Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help me on Winfixer malware


  • Please log in to reply

#1
guitarguy99

guitarguy99

    Member

  • Member
  • PipPip
  • 12 posts
I just got the dreaded Winfixer popups 2 days ago and creating a mess on my PC. I am also receiving popups from WinAntiVirusPro which I'm guessing is related. i am also receiving new popups to pornography sites (not very nice!). These all started happening at the same time.
I've never had a problem like this. i run anti-virus and anti-spyware programs. I read over your site rules and have folllowed the instructions for HiJackThis;. Here's my log report:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:55 PM, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\TELUS\TELUS Security service\Freedom.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - D:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjk.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Common Files\PestPatrol\ppclean.exe" "clean" "cws" "2"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

NOTE: I did receive 2 errors when I ran HJT-here they are (after the errors the HJT continued and completed:

Error 1:
An unexpected error has occurred at procedure: modRegistry_IniGetString(sFile=win.ini, sSection=windows, sValue=load)
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.

Error 2:

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.


I hope you can help me--I would really appreciate it. And I could let my daughter back on the computer so she can finish her homework (as I'm worried right now with the dangerous and improper popups.). THANK YOU!!
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi guitarguy99 and Welcome to GeekstoGo!


Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Please Type in the filepath as instructed by the forum staff
    and then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\pmkjk.dll
  • Press Enter to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum
    staff then press enter:

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\kjkmp.*
    This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter to continue with the fix.
  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjk.dll

    O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
  • After you have fixed these items, close Hijackthis.
  • Press enter to exit the program then manually reboot your computer.
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
guitarguy99

guitarguy99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
THANK YOU Cretemonster-here's the results:

ACTIVESCAN reported finding 2 Spyware and 1 suspicious file--here's the log:

Incident Status Location

Adware:adware/cws No disinfected C:\Documents and Settings\Craig\Favorites\HEALTH
Adware:adware/gator No disinfected Windows Registry
Possible Virus. No disinfected C:\WINDOWS\system32\jkkji.dll




************************************************
NEW HiJackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 3:29:52 PM, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\TELUS\TELUS Security service\Freedom.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - D:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Common Files\PestPatrol\ppclean.exe" "clean" "cws" "2"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
************************************************************
VUNDOFIX.txt file from the vundofix folder:

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\pmkjk.dll

The second filepath entered was C:\WINDOWS\system32\kjkmp.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 156 'smss.exe'

Error, Cannot find a process with an image name of explorer.exe


Killing PID 232 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\system32\pmkjk.dll Deleted sucessfully.
C:\WINDOWS\system32\kjkmp.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------

*********************************************************************

Well, that's it-how does it look??
Your help is most appreciated.
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Looks like Vundo died! :tazz:

Lets make sure nothing else is laying around


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingc...torial=62#winxp

Locate and Delete

C:\Documents and Settings\Craig\Favorites\HEALTH

C:\WINDOWS\system32\jkkji.dll


Still in Safe Mode-> From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Post the results of the WinPFind scan in the next reply please.
  • 0

#5
guitarguy99

guitarguy99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello CRETEMONSTER:

