.com #[SpySweeper.Spy.Cookie]
127.0.0.1 apps.admission.net #[Spotlight Ads]
127.0.0.1 appcache.admission.net
127.0.0.1 view.admission.net
127.0.0.1 rms.admeta.com #[admeta.basefarm.net][eTrust.Tracking.Cookie]
127.0.0.1 ads.admodus.com #[eTrust.Tracking.Cookie]
127.0.0.1 ad.adnet.biz #[eTrust.Tracking.Cookie]
127.0.0.1 engine.adnet.ru
127.0.0.1 ad2.adnetinteractive.com
127.0.0.1 ad.adnetwork.com.br
127.0.0.1 s1.ad.adocean.pl #[Ewido.Tracking.Cookie]
127.0.0.1 s2.ad.adocean.pl
127.0.0.1 s1.centrumcz.adocean.pl #[eTrust.Tracking.Cookie]
127.0.0.1 s1.cz.adocean.pl
127.0.0.1 s1.czgde.adocean.pl
127.0.0.1 s1.myao.adocean.pl
127.0.0.1 s1.skgde.adocean.pl
127.0.0.1 ad01.adonspot.com
127.0.0.1 ad02.adonspot.com
127.0.0.1 isohunt.adonspot.com
127.0.0.1 ab.adpro.com.ua
127.0.0.1 ac.adpro.com.ua
127.0.0.1 system.adquick.nl
127.0.0.1 www.adquest.nl
127.0.0.1 adreactor.com
127.0.0.1 adserver.adreactor.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 adx.adrenaline.cz
127.0.0.1 www.adscampaign.com
127.0.0.1 www.adsforindians.com
127.0.0.1 ad.adrefer.net
127.0.0.1 www.adreporting.com #[SunBelt.Adreporting.com]
127.0.0.1 cntr.adrime.com
127.0.0.1 images.adrime.com
127.0.0.1 ad.adriver.ru
127.0.0.1 www.adrotate.net
127.0.0.1 serv.ad-rotator.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ad.ads8.com
127.0.0.1 vip.ads8.com
127.0.0.1 www.ads183.com
127.0.0.1 ad.adsandads.net #[Trojan.Advatrix]
127.0.0.1 cpv.adsandads.net
127.0.0.1 antevenio.flux.ads-click.com
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
127.0.0.1 adservercentral.com
127.0.0.1 banners.adservercentral.com
127.0.0.1 www.adservercentral.com #[SunBelt.adservercentral.com]
127.0.0.1 adservicedomain.info
127.0.0.1 adsfac.net #[Facilitate Tracking Code]
127.0.0.1 images.adshuffle.com
127.0.0.1 this.content.served.by.adshuffle.com
127.0.0.1 adsaway.com #[HTML/TrojanDownloader.Agent.BP trojan]
127.0.0.1 www.adsaway.com #[Google.Warning]
127.0.0.1 adsfac.eu
127.0.0.1 www.adshot.de
127.0.0.1 network.adsmarket.com
127.0.0.1 allchix.adsmax.com
127.0.0.1 www2.adsmax.com
127.0.0.1 www.adsodainteractive.com
127.0.0.1 www.adspace.be
127.0.0.1 g.adspeed.net
127.0.0.1 ad-rotator.com #[adspeed.com]
127.0.0.1 serv.adspeed.com
127.0.0.1 www.adspeed.com
127.0.0.1 ads.adsponse.de
127.0.0.1 banner.adsrevenue.net
127.0.0.1 creative.adsrevenue.net
127.0.0.1 popunder.adsrevenue.net
127.0.0.1 adserve.adster.com
127.0.0.1 images.adster.com
127.0.0.1 adsvert.com
127.0.0.1 o.adtargeter.com
127.0.0.1 ads.adtiger.de
127.0.0.1 www.adtiger.de
127.0.0.1 ads.adgoto.com
127.0.0.1 adsrv.admindshare.com
127.0.0.1 adtology.com
127.0.0.1 adtology2.com
127.0.0.1 ad.adtoma.com
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com
127.0.0.1 www.adtrade.net
127.0.0.1 www.adtrader.com
127.0.0.1 ads.advancedpcmedia.com
127.0.0.1 survey.advantageresearch.com
127.0.0.1 ad.adver.com.tw
127.0.0.1 www.adventideas.com #[Adcycle]
127.0.0.1 www.adversal.com
127.0.0.1 www.adversalservers.com
127.0.0.1 ads.advertise.net
127.0.0.1 www.advertisingspaces.net
127.0.0.1 www.advertisingstats.com
127.0.0.1 advertisingpurchase.com
127.0.0.1 ad.adverticum.net
127.0.0.1 img.adverticum.net
127.0.0.1 imgs.adverticum.net
127.0.0.1 www.advertising365.com
127.0.0.1 ads.advertisingz.com
127.0.0.1 ad.advertstream.com
127.0.0.1 adviva.com
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net #[Panda.Spyware:Cookie/Adviva]
127.0.0.1 de.ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 www.traf.advscripts.com
127.0.0.1 ad.adworx.at
127.0.0.1 www.ad-z.de
127.0.0.1 banners.adzones.com
127.0.0.1 clicks.adzones.com
127.0.0.1 feeds.adzones.com
