I got the files downloaded and ran the programs. Here are the output files.
Main.txtDeckard's System Scanner v20071014.68
Run by Jason Love on 2008-03-12 22:54:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 3 Restore Point(s) --
3: 2008-03-13 03:54:48 UTC - RP139 - Deckard's System Scanner Restore Point
2: 2008-03-11 05:12:27 UTC - RP138 - Installed SUPERAntiSpyware Free Edition
1: 2008-03-11 02:38:03 UTC - RP137 - Before Cleaning
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 82% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis (run as Jason Love.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:55:54 PM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Utilities\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jason Love.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cox.net/R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.britannic...ID=382K00033456R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
http://localhost;R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: (no name) - {0068c128-1dd2-11b2-b257-cbd94ce16222} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [rirotkbw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\rirotkbw.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Ebates - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.78/webplugin.cabO16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} -
http://www.alwaysupd...ll/aun_0032.exeO16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} -
http://www.pacimedia...ll/pcs_0002.exeO16 - DPF: {EB623776-492A-42CA-9571-3AA39F58530B} -
http://www.alwaysupd...ll/aun_0032.exeO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SleepApp - {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\system32\sleep32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 6606 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080309-220005-617 O9 - Extra button: Ebates - {F2B441CC-E026-47fb-BDC3-A07750FA3D2C} - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm (file missing) (HKCU)
backup-20080309-220005-700 O8 - Extra context menu item: Ebates. - file://C:\Program Files\EbatesMoeMoneyMaker4\ebatessmmm\ebatestmmm\ebmmC0.htm
backup-20080309-220504-249 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20080309-220504-854 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
backup-20080309-220556-838 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
backup-20080309-220630-639 R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
backup-20080309-220657-504 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
backup-20080309-220757-803 O2 - BHO: (no name) - {0068c128-1dd2-11b2-b257-cbd94ce16222} - C:\WINDOWS\jipytmzc.dll
backup-20080309-220902-290 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
All services whitelisted.
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Scheduled Tasks -------------------------------------------------------------
2008-03-12 22:55:35 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
-- Files created between 2008-02-12 and 2008-03-12 -----------------------------
2008-03-12 22:44:03 2208 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-12 22:42:35 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-12 22:42:35 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-12 22:42:35 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-12 22:42:35 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-12 22:42:35 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-03-12 22:42:35 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-12 22:42:35 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-11 00:12:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-11 00:12:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-11 00:12:29 0 d-------- C:\Documents and Settings\Jason Love\Application Data\SUPERAntiSpyware.com
2008-03-10 21:41:04 0 d-------- C:\Documents and Settings\Jason Love\Application Data\Google
2008-03-10 21:17:24 0 d-------- C:\Documents and Settings\Jason Love\Application Data\Grisoft
2008-03-09 23:48:22 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-09 23:48:22 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-09 23:48:22 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-09 23:48:22 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-09 21:52:58 0 d-------- C:\Program Files\Trend Micro
2008-03-09 15:37:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:20:21 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-09 14:58:41 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-03-09 14:58:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-03-09 14:58:00 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-03-09 11:03:06 0 d--hs---- C:\WINDOWS\system32\wsnpoem
2008-03-09 10:43:02 0 d-------- C:\Program Files\Windows Defender
2008-03-09 10:39:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-09 08:59:45 0 d-------- C:\Program Files\Lavasoft
2008-03-09 08:59:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-09 08:54:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-09 08:50:16 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-09 08:30:32 0 d-------- C:\Program Files\Utilities
2008-03-05 23:41:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-05 23:37:56 0 d-------- C:\Program Files\AVG
2008-03-05 23:19:23 261120 --a------ C:\WINDOWS\system32\sleep32.dll
2008-03-05 23:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-05 23:12:40 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-05 23:07:11 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-05 22:50:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-03-05 22:49:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-03-05 22:49:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-05 22:49:41 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-05 22:49:41 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-05 22:49:41 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-05 22:49:41 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-05 22:49:41 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-03-05 22:49:41 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-05 22:49:41 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-03-05 22:49:41 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-05 22:49:41 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-05 22:49:41 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
-- Find3M Report ---------------------------------------------------------------
2008-03-09 23:53:07 0 d-------- C:\Program Files\Common Files
2008-03-05 23:23:55 0 d-------- C:\Program Files\Google
2008-03-05 23:14:25 0 d-------- C:\Program Files\Common Files\Adobe
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0068c128-1dd2-11b2-b257-cbd94ce16222}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [08/03/2001 09:24 PM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe" [07/03/2001 10:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/19/2005 11:17 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"rirotkbw"="regsvr32 /u C:\Documents and Settings\All Users\Application Data\rirotkbw.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/06/2004 04:33 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [03/05/2008 11:14 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 3:05:56 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SleepApp"= {C315CF32-135F-3112-31AC-F611D777C63D} - C:\WINDOWS\system32\sleep32.dll [03/05/2008 11:19 PM 261120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/2007 11:39 AM 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- Hosts -----------------------------------------------------------------------
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
8002 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-03-12 22:56:43 ------------
Extra.txtDeckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 1.60GHz
Percentage of Memory in Use: 78%
Physical Memory (total/avail): 255.3 MiB / 55.69 MiB
Pagefile Memory (total/avail): 618.04 MiB / 289.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1950.48 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 37.24 GiB total, 32.21 GiB free.