Thanks for the quick reply. Here's the results from WinPFind scan:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 04/11/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 01/11/2005 9:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 01/11/2005 9:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 03/08/2004 11:56:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 03/08/2004 11:56:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
aspack 06/10/2004 10:55:26 PM R 705720 C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys
PTech 03/08/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
19/11/2005 7:19:34 PM S 2048 C:\WINDOWS\bootstat.dat
11/11/2005 10:37:24 AM H 54156 C:\WINDOWS\QTFont.qfn
19/11/2005 2:37:24 PM H 0 C:\WINDOWS\LastGood\INF\oem77.inf
19/11/2005 2:37:24 PM H 0 C:\WINDOWS\LastGood\INF\oem77.PNF
05/10/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
04/10/2005 5:17:42 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28/09/2005 10:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
08/11/2005 8:01:34 PM S 88704 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT
04/10/2005 4:51:02 AM S 14849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT
19/11/2005 7:19:30 PM H 8192 C:\WINDOWS\system32\config\default.LOG
19/11/2005 7:19:40 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
19/11/2005 7:19:34 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
19/11/2005 7:22:26 PM H 65536 C:\WINDOWS\system32\config\software.LOG
19/11/2005 7:19:28 PM H 6680576 C:\WINDOWS\system32\config\system.LOG
08/11/2005 4:34:50 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
07/11/2005 8:50:18 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
07/11/2005 8:50:18 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
18/11/2005 8:24:24 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\7e40ea4c-b3cb-433e-a39e-a2f62b4f52f5
18/11/2005 8:24:24 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
19/11/2005 7:18:52 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 28/05/2001 1:47:00 PM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Immersion Corporation 25/09/1998 1:34:44 PM 189952 C:\WINDOWS\SYSTEM32\Iforce.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 03/06/2004 9:05:06 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 03/10/2003 3:14:34 PM 314880 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26/05/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Matrox Graphics Inc. 10/06/2004 2:15:16 PM 102400 C:\WINDOWS\SYSTEM32\ReinstallBackups\0026\DriverFiles\Matrox.PowerDesk.PDeskApplet.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
31/03/2003 1:03:54 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
27/09/2005 7:09:30 PM 1666 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
31/03/2003 4:49:30 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
31/03/2003 1:03:54 PM HS 84 C:\Documents and Settings\Craig\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
07/05/2005 9:14:48 PM 879 C:\Documents and Settings\Craig\Application Data\AdobeDLM.log
31/03/2003 4:49:30 AM HS 62 C:\Documents and Settings\Craig\Application Data\desktop.ini
07/05/2005 9:14:48 PM 0 C:\Documents and Settings\Craig\Application Data\dm.ini
14/04/2004 4:54:10 PM 12288 C:\Documents and Settings\Craig\Application Data\plugcach.fon
21/09/2005 8:31:42 AM 4194441 C:\Documents and Settings\Craig\Application Data\sdi.db

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\TELUS\TELUS Security service\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IconLayout
{19F500E0-9964-11cf-B63D-08002B317C03} = Layout.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\TELUS\TELUS Security service\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\TELUS\TELUS Security service\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}
PopKill Class = C:\Program Files\TELUS\TELUS Security service\pkR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000003}
IE PopUp-Killer ; Neikeisoft = D:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}
ZKBho Class = C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\windows\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE70731D-F28D-4D81-9D61-C8EE60378401}
MSEvents Object = C:\WINDOWS\system32\pmkjk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
Encarta &Researcher = C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\windows\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
ButtonText = Researcher :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\windows\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UpdReg C:\WINDOWS\UpdReg.EXE
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
SSBkgdUpdate C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
SBDrvDet C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
RemoteControl "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
RemoteCenter
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
Logitech Utility Logi_MwX.Exe
CTSysVol D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
CTHelper CTHELPER.EXE
CTDVDDET D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
Motive SmartBridge C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
TELUS Security service "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
Pest Cleaning "C:\Program Files\Common Files\PestPatrol\ppclean.exe" "clean" "cws" "2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Steam
Creative Detector "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKCU
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
NoBackButton 0
NoFileMru 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoLogoff 1
NoRecentDocsMenu 
NoRecentDocsHistory 
ClearRecentDocsOnExit 
NoSMMyDocs 
NoSMMyPictures 
NoNetworkConnections 
NoDrives 0
NoViewOnDrive 0
StartMenuLogOff 1
NoInstrumentation 1
NoCDBurning 1
NoSharedDocuments 1
NoRecentDocsNetHood 
NoLowDiskSpaceChecks 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjk
= C:\WINDOWS\system32\pmkjk.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 19/11/2005 7:29:19 PM
*****************************************

How did it go?
And thanks gain for the clear instructions --most appreciated :tazz:
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Have HijackThis fix these entries

O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\pmkjk.dll (file missing)

O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?
  • 0

#7
guitarguy99

guitarguy99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi CRETEMONSTER:

Thanks for your advice-here's what I did.

1. I ran Hijackthis as advised and it seemed to work fine-I did did get one eror message when it first started. Here's the message:
An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
***************


2. I installed Spyblaster and updated and selected "ENABLE ALL PROTECTION".

QUESTION: Will this Spyware program conflict with my other Spyware programs like Microsoft AntiSpyware Beta?

3. I installed the HOSTS file. I did have an existing HOSTS file which seemed like the Windows default-it only had this in it "127.0.0.1 localhost". as per instructions on HOSTS site, I renamed my original to hosts.old and copied the new HOSTS file in.

4. I disabled SystemRestore and reset MSCONFIG to "Normal startup".

QUESTION: Should I reset System Restore back to ON??




RESULTS: Everything seems to be working fine-no popups now.....I'm crossing my fingers but I'm excited :tazz: If it works like this for another day I'll certainly donate to your site.