127.0.0.1 www.adzones.com
127.0.0.1 w.aeaer.com #[Google.Warning]
127.0.0.1 aeoworld.de
127.0.0.1 www.aeoworld.de #[W32/WMF-exploit]
127.0.0.1 banners.affilimatch.de
127.0.0.1 tracker.affistats.com #[msvrl.dll]
127.0.0.1 adz.afterdawn.net
127.0.0.1 ad.afy11.net
127.0.0.1 stats.agent.co.il
127.0.0.1 agentmediagroup.com #[Javascript.Exploit]
127.0.0.1 www.agentmediagroup.com
127.0.0.1 rmbannerserver.agestado.com.br
127.0.0.1 stats.agentinteractive.com
127.0.0.1 api.aggregateknowledge.com
127.0.0.1 aams1.aim4media.com
127.0.0.1 artwork.aim4media.com
127.0.0.1 www.aim4media.com #[SunBelt.Adserver.aim4media]
127.0.0.1 ads.airamerica.com
127.0.0.1 adserver.akqa.net #[Ad-Aware Tracking.Cookie]
127.0.0.1 aldorawar.com
127.0.0.1 www.aldorawar.com #[JS/Exploit.ADODB.Stream.NAP]
127.0.0.1 download.alexa.com #[Trackware.Alexa][SPYW_ALEXA.A]
127.0.0.1 download.china.alibaba.com #[Adware.AlibabaTB][AdWare.ToolBar.Alibabar.b]
127.0.0.1 ad.alldanzradio.com
127.0.0.1 tracking.allposters.com
127.0.0.1 ad.allstar.cz
127.0.0.1 bokee.allyes.com
127.0.0.1 demoafp.allyes.com
127.0.0.1 eastmoney.allyes.com
127.0.0.1 smarttrade.allyes.com
127.0.0.1 sroomafp.allyes.com
127.0.0.1 taobaoafp.allyes.com
127.0.0.1 tom.allyes.com
127.0.0.1 uuseeafp.allyes.com
127.0.0.1 www.almondnetworks.com
127.0.0.1 www.almoso3h.com #[Trojan-PSW.Win32.VB.cl]
127.0.0.1 www.alsaloumainvestment.com #[Win32/SpamTool.Gadina]
127.0.0.1 ad.altervista.org
127.0.0.1 pqwaker.altervista.org
127.0.0.1 bantam.ai.net
127.0.0.1 fiona.ai.net
127.0.0.1 adimg.alice.it
127.0.0.1 adv.alice.it
127.0.0.1 altmedia101.com
127.0.0.1 www.alldep.com #[Spamdexing]
127.0.0.1 adserver.alt.com
127.0.0.1 count1.altastat.com
127.0.0.1 feed1.altastat.com
127.0.0.1 www.alwayson-network.com
127.0.0.1 rcm.amazon.com
127.0.0.1 rcm-images.amazon.com
127.0.0.1 banner.ambercoastcasino.com
127.0.0.1 ads.amdmb.com
127.0.0.1 whos.amung.us #[WebBug]
127.0.0.1 advert.ananzi.co.za
127.0.0.1 advert2.ananzi.co.za
127.0.0.1 adserver.ancestry.com #[RealMedia]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 www.andyhoppe.com
127.0.0.1 ads.angryape.com
127.0.0.1 banners.ads.angryape.com
127.0.0.1 www.antarasystems.com
127.0.0.1 www.anticlown.com
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 www.arcadebannerexchange.com
127.0.0.1 ard114.info #[Spamdexing]
127.0.0.1 nu.arnostat.nl
127.0.0.1 demiurge.arstechnica.com
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.asia1.com.sg
127.0.0.1 asimpleinternet.com #[Tenebril.SpecialOffers]
127.0.0.1 www.asimpleinternet.com
127.0.0.1 ads.ask.com #[sv-click.looksmart.com]
127.0.0.1 www.askyaya.com #[SunBelt.AskYaya]
127.0.0.1 ads.aspalliance.com
127.0.0.1 ads.associatedcontent.com
127.0.0.1 f.astaz.info #[Malicious.Links.Codec]
127.0.0.1 www.ati-etailer.de
127.0.0.1 dist.atlas-ia.com #[ADW_ATLAST.A]
127.0.0.1 www.atlas-ia.com #[Adware.OfferAgent][Adware-Atlas]
127.0.0.1 ads.auctionads.com
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com
127.0.0.1 ads.auctioncity.co.nz
127.0.0.1 www.autosurfpro.com
127.0.0.1 ads.autotrader.co.za
127.0.0.1 adserving.autotrader.com #[SunBelt.AdServing.AutoTrader.com]
127.0.0.1 www.avsads.com
127.0.0.1 engine.awaps.net
127.0.0.1 www.axill.com
127.0.0.1 images.axill.in
127.0.0.1 www.axill.in
127.0.0.1 axload.to #[Adware.Webprefix][Trojan.Downloader.6588.E]
127.0.0.1 valid.axload.to
127.0.0.1 ayiosamvrosios.com #[Javascript.Exploit]
127.0.0.1 www.azads.net
127.0.0.1 azresults.com #[Spamdexing]
127.0.0.1 www.azresults.com
127.0.0.1 azsearch.org
127.0.0.1 adserver1.backbeatmedia.com
127.0.0.1 adserver1-images.backbeatmedia.com