D: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - ST340016A - 37.27 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 37.24 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jason Love\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAN-LEVKTWAXJDC
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jason Love
LOGONSERVER=\\SAN-LEVKTWAXJDC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JASONL~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JASONL~1\LOCALS~1\Temp
USERDOMAIN=SAN-LEVKTWAXJDC
USERNAME=Jason Love
USERPROFILE=C:\Documents and Settings\Jason Love
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Jason Love
(admin)Administrator
(admin)Guest
(guest)-- Add/Remove Programs ---------------------------------------------------------
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Conexant HSF V92 56K Data Fax PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2013&SUBSYS_021213E0\HxFSETUP.EXE -U -IVEN_14F1&DEV_2013&SUBSYS_021213E0
DAO 3.5 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intuit\DAO 3.5\Uninst.isu"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\Setup.exe" --MAIN -l9
Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Yahoo! SiteBuilder --> C:\PROGRA~1\JavaSoft\JRE1.4\14267D~1.1\bin\javaw.exe -cp C:\PROGRA~1\JavaSoft\JRE1.4\14267D~1.1\JEXPRE~1.JAR com.denova.JExpress.Uninstaller.JUninstall C:\PROGRA~1\YAHOOS~1\JExpress\UNINST~1
-- Application Event Log -------------------------------------------------------
Event Record #/Type1931 / Warning
Event Submitted/Written: 03/12/2008 10:38:46 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type1926 / Warning
Event Submitted/Written: 03/12/2008 10:29:15 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type1917 / Warning
Event Submitted/Written: 03/11/2008 07:01:18 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
Event Record #/Type1916 / Error
Event Submitted/Written: 03/11/2008 02:11:13 AM
Event ID/Source: 5000 / MPSampleSubmission
Event Description:
mptelemetry8024402cendsearchsearch1.1.1593.0mpsigdwn.dll1.1.1593.0windows defenderNILNILNIL
Event Record #/Type1910 / Warning
Event Submitted/Written: 03/10/2008 11:10:13 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type5686 / Warning
Event Submitted/Written: 03/12/2008 10:56:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%SAN-LEVKTWAXJDC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %SAN-LEVKTWAXJDC27 can't undo changes that you allow.
For more information please see the following:
%SAN-LEVKTWAXJDC275
Scan ID: {0CE0CD6E-AFFE-4B71-8263-6B871E46EA30}
User: SAN-LEVKTWAXJDC\Jason Love
Name: %SAN-LEVKTWAXJDC271
ID: %SAN-LEVKTWAXJDC272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %SAN-LEVKTWAXJDC276
Alert Type: %SAN-LEVKTWAXJDC278
Detection Type: 1.1.1593.02
Event Record #/Type5685 / Warning
Event Submitted/Written: 03/12/2008 10:56:01 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%SAN-LEVKTWAXJDC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %SAN-LEVKTWAXJDC27 can't undo changes that you allow.
For more information please see the following:
%SAN-LEVKTWAXJDC275
Scan ID: {77ABBB99-BAE8-4F24-A0EA-CF75FE65A4A3}
User: SAN-LEVKTWAXJDC\Jason Love
Name: %SAN-LEVKTWAXJDC271
ID: %SAN-LEVKTWAXJDC272
Severity: 1.1.1593.05
Category: 1.1.1593.06
Path Found: %SAN-LEVKTWAXJDC276
Alert Type: %SAN-LEVKTWAXJDC278
Detection Type: 1.1.1593.02
Event Record #/Type5665 / Error
Event Submitted/Written: 03/12/2008 10:51:04 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type5664 / Error
Event Submitted/Written: 03/12/2008 10:45:55 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
Event Record #/Type5663 / Error
Event Submitted/Written: 03/12/2008 10:41:31 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31
-- End of Deckard's System Scanner: finished at 2008-03-12 22:56:43 ------------
SmitfraudfixSmitFraudFix v2.301
Scan done at 22:43:20.39, Wed 03/12/2008
Run from C:\Program Files\Utilities\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.139mm.com