ONE LAST QUESTION: Recently also when I click on links for new web sites in Explorer the window doesn't open up maximized (it always maximized before)-it opens up sort of tiled so it takes up about 1/3 of the screen so I always have to click the maximize button to get it to full screen. would you happen to know the setting to change this to always open maximized windows??


THANK YOU AGAIN !!
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
To be honest,I wouldnt know what to tell you about the window size,I almost have to figure it would be a setting in Internet Explorers Internet Options but Im clueless as how to fix it.

See if you can get any advice on that issue here
http://www.geekstogo...hp?showforum=26


Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


Let me know what ya come up with in the other forum,Im interested to hear what they have to say?
  • 0

#9
guitarguy99

guitarguy99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
HI Cretemonster;

I reran the Panda Activescan just to see and it found 2 spyware again--is there still a problem??
Here's the report:You'll note it reports something in my HEALTH file again(I did delete as you instructed but I later replaced it with a backup from a couple months ago so thought that would be fine?

Incident Status Location

Adware:adware/cws No disinfected C:\Documents and Settings\Craig\Favorites\HEALTH
Adware:adware/gator No disinfected Windows Registry



****************************************
I also reran Hijackthis again-here's the report:
Logfile of HijackThis v1.99.1
Scan saved at 2:40:26 PM, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\TELUS\TELUS Security service\Freedom.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mytelus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\TELUS\TELUS Security service\pkR.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - D:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TELUS Security service] "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Common Files\PestPatrol\ppclean.exe" "clean" "cws" "2"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\windows\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe

****************************

Again-I'm not seeing any popups lately but wanted to check with you--THANKS for your HELP :tazz:
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
C:\Documents and Settings\Craig\Favorites\HEALTH

That folder was placed there by an Adware called CoolwebSearch and the entire folder should be deleted

Now as for these entries in HijackThis

O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com
O1 - Hosts: 207.68.172.246 msn.com

I have never seen WinHelps Hosts File do anything like that at all.

Can you go into Safe Mode and Scan the System With WinPfind again please.

I too want to be sure nothing is left laying around

After the WinPFind scan has finished,lets get a shot of the Hosts File up close.

OK...Lets have a look at the Hosts File!

Open HijackThis>Click Config>Click Misc Tools>Click Open Hosts File Manager>Click Open in Notepad>Copy&Paste the entire Contents of that Notepad Page to your Next Post

Note:

If HijackThis is set to the normal opening page,just click on the tab labeled "Open the Misc Tools Section"
  • 0

#11
guitarguy99

guitarguy99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hello CRETEMONSTER:

I went to SAFE mode and deleted the HEALTH file. Then did WinPFind scan-here's the log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 29/08/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 04/11/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 01/11/2005 9:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 01/11/2005 9:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 03/08/2004 11:56:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 03/08/2004 11:56:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 29/08/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
aspack 06/10/2004 10:55:26 PM R 705720 C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys
PTech 03/08/2004 9:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 web-nexus.net #[Adw.Web-Nexus.WebNexusAdServer]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 stech.web-nexus.net
127.0.0.1 www.web-nexus.net
127.0.0.1 agentq.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com #[IE-SpyAd]
127.0.0.1 media-0.vpptechnologies.com
127.0.0.1 media-1.vpptechnologies.com
127.0.0.1 media-4.vpptechnologies.com
127.0.0.1 media-5.vpptechnologies.com
127.0.0.1 media-6.vpptechnologies.com
127.0.0.1 media-a.vpptechnologies.com
127.0.0.1 media-b.vpptechnologies.com
127.0.0.1 media-c.vpptechnologies.com
127.0.0.1 media-d.vpptechnologies.com
127.0.0.1 media-e.vpptechnologies.com
127.0.0.1 media-f.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 thumbs.vpptechnologies.com
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 ad-w-a-r-e.com #[Win32.Canbede][Troj/Dloader-IG]
127.0.0.1 www.ad-w-a-r-e.com #[AdWare.Win32.Look2Me.ab]
127.0.0.1 abetterinternet.com #[Downloader.Stubby.A][Adware.Aurora]
127.0.0.1 belt.abetterinternet.com
127.0.0.1 c.abetterinternet.com #[Adware-BetterInet application]
127.0.0.1 download.abetterinternet.com #[Adware.StopPopupAdsNow]
127.0.0.1 download2.abetterinternet.com #[Parasite.Transponder]
127.0.0.1 s.abetterinternet.com
127.0.0.1 st.abetterinternet.com
127.0.0.1 static.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.abetterinternet.com #[Trojan-Downloader.Win32.Stubby.d]