127.0.0.1 bullseye.backbeatmedia.com
127.0.0.1 www.badhyip.org #[Google.Warning]
127.0.0.1 ads.badische-zeitung.de
127.0.0.1 bar.baidu.com #[Win32/Adware.Toolbar.Baidu][Sophos.JS/BDHelper-A]
127.0.0.1 download.baigoo.com #[AdWare.Win32.Baigoo.a][Trackware.Baigoo]
127.0.0.1 balticaffiliate.com #[Spamdexing]
127.0.0.1 www.baltictop.com
127.0.0.1 adsrv.bankrate.com
127.0.0.1 click.banneradv.com
127.0.0.1 adserver.banneradministration.com
127.0.0.1 www.bannerbox.cn
127.0.0.1 bannerboxes.com #[BannerBoxes Ad Code]
127.0.0.1 clicks.bannerboxes.com
127.0.0.1 feeds.bannerboxes.com
127.0.0.1 www.bannerboxes.com
127.0.0.1 www.banner-exchange.nl
127.0.0.1 ad.bannerhost.ru
127.0.0.1 www.bannerhouse.ru
127.0.0.1 banners.bannerlandia.com.ar
127.0.0.1 www.bannermanagement.nl
127.0.0.1 www.bannerout.com
127.0.0.1 www.banneroverdrive.com
127.0.0.1 www.bannerpromotion.it
127.0.0.1 www.bannerspace.com
127.0.0.1 www3.bannerspace.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com #[Tenebril.Tracking.Cookie]
127.0.0.1 www.bannerswap.ca
127.0.0.1 ads.vg.basefarm.net #[RealMedia]
127.0.0.1 ads.baz.ch
127.0.0.1 ad2.bbmedia.cz
127.0.0.1 bbeplayer.com #[WebBug]
127.0.0.1 stat.bdirect.ru
127.0.0.1 autocontext.begun.ru
127.0.0.1 promo.begun.ru
127.0.0.1 referal.begun.ru
127.0.0.1 adlogger.bertgeens.be
127.0.0.1 www.belstat.be
127.0.0.1 www.belstat.com
127.0.0.1 www.belstat.nl
127.0.0.1 oas.benchmark.fr #[RealMedia]
127.0.0.1 bengilani.com #[VBS/Envary.A]
127.0.0.1 bestinshowjewelry.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 www.bestinshowjewelry.com
127.0.0.1 webtrends.besite.be
127.0.0.1 www.bestofferdirect.com
127.0.0.1 bestsites.net.ru
127.0.0.1 www.besttoolbars.net #[ADW_TBARWIN32.A]
127.0.0.1 ads.betanews.com
127.0.0.1 banner.betfred.com
127.0.0.1 www.bettertextads.com
127.0.0.1 big4top.com
127.0.0.1 www.big4top.com #[IFrame.Exploit]
127.0.0.1 stats.big-boards.com
127.0.0.1 ad0.bigmir.net
127.0.0.1 ad1.bigmir.net
127.0.0.1 ad4.bigmir.net
127.0.0.1 ad5.bigmir.net
127.0.0.1 ad6.bigmir.net
127.0.0.1 ad7.bigmir.net
127.0.0.1 adi.bigmir.net
127.0.0.1 c.bigmir.net #[SecuritySpace.WebBug]
127.0.0.1 i.bigmir.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 counter.bigli.ru
127.0.0.1 bigstats.net
127.0.0.1 banex.bikers-engine.com
127.0.0.1 ad2.billboard.cz
127.0.0.1 adserver.bizhat.com
127.0.0.1 counter.bizland.com
127.0.0.1 dc.bizjournals.com
127.0.0.1 www1.bkyes.com
127.0.0.1 www.black-hole.co.uk
127.0.0.1 ads2.blastro.com
127.0.0.1 ads3.blastro.com
127.0.0.1 ads4.blastro.com
127.0.0.1 ads.blick.ch
127.0.0.1 streamstats1.blinkx.com
127.0.0.1 ads.blizzard.com
127.0.0.1 blogadswap.com
127.0.0.1 tracker.blogbeat.net
127.0.0.1 ads.blogdrive.com
127.0.0.1 banners.blogexplosion.com
127.0.0.1 counter.blogexplosion.com
127.0.0.1 blogtextlinks.blogexplosion.com
127.0.0.1 rentblog.blogexplosion.com
127.0.0.1 mapstats.blogflux.com
127.0.0.1 www.blogplaync.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 pcbutts1-therealtruth.blogspot.com
127.0.0.1 t.blogreaderproject.com #[WebBug]
127.0.0.1 blogmark.bokee.com #[Adware.BocaiToolbar]
127.0.0.1 track.blogcounter.de
127.0.0.1 www.blogcounter.de
127.0.0.1 adserver.bluewin.ch
127.0.0.1 www.bmmetrix.com #[WebBug][Tracking.Cookie]
127.0.0.1 ads.boardtracker.com
127.0.0.1 ranks.boardtracker.com
127.0.0.1 adimage.bokee.com
127.0.0.1 ad.bol.bg
127.0.0.1 adv.bol.bg
127.0.0.1 ads.bomis.com
127.0.0.1 banners.bookmaker.com
127.0.0.1 ccc.boolans.com #[Adware.Rugo]
127.0.0.1 err.boom.ru
127.0.0.1 www.borlander.cn #[Adware.Borlan]
127.0.0.1 www.borlander.com.cn #[ADSPY/Boran.X.19.C]
127.0.0.1 ads.brainiads.com #[server down?]