127.0.0.1 139mm.com
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
127.0.0.1 171203.com
127.0.0.1 17-plus.com
127.0.0.1 www.1800searchonline.com
127.0.0.1 1800searchonline.com
127.0.0.1 www.180searchassistant.com
127.0.0.1 180searchassistant.com
127.0.0.1 www.180solutions.com
127.0.0.1 180solutions.com
127.0.0.1 www.181.365soft.info
127.0.0.1 181.365soft.info
127.0.0.1 www.1987324.com
127.0.0.1 1987324.com
127.0.0.1 www.1-domains-registrations.com
127.0.0.1 1-domains-registrations.com
127.0.0.1 www.1-extreme.biz
127.0.0.1 1-extreme.biz
127.0.0.1 www.1sexparty.com
127.0.0.1 1sexparty.com
127.0.0.1 www.1stantivirus.com
127.0.0.1 1stantivirus.com
127.0.0.1 www.1stpagehere.com
127.0.0.1 1stpagehere.com
127.0.0.1 www.1stsearchportal.com
127.0.0.1 1stsearchportal.com
127.0.0.1 2.82211.net
127.0.0.1 www.2006ooo.com
127.0.0.1 www.2007-download.com
127.0.0.1 2007-download.com
127.0.0.1 www.2020search.com
127.0.0.1 2020search.com
127.0.0.1 20x2p.com
127.0.0.1 www.24.365soft.info
127.0.0.1 24.365soft.info
127.0.0.1 www.24-7pharmacy.info
127.0.0.1 24-7pharmacy.info
127.0.0.1 www.24-7searching-and-more.com
127.0.0.1 24-7searching-and-more.com
127.0.0.1 www.24teen.com
127.0.0.1 24teen.com
127.0.0.1 www.2every.net
127.0.0.1 2every.net
127.0.0.1 2ndpower.com
127.0.0.1 www.2search.com
127.0.0.1 2search.com
127.0.0.1 www.2search.org
127.0.0.1 2search.org
127.0.0.1 www.2squared.com
127.0.0.1 2squared.com
127.0.0.1 www.3322.org
127.0.0.1 3322.org
127.0.0.1 365soft.info
127.0.0.1 www.36site.com
127.0.0.1 36site.com
127.0.0.1 3721.com
127.0.0.1 39-93.com
127.0.0.1 www.3abetterinternet.com
127.0.0.1 3abetterinternet.com
127.0.0.1 www.3bay.it
127.0.0.1 3bay.it
127.0.0.1 www.3ebay.it
127.0.0.1 3ebay.it
127.0.0.1 www.3xclipsonline.com
127.0.0.1 3xclipsonline.com
127.0.0.1 www.3xcurves.com
127.0.0.1 3xcurves.com
127.0.0.1 www.3xfestival.com
127.0.0.1 3xfestival.com
127.0.0.1 www.3x-festival.com
127.0.0.1 3x-festival.com
127.0.0.1 www.3x-galls.com
127.0.0.1 3x-galls.com
127.0.0.1 www.3xmiracle.com
127.0.0.1 3xmiracle.com
127.0.0.1 www.3xmoviesblog.com
127.0.0.1 3xmoviesblog.com
127.0.0.1 www.404dns.com
127.0.0.1 404dns.com
127.0.0.1 www.4199.com
127.0.0.1 4199.com
127.0.0.1 www.4corn.net
127.0.0.1 4corn.net
127.0.0.1 www.4ebay.it
127.0.0.1 4ebay.it
127.0.0.1 4klm.com
127.0.0.1 www.4mpg.com
127.0.0.1 4mpg.com
127.0.0.1 www.4repubblica.it
127.0.0.1 4repubblica.it
127.0.0.1 www.4softget.com
127.0.0.1 4softget.com
127.0.0.1 www.5iscali.it
127.0.0.1 5iscali.it
127.0.0.1 www.5repubblica.it
127.0.0.1 5repubblica.it
127.0.0.1 www.5starvideos.com
127.0.0.1 5starvideos.com
127.0.0.1 www.5tiscali.it
127.0.0.1 5tiscali.it
127.0.0.1 www.5zgmu7o20kt5d8yq.com
127.0.0.1 5zgmu7o20kt5d8yq.com
127.0.0.1 www.680180.net
127.0.0.1 680180.net
127.0.0.1 www.6iscali.it
127.0.0.1 6iscali.it
127.0.0.1 www.6njaga.com
127.0.0.1 6njaga.com
127.0.0.1 www.6sek.com
127.0.0.1 6sek.com
127.0.0.1 www.6tiscali.it
127.0.0.1 6tiscali.it
127.0.0.1 www.70-music.com
127.0.0.1 70-music.com
127.0.0.1 www.7322.com
127.0.0.1 7322.com
127.0.0.1 75tz.com
127.0.0.1 www.777search.com
127.0.0.1 777search.com
127.0.0.1 www.777top.com
127.0.0.1 777top.com
127.0.0.1 www.7939.com
127.0.0.1 7939.com
127.0.0.1 www.7search.com
127.0.0.1 7search.com
127.0.0.1 80gw6ry3i3x3qbrkwhxhw.032439.com
127.0.0.1 www.80-music.com
127.0.0.1 80-music.com
127.0.0.1 82211.net
127.0.0.1 8866.org
127.0.0.1 www.888.com
127.0.0.1 888.com
127.0.0.1 www.8ad.com
127.0.0.1 8ad.com
127.0.0.1 www.90-music.com
127.0.0.1 90-music.com
127.0.0.1 www.9505.com
127.0.0.1 9505.com
127.0.0.1 www.971searchbox.com
127.0.0.1 971searchbox.com
127.0.0.1 a.bestmanage.org
127.0.0.1 www.aaabesthomepage.com
127.0.0.1 aaabesthomepage.com
127.0.0.1 aaasexypics.com
127.0.0.1 www.aaawebfinder.com
127.0.0.1 aaawebfinder.com
127.0.0.1 www.aaqadarsztriv.com
127.0.0.1 aaqadarsztriv.com
127.0.0.1 www.aaqada-rsztriv.com
127.0.0.1 aaqada-rsztriv.com
127.0.0.1 www.aaqadaueorn.com
127.0.0.1 aaqadaueorn.com
127.0.0.1 www.aaqada-ueorn.com
127.0.0.1 aaqada-ueorn.com