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
20/11/2005 2:59:18 PM S 2048 C:\WINDOWS\bootstat.dat
11/11/2005 10:37:24 AM H 54156 C:\WINDOWS\QTFont.qfn
05/10/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
04/10/2005 5:17:42 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28/09/2005 10:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
08/11/2005 8:01:34 PM S 88704 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT
04/10/2005 4:51:02 AM S 14849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem76.CAT
20/11/2005 2:59:14 PM H 8192 C:\WINDOWS\system32\config\default.LOG
20/11/2005 3:00:32 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
20/11/2005 2:59:18 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
20/11/2005 3:00:46 PM H 65536 C:\WINDOWS\system32\config\software.LOG
20/11/2005 2:59:12 PM H 6680576 C:\WINDOWS\system32\config\system.LOG
08/11/2005 4:34:50 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
07/11/2005 8:50:18 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735
07/11/2005 8:50:18 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735
18/11/2005 8:24:24 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\7e40ea4c-b3cb-433e-a39e-a2f62b4f52f5
18/11/2005 8:24:24 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
20/11/2005 2:58:38 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Creative Technology Ltd. 28/05/2001 1:47:00 PM 32768 C:\WINDOWS\SYSTEM32\AudioHQU.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Immersion Corporation 25/09/1998 1:34:44 PM 189952 C:\WINDOWS\SYSTEM32\Iforce.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 03/06/2004 9:05:06 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 03/10/2003 3:14:34 PM 314880 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 29/08/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 03/08/2004 11:56:58 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26/05/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Matrox Graphics Inc. 10/06/2004 2:15:16 PM 102400 C:\WINDOWS\SYSTEM32\ReinstallBackups\0026\DriverFiles\Matrox.PowerDesk.PDeskApplet.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
31/03/2003 1:03:54 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
27/09/2005 7:09:30 PM 1666 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TELUS eCare.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
31/03/2003 4:49:30 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
31/03/2003 1:03:54 PM HS 84 C:\Documents and Settings\Craig\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
07/05/2005 9:14:48 PM 879 C:\Documents and Settings\Craig\Application Data\AdobeDLM.log
31/03/2003 4:49:30 AM HS 62 C:\Documents and Settings\Craig\Application Data\desktop.ini
07/05/2005 9:14:48 PM 0 C:\Documents and Settings\Craig\Application Data\dm.ini
14/04/2004 4:54:10 PM 12288 C:\Documents and Settings\Craig\Application Data\plugcach.fon
21/09/2005 8:31:42 AM 4194441 C:\Documents and Settings\Craig\Application Data\sdi.db

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\TELUS\TELUS Security service\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\IconLayout
{19F500E0-9964-11cf-B63D-08002B317C03} = Layout.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\TELUS\TELUS Security service\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{FFFFE5C1-34AF-4d4d-B3D3-5BB86A2BAA7B}
= C:\Program Files\TELUS\TELUS Security service\AVContextR.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}
PopKill Class = C:\Program Files\TELUS\TELUS Security service\pkR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49E0E0F0-5C30-11D4-945D-000000000003}
IE PopUp-Killer ; Neikeisoft = D:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}
ZKBho Class = C:\Program Files\TELUS\TELUS Security service\FreeBHOR.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\windows\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{9455301C-CF6B-11D3-A266-00C04F689C50}
Encarta &Researcher = C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\windows\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9455301C-CF6B-11D3-A266-00C04F689C50}
ButtonText = Researcher :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\windows\googletoolbar1.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UpdReg C:\WINDOWS\UpdReg.EXE
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
SSBkgdUpdate C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
SBDrvDet C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
RemoteControl "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
RemoteCenter
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroCheck C:\WINDOWS\system32\NeroCheck.exe
Logitech Utility Logi_MwX.Exe
CTSysVol D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
CTHelper CTHELPER.EXE
CTDVDDET D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
Motive SmartBridge C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
TELUS Security service "C:\Program Files\TELUS\TELUS Security service\Freedom.exe"
ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
Pest Cleaning "C:\Program Files\Common Files\PestPatrol\ppclean.exe" "clean" "cws" "2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Steam
Creative Detector "D:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32
NoBackButton 0
NoFileMru 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoLogoff 1
NoRecentDocsMenu 
NoRecentDocsHistory 
ClearRecentDocsOnExit 
NoSMMyDocs 
NoSMMyPictures 
NoNetworkConnections 
NoDrives 0
NoViewOnDrive 0
StartMenuLogOff 1
NoInstrumentation 1
NoCDBurning 1
NoSharedDocuments 1
NoRecentDocsNetHood 
NoLowDiskSpaceChecks 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 20/11/2005 3:06:58 PM
***********************************************
Then I did the HiJackThis instructions to create a copy of HOSTS-here it is:
# This MVPS HOSTS file is a free download from: #
# http://www.mvps.org/winhelp2002/ #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# ********************************************************#
# ------------------Updated: 11-15-05---------------------#
# ********************************************************#
# Entries marked with Parasite or Trojan comments should #
# be placed in the Internet Explorer Restricted Zone. #
# http://mvps.org/winh.../restricted.htm #
# #
# Entries with other comments are searchable via Google. #
# #
# Disclaimer: this file is free to use, however it is NOT #
# permitted to post on any other site without permission. #
# #
# This work is licensed under the Creative Commons #
# Attribution-NonCommercial-ShareAlike License. #
# http://creativecommo...s/by-nc-sa/2.0/ #