127.0.0.1 ads.breakthru.com
127.0.0.1 bans.bride.ru
127.0.0.1 ads.bridgetrack.com
127.0.0.1 cc.bridgetrack.com
127.0.0.1 citi.bridgetrack.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 citi.bridgetrack.com.edgesuite.net
127.0.0.1 rccl.bridgetrack.com #[MVPS.Criteria]
127.0.0.1 banners.broadwayworld.com
127.0.0.1 www.browserplugin.com #[HJTH.EroticAccess][wobz.de]
127.0.0.1 bsdpng.info
127.0.0.1 btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.bulletads.com
127.0.0.1 redemption.bullseye-media.net
127.0.0.1 users.bullseye-media.net
127.0.0.1 www.bullseye-media.net
127.0.0.1 bunnezone.com #[Win32/Jep.Russ]
127.0.0.1 burnsrecyclinginc.com #[Win32/TrojanDropper.Agent.NBX]
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 ad1.bustcash.com
127.0.0.1 www.buy404s.com
127.0.0.1 www.buycheapadvertising.com
127.0.0.1 buytraffic.cn
127.0.0.1 www.buzzclick.com
127.0.0.1 tr.buzzlogic.com
127.0.0.1 tracking.byindia.com
127.0.0.1 www.byip.cn #[Google.Warning]
127.0.0.1 multi.byulcom.com #[Win32/TrojanDownloader.Small.BIV]
127.0.0.1 ads.calgarystampede.com
127.0.0.1 canadianhw.ca #[VBS/Envary.A]
127.0.0.1 www.canadianhw.ca
127.0.0.1 ads.capablenet.com
127.0.0.1 images.cashfiesta.com #[AdWare.CashFiesta.a]
127.0.0.1 www.cashfiesta.com #[McAfee.Adware-CashFiesta]
127.0.0.1 www.cashfiesta.net
127.0.0.1 banner.casinoking.com #[AdWare.Win32.Casino.ae]
127.0.0.1 www.cashventure.com
127.0.0.1 ad.caradisiac.com
127.0.0.1 ads.cars.com
127.0.0.1 qi.ccbtv.net #[Google.Warning]
127.0.0.1 blockbuster.com.7.ccg360.com
127.0.0.1 blockbuster.med.ccg360.com
127.0.0.1 www.cd321.com
127.0.0.1 ads.cdfreaks.com #[eTrust.Ads.cdfreaks]
127.0.0.1 ads.cdrinfo.com
127.0.0.1 stats.cdrinfo.com #[WebBug]
127.0.0.1 www.celebritypicturesarchive.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 www.celebrity-pictures-world.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 clicktracker.centrum.cz
127.0.0.1 cetrk.com #[Crazy Egg]
127.0.0.1 cesp.be #[HTML/TrojanDownloader.Agent.NAB]
127.0.0.1 adserver.cducinema.com
127.0.0.1 counter.cgiworld.net
127.0.0.1 tracker.cgiworld.net
127.0.0.1 cts.channelintelligence.com #[switch.atdmt.com]
127.0.0.1 abc.checkm8.com
127.0.0.1 ny.checkm8.com
127.0.0.1 rmm1u.checkm8.com
127.0.0.1 web.checkm8.com #[CHECKM8 AD TAGS]
127.0.0.1 web2.checkm8.com
127.0.0.1 ads.checkm8.co.za
127.0.0.1 ads.chellomedia.com
127.0.0.1 ads.china.com
127.0.0.1 ad.chip.de
127.0.0.1 www.chsniper.com #[Downloader.Sniper]
127.0.0.1 chunkypig.com #[AdWare.Win32.Chiem.c]
127.0.0.1 www.chunkypig.com
127.0.0.1 ad.cibleclick.com #[eTrust.Cibleclick]
127.0.0.1 www.cibleclick.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 www.classicequipment.com #[Google.Warning]
127.0.0.1 board.classifieds1000.com
127.0.0.1 xp.classifieds1000.com
127.0.0.1 www.classifieds1000.com #[SiteAdvisor.classifieds1000.com]
127.0.0.1 images.clckm.com
127.0.0.1 pics.clckm.com #[Parking Service]
127.0.0.1 ads.clickad.com #[eTrust.Tracking.Cookie]
127.0.0.1 clickbank.net #[Ad-Aware.Tracking.Cookie]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank][Adware.ClickDLoader]
127.0.0.1 ssl.clickbank.net
127.0.0.1 zzz.clickbank.net #[Ewido.TrackingCookie.Clickbank]
127.0.0.1 publishers.clickbooth.com #[directleads.com]
127.0.0.1 clickboothlnk.com
127.0.0.1 www.clickboothlnk.com
127.0.0.1 j.clickdensity.com
127.0.0.1 r.clickdensity.com
127.0.0.1 cf-db01.clickfacts.com
127.0.0.1 server104.clickfacts.com #[ClickFacts Tracking Beacon]
127.0.0.1 www.clickmanage.com
127.0.0.1 clicktracks.com #[McAfee.Cookie-Clicktracks]
127.0.0.1 stats.clicktracks.com #[Tenebril.Tracking.Cookie]
127.0.0.1 stats1.clicktracks.com # [eTrust.Tracking.Cookie]
127.0.0.1 stats2.clicktracks.com #[SpySweeper.Spy.Cookie]
127.0.0.1 stats3.clicktracks.com
127.0.0.1 stats4.clicktracks.com
127.0.0.1 www.clicktracks.com #[SunBelt.ClickTracks]
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 hit.click2006.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com #[SunBelt.ClickHouse]
127.0.0.1 www.click-power.com #[Win32/TrojanDownloader.VB.JL][Win32.Virtumonde.by]
127.0.0.1 www.clicksbroker.com
127.0.0.1 ad1.clickhype.com #[Ewido.TrackingCookie.Clickhype]
127.0.0.1 redirect.clickshield.net
127.0.0.1 clickthru.net
127.0.0.1 ads.clickthru.net
127.0.0.1 icon.clickthru.net
127.0.0.1 clicktorrent.info
127.0.0.1 static.clicktorrent.info
127.0.0.1 www.clicktorrent.info #[phpAds]
127.0.0.1 www1.clicktorrent.info
127.0.0.1 norbert_sirot.club.fr #[Trojan-Spy.Win32.Banker.anv]
127.0.0.1 banner.clubdicecasino.com
127.0.0.1 adserver.clix.pt
127.0.0.1 ad.cmfu.com
127.0.0.1 www.cnstats.com
127.0.0.1 ad.coas2.co.kr
127.0.0.1 ads.cobrad.com
127.0.0.1 collectiveads.net
127.0.0.1 com.au.com #[Rogue/Suspect Affiliate.sites]
127.0.0.1 www.comclean.co.kr #[Spyware.Comclean]
127.0.0.1 comcord.info #[Spamdexing][server down?]