127.0.0.1 www.aaqada-ygco.com
127.0.0.1 aaqada-ygco.com
127.0.0.1 www.aaqada-ymct.com
127.0.0.1 aaqada-ymct.com
127.0.0.1 aavc.com
127.0.0.1 www.abcdperformance.com
127.0.0.1 abcdperformance.com
127.0.0.1 www.abc-find.info
127.0.0.1 abc-find.info
127.0.0.1 www.abcsearch.com
127.0.0.1 abcsearch.com
127.0.0.1 www.abetterinternet.com
127.0.0.1 abetterinternet.com
127.0.0.1 www.abnetsoft.info
127.0.0.1 abnetsoft.info
127.0.0.1 www.aboutclicker.com
127.0.0.1 aboutclicker.com
127.0.0.1 www.abrp.net
127.0.0.1 abrp.net
127.0.0.1 www.absolutee.com
127.0.0.1 absolutee.com
127.0.0.1 www.abyssmedia.com
127.0.0.1 abyssmedia.com
127.0.0.1 www.ac66.cn
127.0.0.1 ac66.cn
127.0.0.1 access.Navinetwork.com
127.0.0.1 access.rapid-pass.net
127.0.0.1 www.accessactivexvideo.com
127.0.0.1 accessactivexvideo.com
127.0.0.1 www.accessclips.com
127.0.0.1 accessclips.com
127.0.0.1 www.access-dvd.com
127.0.0.1 access-dvd.com
127.0.0.1 www.accesskeygenerator.com
127.0.0.1 accesskeygenerator.com
127.0.0.1 www.accessorygeeks.com
127.0.0.1 accessorygeeks.com
127.0.0.1 www.accessthefuture.net
127.0.0.1 accessthefuture.net
127.0.0.1 www.accessvid.net
127.0.0.1 accessvid.net
127.0.0.1 www.acemedic.com
127.0.0.1 acemedic.com
127.0.0.1 www.ace-webmaster.com
127.0.0.1 ace-webmaster.com
127.0.0.1 acjp.com
127.0.0.1 www.acrobat-2007.com
127.0.0.1 acrobat-2007.com
127.0.0.1 www.acrobat-8.com
127.0.0.1 acrobat-8.com
127.0.0.1 www.acrobat-center.com
127.0.0.1 acrobat-center.com
127.0.0.1 www.acrobat-hq.com
127.0.0.1 acrobat-hq.com
127.0.0.1 www.acrobatreader-8.com
127.0.0.1 acrobatreader-8.com
127.0.0.1 www.acrobat-reader-8.de
127.0.0.1 acrobat-reader-8.de
127.0.0.1 www.acrobat-stop.com
127.0.0.1 acrobat-stop.com
127.0.0.1 www.actionbreastcancer.org
127.0.0.1 actionbreastcancer.org
127.0.0.1 www.activesearcher.info
127.0.0.1 activesearcher.info
127.0.0.1 www.activexaccessobject.com
127.0.0.1 activexaccessobject.com
127.0.0.1 www.activexaccessvideo.com
127.0.0.1 activexaccessvideo.com
127.0.0.1 www.activexemedia.com
127.0.0.1 activexemedia.com
127.0.0.1 www.activexmediaobject.com
127.0.0.1 activexmediaobject.com
127.0.0.1 www.activexmediapro.com
127.0.0.1 activexmediapro.com
127.0.0.1 www.activexmediasite.com
127.0.0.1 activexmediasite.com
127.0.0.1 www.activexmediasoftware.com
127.0.0.1 activexmediasoftware.com
127.0.0.1 www.activexmediasource.com
127.0.0.1 activexmediasource.com
127.0.0.1 www.activexmediatool.com
127.0.0.1 activexmediatool.com
127.0.0.1 www.activexmediatour.com
127.0.0.1 activexmediatour.com
127.0.0.1 www.activexsoftwares.com
127.0.0.1 activexsoftwares.com
127.0.0.1 www.activexsource.com
127.0.0.1 activexsource.com
127.0.0.1 www.activexupdate.com
127.0.0.1 activexupdate.com
127.0.0.1 www.activexvideo.com
127.0.0.1 activexvideo.com
127.0.0.1 www.activexvideotool.com
127.0.0.1 activexvideotool.com
127.0.0.1 www.ad.marketingsector.com
127.0.0.1 ad.marketingsector.com
127.0.0.1 www.ad.mokead.com
127.0.0.1 ad.mokead.com
127.0.0.1 ad.oinadserver.com
127.0.0.1 ad.outerinfoads.com
127.0.0.1 ad25.com
127.0.0.1 ad45.com
127.0.0.1 ad77.com
127.0.0.1 ad86.com
127.0.0.1 www.adamsupportgroup.org
127.0.0.1 adamsupportgroup.org
127.0.0.1 www.adarmor.com
127.0.0.1 adarmor.com
127.0.0.1 www.adasearch.com
127.0.0.1 adasearch.com
127.0.0.1 adaware.cc
127.0.0.1 www.adawarenow.com
127.0.0.1 adawarenow.com
127.0.0.1 adchannel.contextplus.net
127.0.0.1 www.addetect.com
127.0.0.1 addetect.com
127.0.0.1 www.add-hhh.info
127.0.0.1 add-hhh.info
127.0.0.1 addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.com
127.0.0.1 www.addictivetechnologies.net
127.0.0.1 addictivetechnologies.net
127.0.0.1 addioerrori.com
127.0.0.1 www.addioerrori.com
127.0.0.1 www.add-manager.com
127.0.0.1 add-manager.com
127.0.0.1 adgate.info
127.0.0.1 www.adgate.info
127.0.0.1 adintelligence.net
127.0.0.1 www.adintelligence.net
127.0.0.1 adioserrores.com
127.0.0.1 www.adioserrores.com
127.0.0.1 www.adipics.com
127.0.0.1 adipics.com
127.0.0.1 adlogix.com
127.0.0.1 www.adlogix.com
127.0.0.1 www.admin2cash.biz