127.0.0.1 localhost

#start of lines added by WinHelp2002
# [Misc A - Z]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 data2.activshopper.com
127.0.0.1 search.activshopper.com
127.0.0.1 www.activshopper.com #[McAfee.Adware-ActivShop]
127.0.0.1 www.activesearch.com #[Adware.ActiveSearch]
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com #[IE-SpyAd]
127.0.0.1 www.adcipta.net #[W32/Malware]
127.0.0.1 adserv.adbonus.com #[IE-SpyAd]
127.0.0.1 www.adbonus.com
127.0.0.1 media.adcentriconline.com #[IE-SpyAd]
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 www.adcept.net #[IE-SpyAd]
127.0.0.1 adcomplete.com #[IE-SpyAd]
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 ads.adcorps.com #[verticalwebventures.com]
127.0.0.1 ads2.adcorps.com
127.0.0.1 ads.addynamix.com #[IE-SpyAd]
127.0.0.1 ad5.adecn.com #[p.mii.instacontent.net][IE-SpyAd]
127.0.0.1 www.adengage.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com #[IE-SpyAd]
127.0.0.1 www.ad4ever.com #[IE-SpyAd]
127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
127.0.0.1 ssl3.adhost.com #[IE-SpyAd]
127.0.0.1 www2.adhost.com
127.0.0.1 www.addme.com #[IE-SpyAd]
127.0.0.1 adsvr.adknowledge.com #[IE-SpyAd]
127.0.0.1 web.adknowledge.com
127.0.0.1 te.adlandpro.com #[IE-SpyAd]
127.0.0.1 ad.adlegend.com #[blocks Webroot Amber Alert]
127.0.0.1 media.adlegend.com
127.0.0.1 classic.adlink.de #[IE-SpyAd]
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 www.adminder.com #[IE-SpyAd]
127.0.0.1 s1.ad.adocean.pl
127.0.0.1 ad01.adonspot.com
127.0.0.1 ad02.adonspot.com
127.0.0.1 www.adonweb.com
127.0.0.1 adreactor.com #[IE-SpyAd]
127.0.0.1 adserver.adreactor.com #[Ad-Aware Tracking Cookie]
127.0.0.1 www.adrelevance.com #[NetRatings][IE-SpyAd]
127.0.0.1 adserver.adremedy.com #[Ad-Aware Tracking Cookie]
127.0.0.1 media.adrevolver.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 track.adrevolver.com #[IE-SpyAd]
127.0.0.1 ad.adriver.ru
127.0.0.1 serv.ad-rotator.com
127.0.0.1 ad.ads8.com
127.0.0.1 vip.ads8.com
127.0.0.1 livelines.ads365.com
127.0.0.1 www.ads365.com #[IE-SpyAd]
127.0.0.1 ad.ads.dk #[IE-SpyAd]
127.0.0.1 tdkads.ads.dk
127.0.0.1 ads.adsag.com
127.0.0.1 di.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 www.adserv.com
127.0.0.1 command.adservs.com #[c2.mii.instacontent.net]
127.0.0.1 csx.adservs.com #[Norman.W32/Downloader]
127.0.0.1 adsfac.net #[IE-SpyAd]
127.0.0.1 adsincontext.com #[Adware.ZioCom]
127.0.0.1 adserver.adsincontext.com #[PcTools.AdsInContext]
127.0.0.1 www.adsincontext.com #[eTrust.AdsInContext]
127.0.0.1 37.adsonar.com
127.0.0.1 ads.adsonar.com
127.0.0.1 js.adsonar.com
127.0.0.1 www.adsprve1.com #[IE-SpyAd]
127.0.0.1 adtology.com
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com #[IE-SpyAd]
127.0.0.1 www.adtrader.com #[IE-SpyAd]
127.0.0.1 survey.advantageresearch.com #[IE-SpyAd]
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net #[IE-SpyAd]
127.0.0.1 advertisingvision.com #[IE-SpyAd]
127.0.0.1 www.advertisingvision.com #[Adware.Advision]