127.0.0.1 www.combimedia.nl #[server down?]
127.0.0.1 bdx.comclick.com
127.0.0.1 br.comclick.com
127.0.0.1 ct2.comclick.com #[Tenebril.Tracking.Cookie]
127.0.0.1 fl01.ct2.comclick.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Ewido.TrackingCookie.Comclick]
127.0.0.1 banners.commissionking.com
127.0.0.1 members.commissionmonster.com
127.0.0.1 aa.connextra.com
127.0.0.1 bb.connextra.com #[a22.g.akamai.net]
127.0.0.1 cc.connextra.com
127.0.0.1 dd.connextra.com
127.0.0.1 ee.connextra.com
127.0.0.1 ff.connextra.com #[a22.g.akamai.net]
127.0.0.1 data.connextra.com
127.0.0.1 linkexchange.consoleunderground.com
127.0.0.1 www.consoleunderground.com #[Adware.Begin2search]
127.0.0.1 ads.consumeraffairs.com
127.0.0.1 ads.contact.md
127.0.0.1 ads.contactmusic.com #[AdvertPro]
127.0.0.1 servedby.contextuad.org
127.0.0.1 svp.contextuad.org #[SunBelt.ContextuAd]
127.0.0.1 www.contextpanel.com #[searchant.com]
127.0.0.1 ads.console.net
127.0.0.1 banners.copyscape.com
127.0.0.1 www.counter-x.com
127.0.0.1 www.countit.ch
127.0.0.1 counter.co.kz
127.0.0.1 www.counter-gratis.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 www.countercentral.com
127.0.0.1 www.counterdata.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter-shop.net
127.0.0.1 htm-pop-ky.counterstat.net
127.0.0.1 www.counting4free.com
127.0.0.1 www.counter.cz
127.0.0.1 www.counti.de
127.0.0.1 www.countmypage.com
127.0.0.1 log1.countomat.com
127.0.0.1 connectionzone.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 test.coremetrics.com #[SpySweeper.Spy.Cookie]
127.0.0.1 twci.coremetrics.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 banner.coza.com
127.0.0.1 cp16688.cn #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 www.cp16688.cn #[VBS/TrojanDownloader.Psyme.FM]
127.0.0.1 www.cpaclicks.com #[Spamdexing]
127.0.0.1 server.cpmstar.com #[ads.shizmoo.com]
127.0.0.1 cracks.am #[eTrust.Cracks.am][ADW_CRAMTB.A]
127.0.0.1 www.cracks.am #[[bleep]-portal.com][Adware.CramToolbar]
127.0.0.1 ads.cracked.com
127.0.0.1 track.cracked.com
127.0.0.1 new.crashextads.co.uk
127.0.0.1 crawl.ws
127.0.0.1 cont.crawl.ws #[AdWare.Win32.MegaKiss.b]
127.0.0.1 www.crawl.ws
127.0.0.1 counter.credo.ru
127.0.0.1 www.cridem.org #[Win32/Spy.Banker.AHY]
127.0.0.1 ads.crosswinds.net
127.0.0.1 ads.crucialparadigm.com
127.0.0.1 cdn.crwdcntrl.net
127.0.0.1 media.customeracquisitionsite.com #[customeracquisitionsite.adlegend.com]
127.0.0.1 cxss358.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 banner.cybertechdev.com
127.0.0.1 cybertown.ru
127.0.0.1 search.cygo.net
127.0.0.1 www.cygo.net #[McAfee.Adware-Cygo]
127.0.0.1 ads.dada.it
127.0.0.1 www.dailykeys.com #[Google.Warning]
127.0.0.1 aj.daniweb.com
127.0.0.1 www.data-jpn.com #[Trojan.Pajatan]
127.0.0.1 banner.date.com #[Tenebril.Tracking.Cookie]
127.0.0.1 www.dateclix.com #[DateClix.com Banner Exchange Code]
127.0.0.1 datingbanners.net
127.0.0.1 ads.datinggold.com
127.0.0.1 ad.db3nf.com
127.0.0.1 dcstat.com
127.0.0.1 ads.dealnews.com
127.0.0.1 au.track.decideinteractive.com
127.0.0.1 au.link.decideinteractive.com
127.0.0.1 eu.link.decideinteractive.com
127.0.0.1 link.decideinteractive.com
127.0.0.1 www.decideinteractive.com
127.0.0.1 www.decideinteractive.co.uk
127.0.0.1 deepcom.com #[SiteAdvisor.deepcom.com]
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Microsoft]
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 ad.depositfiles.com
127.0.0.1 ad.detik.com
127.0.0.1 desire-search.com #[Spamdexing]
127.0.0.1 ads.deviantart.com
127.0.0.1 adsvr.deviantart.com
127.0.0.1 phpadsnew.devstart.com
127.0.0.1 www.dhtianyu.net #[Spamdexing]
127.0.0.1 banners.diariodelaltoaragon.es
127.0.0.1 track.did-it.com #[Panda.Spyware:Cookie/did-it]
127.0.0.1 counter.dieit.de
127.0.0.1 digiwexonline.com #[W32/Kibik.a]
127.0.0.1 www.digink.com #[PcTools.SysCheckBop32][server down?]