127.0.0.1 admin2cash.biz
127.0.0.1 adnet-plus.com
127.0.0.1 adnetserver.com
127.0.0.1 www.adnetserver.com
127.0.0.1 adobe-download-now.com
127.0.0.1 www.adobe-downloads.com
127.0.0.1 adobe-downloads.com
127.0.0.1 adobe-reader-8.fr
127.0.0.1 www.adobe-reader-8.fr
127.0.0.1 www.adprotect.com
127.0.0.1 adprotect.com
127.0.0.1 ads.centralmedia.ws
127.0.0.1 ads.k8l.info
127.0.0.1 ads.kmpads.com
127.0.0.1 ads.kw.revenue.net
127.0.0.1 ads.marketingsector.com
127.0.0.1 ads.searchingbooth.com
127.0.0.1 ads.z-quest.com
127.0.0.1 ads1.revenue.net
127.0.0.1 ads183.com
127.0.0.1 www.ads183.com
127.0.0.1 adscontex.com
127.0.0.1 www.adscontex.com
127.0.0.1 adservices1.enhance.com
127.0.0.1 www.adservices1.enhance.com
127.0.0.1 adservs.com
127.0.0.1 adsextend.net
127.0.0.1 www.adsextend.net
127.0.0.1 adshttp.com
127.0.0.1 www.adshttp.com
127.0.0.1 www.adsniffer.com
127.0.0.1 adsniffer.com
127.0.0.1 adsonwww.com
127.0.0.1 www.adsonwww.com
127.0.0.1 adspics.com
127.0.0.1 www.adspics.com
127.0.0.1 www.adsrevenue.net
127.0.0.1 adsrevenue.net
127.0.0.1 adtrak.net
127.0.0.1 www.adtrak.net
127.0.0.1 adtrgt.com
127.0.0.1 adult777search.info
127.0.0.1 www.adult777search.info
127.0.0.1 adultan.com
127.0.0.1 www.adultan.com
127.0.0.1 adult-engine-search.com
127.0.0.1 www.adult-engine-search.com
127.0.0.1 www.adult-erotic-guide.net
127.0.0.1 adult-erotic-guide.net
127.0.0.1 adultfilmsite.com
127.0.0.1 www.adultfilmsite.com
127.0.0.1 www.adult-friends-finder.net
127.0.0.1 adult-friends-finder.net
127.0.0.1 adultgambling.org
127.0.0.1 adult-host.org
127.0.0.1 adulthyperlinks.com
127.0.0.1 www.adulthyperlinks.com
127.0.0.1 adultmovieplus.com
127.0.0.1 www.adultmovieplus.com
127.0.0.1 adult-mpg.net
127.0.0.1 www.adult-mpg.net
127.0.0.1 adult-personal.us
127.0.0.1 adultsgames.net
127.0.0.1 adultsonlyvids.com
127.0.0.1 www.adultsonlyvids.com
127.0.0.1 adultsper.com
127.0.0.1 www.adultsper.com
127.0.0.1 www.adulttds.com
127.0.0.1 adulttds.com
127.0.0.1 adultzoneworld.com
127.0.0.1 www.adultzoneworld.com
127.0.0.1 advcash.biz
127.0.0.1 www.advcash.biz
127.0.0.1 advert.exaccess.ru
127.0.0.1 advertisemoney.info
127.0.0.1 www.advertisemoney.info
127.0.0.1 advertising.paltalk.com
127.0.0.1 advertising-money.info
127.0.0.1 www.advertising-money.info
127.0.0.1 ad-ware.cc
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 a-d-w-a-r-e.com
127.0.0.1 www.a-d-w-a-r-e.com
127.0.0.1 www.adware.pro
127.0.0.1 adware.pro
127.0.0.1 adwarealert.com
127.0.0.1 www.adwarealert.com
127.0.0.1 ad-warealert.com
127.0.0.1 www.ad-warealert.com
127.0.0.1 adwarearrest.com
127.0.0.1 www.adwarearrest.com
127.0.0.1 adwarebazooka.com
127.0.0.1 www.adwarebazooka.com
127.0.0.1 adwarecommander.com
127.0.0.1 www.adwarecommander.com
127.0.0.1 adwarefinder.com
127.0.0.1 www.adwarefinder.com
127.0.0.1 www.adwaregold.com
127.0.0.1 adwaregold.com
127.0.0.1 adwarepatrol.com
127.0.0.1 www.adwarepatrol.com
127.0.0.1 adwareplatinum.com
127.0.0.1 www.adwareplatinum.com
127.0.0.1 adwareprotectionsite.com
127.0.0.1 www.adwareprotectionsite.com
127.0.0.1 www.adwarepunisher.com
127.0.0.1 adwarepunisher.com
127.0.0.1 adwareremover.ws
127.0.0.1 www.adwareremover.ws
127.0.0.1 adwaresafety.com
127.0.0.1 www.adwaresafety.com
127.0.0.1 adwarexp.com
127.0.0.1 www.adwarexp.com
127.0.0.1 affiliate.idownload.com
127.0.0.1 www.aflgate.com
127.0.0.1 aflgate.com
127.0.0.1 africaspromise.org
127.0.0.1 agava.com
127.0.0.1 agava.ru
127.0.0.1 agentstudio.com
127.0.0.1 aginegialle.it
127.0.0.1 www.aginegialle.it
127.0.0.1 www.aifind.info
127.0.0.1 aifind.info
127.0.0.1 airtleworld.com
127.0.0.1 www.airtleworld.com
127.0.0.1 aitalia.it
127.0.0.1 www.aitalia.it
127.0.0.1 akamai.downloadv3.com
127.0.0.1 www.aklitalia.it
127.0.0.1 aklitalia.it
127.0.0.1 akril.com
127.0.0.1 alcatel.ws
127.0.0.1 www.alertspy.com
127.0.0.1 alertspy.com
127.0.0.1 alfacleaner.com
127.0.0.1 www.alfacleaner.com
127.0.0.1 alfa-search.com
127.0.0.1 alialia.it
127.0.0.1 www.alialia.it
127.0.0.1 www.aliotalia.it
127.0.0.1 aliotalia.it
127.0.0.1 alirtalia.it