127.0.0.1 ads.digitalpoint.com
127.0.0.1 geo.digitalpoint.com
127.0.0.1 comm1.digits.com
127.0.0.1 counter.digits.com
127.0.0.1 ads.dir.bg
127.0.0.1 banners.dir.bg
127.0.0.1 ad.directaclick.com
127.0.0.1 direct-ip.com #[Adware-DirectIP][SecurityRisk.DirectIP][server down?]
127.0.0.1 www.direct-ip.com #[Adware-DirectIP][Adware-CommanderNET]
127.0.0.1 ad.directconnect.se
127.0.0.1 banners.directnic.com #[SecuritySpace.WebBug][MVPS.Criteria]
127.0.0.1 dnads.directnic.com
127.0.0.1 parked.directnic.com
127.0.0.1 stats.directnic.com
127.0.0.1 www.directnicparking.com
127.0.0.1 cache.directorym.com #[c2.mii.instacontent.net]
127.0.0.1 ads.directnetadvertising.net #[SiteAdvisor.directnetadvertising.net]
127.0.0.1 www.directnetadvertising.net #[Ad-Aware Tracking.Cookie]
127.0.0.1 direct-web.co.kr #[Adware-DirectWeb]
127.0.0.1 agentq.ditto.com
127.0.0.1 js.ditto.com
127.0.0.1 matrix.ditto.com
127.0.0.1 media.ditto.com #[a232.x.akamai.net]
127.0.0.1 www.ditto.com #[AdWare.Win32.Softomate.c]
127.0.0.1 cnads.dixcom.com
127.0.0.1 ads.djindexes.com
127.0.0.1 openads.dlg.cz
127.0.0.1 a.dlqm.net
127.0.0.1 dcww.dmcast.com #[Adware-DesktopMedia]
127.0.0.1 ad1.dmcmedia.co.kr
127.0.0.1 dmdl.dmcast.com
127.0.0.1 install.dmcast.com #[Adware-DesktopMedia.dr]
127.0.0.1 track.dmipartners.com
127.0.0.1 ad.dmpi.net
127.0.0.1 ad2.dmpi.net
127.0.0.1 ad3.dmpi.net
127.0.0.1 ad4.dmpi.net
127.0.0.1 ubnm.dmpi.net
127.0.0.1 rotabanner.dni.ru
127.0.0.1 searchportal.dnparking.com #[Parking Service]
127.0.0.1 www.dnscaching.net #[SiteAdvisor.dnscaching.net]
127.0.0.1 dnv-counter.com
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 www.dodostats.com
127.0.0.1 a.doginhispen.com #[Downloader-BEW]
127.0.0.1 doorgen.com #[Spamdexing]
127.0.0.1 www.doorgen.com
127.0.0.1 ads.dotomi.com
127.0.0.1 www.download-services.com #[VBA32.Trojan-Downloader.Agent.26]
127.0.0.1 www.downseek.com #[SunBelt.DownSeek Search]
127.0.0.1 banners.dpnet.com.br
127.0.0.1 drmx01.net #[Spamdexing]
127.0.0.1 counter.dreamhost.com
127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
127.0.0.1 www.dreamadvert.com #[SunBelt.Dreamadvert]
127.0.0.1 www.dropthehammer.com #[Win32/Spy.Banker.AHY]
127.0.0.1 ads.drugs.com
127.0.0.1 b.ds1.nl
127.0.0.1 ddd.dudu.com #[Tenebril.DuDu Accelerator]
127.0.0.1 ulink4.dudu.com #[Adware.DDDClient][SunBelt.DuDuAccelerator]
127.0.0.1 ulink13.dudu.com #[Win32/Adware.DM]
127.0.0.1 www.dudu.com #[McAfee.Downloader-AVV]
127.0.0.1 www.duenow.com
127.0.0.1 dukasound.info #[Javascript.Exploit]
127.0.0.1 www.dutty.de #[W32.Peerload.A]
127.0.0.1 www.dzy520.com #[Google.Warning]
127.0.0.1 hits.e.cl
127.0.0.1 banners.earnunited.com
127.0.0.1 blogads.ebanner.nl
127.0.0.1 www.e-bannerx.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 www.earncashontheinternet.com #[SunBelt.OpinionBar]
127.0.0.1 click.easilyfound.com #[Tenebril.AdTraffic]
127.0.0.1 www.easilyfound.com
127.0.0.1 www.eastworldnetwork.com
127.0.0.1 www.easycounter.com
127.0.0.1 banners.easydns.com
127.0.0.1 easyhitcounters.com
127.0.0.1 beta.easyhitcounters.com
127.0.0.1 easytrader.bg
127.0.0.1 static.easytrader.bg
127.0.0.1 www.ebannertraffic.com
127.0.0.1 easy-web-stats.com
127.0.0.1 mailer.ebates.com
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 ads.eccentrix.com