127.0.0.1 www.alirtalia.it
127.0.0.1 www.alitaia.it
127.0.0.1 alitaia.it
127.0.0.1 alitaklia.it
127.0.0.1 www.alitaklia.it
127.0.0.1 alitala.it
127.0.0.1 www.alitala.it
127.0.0.1 alitali.it
127.0.0.1 www.alitali.it
127.0.0.1 www.alitaliaq.it
127.0.0.1 alitaliaq.it
127.0.0.1 alitalias.it
127.0.0.1 www.alitalias.it
127.0.0.1 alitaliaz.it
127.0.0.1 www.alitaliaz.it
127.0.0.1 alitalioa.it
127.0.0.1 www.alitalioa.it
127.0.0.1 www.alitalisa.it
127.0.0.1 alitalisa.it
127.0.0.1 alitaliua.it
127.0.0.1 www.alitaliua.it
127.0.0.1 alitalkia.it
127.0.0.1 www.alitalkia.it
127.0.0.1 alitaloia.it
127.0.0.1 www.alitaloia.it
127.0.0.1 www.alitaluia.it
127.0.0.1 alitaluia.it
127.0.0.1 alitaslia.it
127.0.0.1 www.alitaslia.it
127.0.0.1 www.alitlia.it
127.0.0.1 alitlia.it
127.0.0.1 alitralia.it
127.0.0.1 www.alitralia.it
127.0.0.1 www.alitsalia.it
127.0.0.1 alitsalia.it
127.0.0.1 aliutalia.it
127.0.0.1 www.aliutalia.it
127.0.0.1 ALL1COUNT.NET
127.0.0.1 www.ALL1COUNT.NET
127.0.0.1 all4internet.com
127.0.0.1 www.all4internet.com
127.0.0.1 allabtcars.com
127.0.0.1 allabtjeeps.com
127.0.0.1 all-bittorrent.com
127.0.0.1 www.all-bittorrent.com
127.0.0.1 allcollisions.com
127.0.0.1 www.allcollisions.com
127.0.0.1 allcybersearch.com
127.0.0.1 www.allcybersearch.com
127.0.0.1 alldnserrors.com
127.0.0.1 www.alldnserrors.com
127.0.0.1 all-downloads-now.com
127.0.0.1 www.all-downloads-now.com
127.0.0.1 all-edonkey.com
127.0.0.1 www.all-edonkey.com
127.0.0.1 www.allertaminacce.com
127.0.0.1 allertaminacce.com
127.0.0.1 allforadult.com
127.0.0.1 allhyperlinks.com
127.0.0.1 www.alliesecurity.com
127.0.0.1 alliesecurity.com
127.0.0.1 all-inet.com
127.0.0.1 allinternetbusiness.com
127.0.0.1 www.all-limewire.com
127.0.0.1 all-limewire.com
127.0.0.1 allmegabucks.com
127.0.0.1 www.allmegabucks.com
127.0.0.1 allprotections.com
127.0.0.1 www.allprotections.com
127.0.0.1 allresultz.net
127.0.0.1 www.allresultz.net
127.0.0.1 www.allsearch.us
127.0.0.1 allsearch.us
127.0.0.1 allsecuritynotes.com
127.0.0.1 www.allsecuritynotes.com
127.0.0.1 www.allsecuritysite.com
127.0.0.1 allsecuritysite.com
127.0.0.1 allstarsvideos.net
127.0.0.1 www.allstarsvideos.net
127.0.0.1 alltiettantivirus.com
127.0.0.1 www.alltiettantivirus.com
127.0.0.1 www.alltruesoftware.com
127.0.0.1 alltruesoftware.com
127.0.0.1 allvideoactivex.com
127.0.0.1 www.allvideoactivex.com
127.0.0.1 almanah.biz
127.0.0.1 www.almanah.biz
127.0.0.1 almarvideos.com
127.0.0.1 aloitalia.it
127.0.0.1 www.aloitalia.it
127.0.0.1 aluitalia.it
127.0.0.1 www.aluitalia.it
127.0.0.1 www.amaena.com
127.0.0.1 amaena.com
127.0.0.1 amandamountains.com
127.0.0.1 amateurliveshow.com
127.0.0.1 www.amateurliveshow.com
127.0.0.1 amediasoftware.com
127.0.0.1 www.amediasoftware.com
127.0.0.1 amediasource.com
127.0.0.1 www.amediasource.com
127.0.0.1 americanautobargains.com
127.0.0.1 www.americanautobargains.com
127.0.0.1 americancarbargains.com
127.0.0.1 www.americancarbargains.com
127.0.0.1 american-teens.net
127.0.0.1 amigeek.com
127.0.0.1 amigobore.com
127.0.0.1 www.amigobore.com
127.0.0.1 amisbusiness.com
127.0.0.1 ampmsearch.com
127.0.0.1 www.ampmsearch.com
127.0.0.1 analcord.com
127.0.0.1 www.analcord.com
127.0.0.1 analmovi.com
127.0.0.1 anarchylolita.com
127.0.0.1 www.anarchylolita.com
127.0.0.1 anarchyporn.com
127.0.0.1 andromedical.com
127.0.0.1 www.andromedical.com
127.0.0.1 animepornmag.com
127.0.0.1 www.animepornmag.com
127.0.0.1 anin.org
127.0.0.1 anjpn-avxiz.biz
127.0.0.1 www.anjpn-avxiz.biz
127.0.0.1 anjpnzqav.biz
127.0.0.1 www.anjpnzqav.biz
127.0.0.1 anjpn-zqav.biz
127.0.0.1 www.anjpn-zqav.biz
127.0.0.1 annaromeo.com
127.0.0.1 antiddos.us
127.0.0.1 www.antiddos.us
127.0.0.1 Antiespiadorado.com
127.0.0.1 www.Antiespiadorado.com
127.0.0.1 Antiespionspack.com
127.0.0.1 www.Antiespionspack.com
127.0.0.1 Antigusanos2008.com
127.0.0.1 www.Antigusanos2008.com
127.0.0.1 antispamassistant.com
127.0.0.1 www.antispamassistant.com
127.0.0.1 antispamdeluxe.com
127.0.0.1 www.antispamdeluxe.com
127.0.0.1 www.Antispionage.com
127.0.0.1 Antispionage.com