127.0.0.1 b.economedia.bg #[ban.etaligent.net]
127.0.0.1 ads.ecrush.com #[AdvertPro]
127.0.0.1 www.eden21.net #[Win32/Haxdoor][TR/Dldr.Botol.D.1]
127.0.0.1 c6.edgesuite.net #[RealMedia]
127.0.0.1 einfachstarten.com #[Trojan.Firpage]
127.0.0.1 eisenstein.dk #[tracking.ping]
127.0.0.1 www.ejmx.com #[Adware.ElectroJMX]
127.0.0.1 ad.e-kolay.net
127.0.0.1 www.ek21.com #[Trojan.Chost.B]
127.0.0.1 ads.elmaz.com
127.0.0.1 now.eloqua.com #[WebBug]
127.0.0.1 ads.eluniversal.com.mx
127.0.0.1 hits.eluniversal.com.mx
127.0.0.1 publicidad.eluniversal.com.mx
127.0.0.1 elwebsearch.info #[Malicious.Links.Umax]
127.0.0.1 wwv.elwebsearch.info
127.0.0.1 www.elwebsearch.info
127.0.0.1 ad1.emediate.dk
127.0.0.1 eas.apm.emediate.eu
127.0.0.1 ad1.emediate.se
127.0.0.1 www.emoinstaller.com #[Win32/Adware.NdotNet][SiteAdvisor.emoinstaller.com]
127.0.0.1 www.emusic.com #[Win32/Adware.Comet][MVPS.Criteria]
127.0.0.1 dotnet.endai.com
127.0.0.1 stats.engineseeker.com
127.0.0.1 entk.net
127.0.0.1 log.enquisite.com
127.0.0.1 adv.entercasino.com #[Adware.Casino.V]
127.0.0.1 enthro.com
127.0.0.1 enthro.info #[Malicious.Links.DriveCleaner]
127.0.0.1 enthro.net
127.0.0.1 enthro.org
127.0.0.1 ads.eog.com
127.0.0.1 ads.e-planning.net
127.0.0.1 ads.us.e-planning.net
127.0.0.1 adserving03.epi.es
127.0.0.1 www.e-referrer.com
127.0.0.1 launcheruk.escritorioactivo.com
127.0.0.1 vipuk.escritorioactivo.com #[HJTH.123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[eTrust.EScorcher]
127.0.0.1 search.etargetnet.com
127.0.0.1 bg.search.etargetnet.com
127.0.0.1 cz.search.etargetnet.com
127.0.0.1 gtb.etology.com
127.0.0.1 pages.etology.com
127.0.0.1 www.etracker.de
127.0.0.1 www.etxh.com #[Win32/Prosti.C]
127.0.0.1 ads.ere.net
127.0.0.1 ads.ero-advertising.com
127.0.0.1 banners.ero-advertising.com
127.0.0.1 data.ero-advertising.com
127.0.0.1 thumbs.ero-advertising.com
127.0.0.1 adopt.euroclick.com #[Ewido.TrackingCookie.Euroclick]
127.0.0.1 cdn.euroclick.com
127.0.0.1 www.euroklik.nl #[EasyBar][HJTH.SinCity Dialer]
127.0.0.1 advert.eurotip.cz
127.0.0.1 www.euros4click.de
127.0.0.1 ad.eurosport.com #[oas.eurosport.com]
127.0.0.1 www.eurowebstats.com
127.0.0.1 www.everestpoker.com #[AdWare.Win32.Casino.t]
127.0.0.1 advert.exaccess.ru
127.0.0.1 dynamic.exaccess.ru
127.0.0.1 static.exaccess.ru
127.0.0.1 www.exchangead.com
127.0.0.1 exchange.bg
127.0.0.1 media.exchange.bg
127.0.0.1 www.exchange.bg
127.0.0.1 exitexchange.com #[SiteAdvisor.exitexchange.com]
127.0.0.1 ads.exitexchange.com
127.0.0.1 count.exitexchange.com #[McAfee.Cookie-Exitexchange]
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.exittrade.com
127.0.0.1 nyton.experclick.com #[p.mii.instacontent.net]
127.0.0.1 www.experclick.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ads.expressindia.com
127.0.0.1 banners.expressindia.com
127.0.0.1 cdn.eyewonder.com #[SunBelt.EyeWonder]
127.0.0.1 cdn4.eyewonder.com
127.0.0.1 pixel1097.everesttech.net
127.0.0.1 pixel1324.everesttech.net
127.0.0.1 pixel1370.everesttech.net
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 www.ewebcounter.com
127.0.0.1 ads2.exhedra.com
127.0.0.1 ads.expedia.com
127.0.0.1 www.eyeget.com #[McAfee.Adware-EyeGet]
127.0.0.1 feedback.eyereturn.com
127.0.0.1 resources.eyereturn.com
127.0.0.1 timespent.eyereturn.com
127.0.0.1 voken.eyereturn.com
127.0.0.1 ads.ezboard.com
127.0.0.1 eziin.com #[Adware.Eziin]
127.0.0.1 www.eziin.com
127.0.0.1 www.ezurl.co.kr #[Spyware.Ezurl]
127.0.0.1 ads.facebook.com #[facebook-ads.vo.llnwd.net]
127.0.0.1 ads.ak.facebook.com
127.0.0.1 www.factorygames.com #[SiteAdvisor.factorygames.com]
127.0.0.1 banner.fairpoker.com #[AdWare.Win32.Casino.w]
127.0.0.1 ehs.familydoctor.org #[ads.digitalhealthcare.com]
127.0.0.1 tmp.farfly.org #[Trojan.Farfli]
127.0.0.1 www.fast-adv.it
127.0.0.1 www.fastfind.org #[TROJ_STARTPAG.KF][Win32/Adware.MediaBack]
127.0.0.1 fastonlineusers.com
127.0.0.1 fasttrack.nu
127.0.0.1 fastwebcounter.com
127.0.0.1 counter.fateback.com
127.0.0.1 www.fatpenguinmedia.com
127.0.0.1 counter1.fc2.com
127.0.0.1 filcu.cn #[Malicious.Links.Codec]
127.0.0.1 alex.fileburst.com #[Win32/TrojanDropper.Agent.NBT]
127.0.0.1 adserver.filefront.com #[Ad-Aware.Tracking.Cookie]
127.0.0.1 adserver.finditquick.com
127.0.0.1 findover.org #[Spamdexing]
127.0.0.1 search.findscout.com
127.0.0.1 www.findscout.com #[W32/Delf.KPZ]
127.0.0.1 ai.p.findology.com
127.0.0.1 banner.finn.no
127.0.0.1 ads.firingsquad.com
127.0.0.1 ads2.firingsquad.com
127.0.0.1 firstdor.info #[Spamdexing]
127.0.0.1 ads.firstgrand.com
127.0.0.1 fishclix.com
127.0.0.1 www.fishclix.com
127.0.0.1 www.fish-screensaver.com #[AdWare.Win32.Gator.1008]
127.0.0.1 www.fjordbergen.com #[Win32/Spy.Banker.BIG]
127.0.0.1 www.fjjyjy.net #[Win32/Hipigon][W32.Fijjy]
127.0.0.1 www.flashadengine.com
127.0.0.1 cdn.flashedmail.com #[Parked?]
127.0.0.1 tracker1.flashedmail.com
127.0.0.1 adserver4.fluent.ltd.uk
127.0.0.1 adserver.fmpub.net
127.0.0.1 dynamic.fmpub.net
127.0.0.1 static.fmpub.net
127.0.0.1 ads.fmwinc.com
127.0.0.1 rnews.focus-news.net
127.0.0.1 adcycle.footymad.net
127.0.0.1 www.forodeortodoncia.com #[Backdoor.IRC.Zapchast]
127.0.0.1 js.forrestersurveys.com
127.0.0.1 socratos.forrestersurveys.com
127.0.0.1 forso.info #[Malicious.Links.Codec]
127.0.0.1 akcr.free.fr #[Win32/Spy.Bancos.U]
127.0.0.1 googlelite.free.fr #[Spamdexing]
127.0.0.1 ad.freecity.de
127.0.0.1 ads05.freecity.de
127.0.0.1 freecounters.xp.tl
127.0.0.1 www.free-counter.com
127.0.0.1 maurobb.freecounter.it
127.0.0.1 www.freecounter.it
127.0.0.1 securinews.free.fr #[Trojan.Hexem]
127.0.0.1 www.freedownloadhq.com #[SiteAdvisor.freedownloadhq.com]
127.0.0.1 ad.freefind.com
127.0.0.1 adverts.freeloader.com
127.0.0.1 freelogs.com
127.0.0.1 bar.freelogs.com
127.0.0.1 goo.freelogs.com
127.0.0.1 htm.freelogs.com
127.0.0.1 ico.freelogs.com
127.0.0.1 joe.freelogs.com
127.0.0.1 mom.freelogs.com
127.0.0.1 xyz.freelogs.com
127.0.0.1 freemoviepro.com #[Win32/Adware.Webdesk]
127.0.0.1 www.freemoviepro.com
127.0.0.1 adserver.freenet.de
127.0.0.1 freeonlineusers.com
127.0.0.1 www.free-ranking.de
127.0.0.1 www.freerip.com #[AdTool.Win32.MyWebSearch.ak]
127.0.0.1 banner-server.freerun.com
127.0.0.1 free-stats.com
127.0.0.1 abbyssh.freestats.com
127.0.0.1 insurancejournal.freestats.com
127.0.0.1 www.freestats.ws
127.0.0.1 banners.freett.com
127.0.0.1 count.freett.com
127.0.0.1 counters.freewebs.com
127.0.0.1 ads.freeonlinegames.com
127.0.0.1 stats.freeonlinegames.com
127.0.