127.0.0.1 Antispionagepro.com
127.0.0.1 www.Antispionagepro.com
127.0.0.1 antispyadvanced.com
127.0.0.1 www.antispyadvanced.com
127.0.0.1 antispydns.biz
127.0.0.1 www.antispydns.biz
127.0.0.1 www.antispylab.com
127.0.0.1 antispylab.com
127.0.0.1 antispysolutions.com
127.0.0.1 www.antispysolutions.com
127.0.0.1 www.antispyware.com
127.0.0.1 antispyware.com
127.0.0.1 antispywareboot.com
127.0.0.1 www.antispywareboot.com
127.0.0.1 www.antispywarebot.com
127.0.0.1 antispywarebot.com
127.0.0.1 antispywarebox.com
127.0.0.1 www.antispywarebox.com
127.0.0.1 www.antispywaredownloads.com
127.0.0.1 antispywaredownloads.com
127.0.0.1 www.antispywaresuite.com
127.0.0.1 Antispywaresuite.com
127.0.0.1 www.Antispywaresuite.com
127.0.0.1 antispywaresuite.com
127.0.0.1 antispywarexp.com
127.0.0.1 www.antispywarexp.com
127.0.0.1 Antispyweb.net
127.0.0.1 www.Antispyweb.net
127.0.0.1 www.Antiver2008.com
127.0.0.1 Antiver2008.com
127.0.0.1 antivermins.com
127.0.0.1 www.antivermins.com
127.0.0.1 anti-vermins.com
127.0.0.1 www.anti-vermins.com
127.0.0.1 antivir2007.com
127.0.0.1 www.antivir2007.com
127.0.0.1 www.antivirgear.com
127.0.0.1 antivirgear.com
127.0.0.1 antivirus.fastfreedownload.com
127.0.0.1 www.antivirus.fastfreedownload.com
127.0.0.1 www.antivirusadvance.com
127.0.0.1 antivirusadvance.com
127.0.0.1 antivirusaskeladd.com
127.0.0.1 www.antivirusaskeladd.com
127.0.0.1 www.antivirusgereedschap.com
127.0.0.1 antivirusgereedschap.com
127.0.0.1 antivirusgolden.com
127.0.0.1 www.antivirusgolden.com
127.0.0.1 antivirus-hq.net
127.0.0.1 www.antivirus-hq.net
127.0.0.1 antiviruspcsuite.com
127.0.0.1 www.antiviruspcsuite.com
127.0.0.1 www.antiviruspremium.com
127.0.0.1 antiviruspremium.com
127.0.0.1 anti-virus-pro.com
127.0.0.1 www.anti-virus-pro.com
127.0.0.1 www.antivirusprotector.com
127.0.0.1 antivirusprotector.com
127.0.0.1 antivirusscherm.com
127.0.0.1 www.antivirusscherm.com
127.0.0.1 antivirussecuritypro.com
127.0.0.1 www.antivirussecuritypro.com
127.0.0.1 antivirus-stop.com
127.0.0.1 www.antivirus-stop.com
127.0.0.1 www.antiworm2008.com
127.0.0.1 Antiworm2008.com
127.0.0.1 www.Antiworm2008.com
127.0.0.1 antiworm2008.com
127.0.0.1 Antiwurm2008.com
127.0.0.1 www.Antiwurm2008.com
127.0.0.1 antrocity.com
127.0.0.1 anyofus.com
127.0.0.1 www.anyofus.com
127.0.0.1 www.anysn.seproger.com
127.0.0.1 anysn.seproger.com
127.0.0.1 anything4health.com
127.0.0.1 apicpreview.com
127.0.0.1 www.apicpreview.com
127.0.0.1 appealcircuit.com
127.0.0.1 www.appealcircuit.com
127.0.0.1 approvedlinks.com
127.0.0.1 www.approvedlinks.com
127.0.0.1 apps.deskwizz.com
127.0.0.1 apps.webservicehost.com
127.0.0.1 aprotectedpage.com
127.0.0.1 www.aprotectedpage.com
127.0.0.1 apsua.com
127.0.0.1 archivioadulti.com
127.0.0.1 www.archivioadulti.com
127.0.0.1 archiviosex.net
127.0.0.1 www.archiviosex.net
127.0.0.1 aregay.com
127.0.0.1 www.ares.click-new-download.com
127.0.0.1 ares.click-new-download.com
127.0.0.1 ares-freebie.com
127.0.0.1 www.ares-freebie.com
127.0.0.1 arespro2007.com
127.0.0.1 www.arespro2007.com
127.0.0.1 aresultra.com
127.0.0.1 www.aresultra.com
127.0.0.1 www.ares-usa.com
127.0.0.1 ares-usa.com
127.0.0.1 arheo.com
127.0.0.1 arizonaweb.org
127.0.0.1 armitageinn.com
127.0.0.1 arquivojpgs.smtp.ru
127.0.0.1 www.arquivojpgs.smtp.ru
127.0.0.1 artachnid.com
127.0.0.1 art-func.com
127.0.0.1 art-xxx.com
127.0.0.1 asafebrowser.com
127.0.0.1 www.asafebrowser.com
127.0.0.1 asafetyalways.com
127.0.0.1 www.asafetyalways.com
127.0.0.1 asafetynotice.com
127.0.0.1 www.asafetynotice.com
127.0.0.1 asafetypage.com
127.0.0.1 www.asafetypage.com
127.0.0.1 asdbiz.biz
127.0.0.1 www.asdbiz.biz
127.0.0.1 asdeykuddq.com
127.0.0.1 www.asdeykuddq.com
127.0.0.1 www.asecurebar.com
127.0.0.1 asecurebar.com
127.0.0.1 asecureboard.com
127.0.0.1 www.asecureboard.com
127.0.0.1 asecurevalue.com
127.0.0.1 www.asecurevalue.com
127.0.0.1 asecurityissue.com
127.0.0.1 www.asecurityissue.com
127.0.0.1 www.asecuritynotice.com
127.0.0.1 asecuritynotice.com
127.0.0.1 asecuritypaper.com
127.0.0.1 www.asecuritypaper.com
127.0.0.1 www.asecuritystuff.com
127.0.0.1 asecuritystuff.com
127.0.0.1 asiankingkong.com
127.0.0.1 asianpornmag.com
127.0.0.1 www.asianpornmag.com
127.0.0.1 www.asiantoolbar.com
127.0.0.1 asiantoolbar.com
127.0.0.1 asidseiupc.com
127.0.0.1 www.asidseiupc.com
127.0.0.1 www.aslitalia.it
127.0.0.1 aslitalia.it
127.0.0.1 [bleep]-gals.com
127.0.0.1 assureprotection.com
127.0.0.1 www.assureprotection.com
127.0.0.1 asta-killer.com
127.0.0.1 asupereva.it
127.0.0.1 www.asupereva.it
127.0.0.1 ataprogram.com
127.0.0.1 www.ataprogram.com
127.0.0.1 athenrye.com
127.0.0.1 www.atotalsafety.com
127.0.0.1 atotalsafety.com
127.0.0.1 atrueprotection.com
127.0.0.1 www.atrueprotection.com
127.0.0.1 atruesecurity.com
127.0.0.1 www.atruesecurity.com
127.0.0.1 attackware.com
127.0.0.1 www.attackware.com
127.0.0.1 www.attrezzi.biz
127.0.0.1 attrezzi.biz
127.0.0.1 aucunsvirus.com
127.0.0.1 www.aucunsvirus.com
127.0.0.1 www.aulde.net
127.0.0.1 aulde.net
127.0.0.1 aupereva.it
127.0.0.1 www.aupereva.it
127.0.0.1 www.autobargains.org
127.0.0.1 autobargains.org
127.0.0.1 autobargainsnetwork.com
127.0.0.1 www.autobargainsnetwork.com
127.0.0.1 autocontext.begun.ru
127.0.0.1 www.autocontext.begun.ru
127.0.0.1 autoescrowpay.com
127.0.0.1 avadvance.com
127.0.0.1 www.avadvance.com
127.0.0.1 avast.free-software-center.com
127.0.0.1 www.avast.free-software-center.com
127.0.0.1 www.avast-2007.com
127.0.0.1 avast-2007.com
127.0.0.1 avast-downloads.com
127.0.0.1 www.avast-downloads.com
127.0.0.1 avast-hq.com
127.0.0.1 www.avast-hq.com
127.0.0.1 www.avforce.com
127.0.0.1 avforce.com
127.0.0.1 avg.grab-it-today.net
127.0.0.1 www.avg.grab-it-today.net
127.0.0.1 www.avg.softwarecenterz.com
127.0.0.1 avg.softwarecenterz.com
127.0.0.1 avg-secure.com
127.0.0.1 www.avg-secure.com
127.0.0.1 avian-ads.com
127.0.0.1 avideoaxaccess.com
127.0.0.1 www.avideoaxaccess.com
127.0.0.1 www.avideosurfer.com
127.0.0.1 avideosurfer.com
127.0.0.1 aviewersoft.com
127.0.0.1 www.aviewersoft.com
127.0.0.1 www.avpcheckupdate.com
127.0.0.1 avpcheckupdate.com
127.0.0.1 avsmanufacture.com
127.0.0.1 www.avsmanufacture.com
127.0.0.1 avsystemcare.com
127.0.0.1 www.avsystemcare.com
127.0.0.1 avxizaaqada.biz
127.0.0.1 www.avxizaaqada.biz
127.0.0.1 avxiz-anjpn.biz
127.0.0.1 www.avxiz-anjpn.biz
127.0.0.1 avxizueorn.biz
127.0.0.1 www.avxizueorn.biz
127.0.0.1 avxiz-ueorn.biz
127.0.0.1 www.avxiz-ueorn.biz
127.0.0.1 avxiz-vtvcp.biz
127.0.0.1 www.avxiz-vtvcp.biz
127.0.0.1 www.avxiz-ygco.biz
127.0.0.1 avxiz-ygco.biz
127.0.0.1 avxiz-zqav.biz
127.0.0.1 www.avxiz-zqav.biz
127.0.0.1 www.awarenesstech.com
127.0.0.1 awarenesstech.com
127.0.0.1 awarninglist.com
127.0.0.1 www.awarninglist.com
127.0.0.1 awbeta.net-nucleus.com
127.0.0.1 awesomehomepage.com
127.0.0.1 www.awesomehomepage.com
127.0.0.1 awmcash.biz
127.0.0.1 awmdabest.com
127.0.0.1 axemediasoftware.com
127.0.0.1 www.axemediasoftware.com
127.0.0.1 www.aximageobject.com
127.0.0.1 aximageobject.com
127.0.0.1 axmediaproject.com
127.0.0.1 www.axmediaproject.com
127.0.0.1 axmediasoftware.com
127.0.0.1 www.axmediasoftware.com
127.0.0.1 axmediasolutions.com
127.0.0.1 www.axmediasolutions.com
127.0.0.1 axobjectpage.com
127.0.0.1 www.axobjectpage.com
127.0.0.1 www.axobjectsource.com
127.0.0.1 axobjectsource.com
127.0.0.1 axsoftwaretool.com
127.0.0.1 www.axsoftwaretool.com
127.0.0.1 axvideoproject.com
127.0.0.1 www.axvideoproject.com
127.0.0.1 www.axvideosetup.com
127.0.0.1 axvideosetup.com
127.0.0.1 ayakawamura.com
127.0.0.1 ayb.dns-look-up.com
127.0.0.1 ayb.netbios-wait.com
127.0.0.1 ayumitaniguchi.com
127.0.0.1 azebar.com
127.0.0.1 azureusclub.com
127.0.0.1 www.azureusclub.com
127.0.0.1 azureus-freebie.com
127.0.0.1 www.azureus-freebie.com
127.0.0.1 www.azzetta.it
127.0.0.1 azzetta.it
127.0.0.1 b.casalemedia.com
127.0.0.1 b122.mcboo.com
127.0.0.1 www.babe.k-lined.com
127.0.0.1 babe.k-lined.com
127.0.0.1 babe.the-killer.bz
127.0.0.1 www.babe.the-killer.bz
127.0.0.1 babenet.com
127.0.0.1 www.babenet.com
127.0.0.1 babespornmag.com
127.0.0.1 www.babespornmag.