127.0.0.1 adpowerzone.advertserve.com
127.0.0.1 bayoubuzz.advertserve.com #[AdvertPro]
127.0.0.1 adviva.com #[IE-SpyAd]
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net #[IE-SpyAd]
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[IE-SpyAd][msvrl.dll]
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 www.affiliatefuel.com #[IE-SpyAd]
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 www.affiliatetracking.net #[IE-SpyAd]
127.0.0.1 www.affiliatetracking.com #[IE-SpyAd]
127.0.0.1 adz.afterdawn.net
127.0.0.1 aams1.aim4media.com
127.0.0.1 adcodes.aim4media.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 artwork.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 www.aim4media.com #[IE-SpyAd]
127.0.0.1 adlik2.akavita.com
127.0.0.1 download.alexa.com #[Trackware.Alexa][SPYW_ALEXA.A]
127.0.0.1 download.china.alibaba.com #[Adware.AlibabaTB]
127.0.0.1 click.allfeeds.com #[IE-SpyAd]
127.0.0.1 tracking.allposters.com
127.0.0.1 www.allthatsearch.com #[IE-SpyAd]
127.0.0.1 v7.alwaysupdatednews.com
127.0.0.1 v8.alwaysupdatednews.com #[Trojan.Alwayup]
127.0.0.1 www.alwaysupdatednews.com #[Trojan-Downloader.Win32.Small.akz]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster][IE-SpyAd]
127.0.0.1 bantam.ai.net #[IE-SpyAd]
127.0.0.1 fiona.ai.net
127.0.0.1 www.amazingcounters.com
127.0.0.1 ads.amazingmedia.com #[IE-SpyAd]
127.0.0.1 banner.ambercoastcasino.com #[IE-SpyAd]
127.0.0.1 adserver.ancestry.com #[RealMedia]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 search.antarasystems.com #[Spyware.SearchPounder]
127.0.0.1 www.antarasystems.com
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 asimpleinternet.com #[Parasite.SpecialOffers]
127.0.0.1 www.asimpleinternet.com #[IE-SpyAd]
127.0.0.1 ads.aspalliance.com
127.0.0.1 dist.atlas-ia.com #[ADW_ATLAST.A]
127.0.0.1 www.atlas-ia.com #[Adware.OfferAgent]
127.0.0.1 te.audiencematch.net
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com
127.0.0.1 www.autosurfpro.com #[IE-SpyAd]
127.0.0.1 adserving.autotrader.com
127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]
127.0.0.1 www.azads.net #[IE-SpyAd]
# B
127.0.0.1 bar.baidu.com #[SPYW_BDPLUGIN.A][Sophos.JS/BDHelper-A]
127.0.0.1 www.banex.ca #[IE-SpyAd]
127.0.0.1 adserver.banneradministration.com
127.0.0.1 bannerboxes.com #[BannerBoxes Ad Code]
127.0.0.1 clicks.bannerboxes.com
127.0.0.1 feeds.bannerboxes.com
127.0.0.1 www.bannerboxes.com
127.0.0.1 ad.bannerconnect.net
127.0.0.1 www.banner-exchange.nl #[IE-SpyAd]
127.0.0.1 ad.bannerhost.ru
127.0.0.1 www.bannermanagement.nl #[IE-SpyAd]
127.0.0.1 www.bannerpromotion.it #[IE-SpyAd]
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com #[IE-SpyAd]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com #[IE-SpyAd]
127.0.0.1 www.bannerswap.com
127.0.0.1 bardownload.com
127.0.0.1 www.bardownload.com #[MHTMLRedir.Exploit][007installer Control]
127.0.0.1 media.baventures.com
127.0.0.1 www.besttoolbars.net #[ADW_TBARWIN32.A]
127.0.0.1 ads.betanews.com
127.0.0.1 ads.bidclix.com #[IE-SpyAd]
127.0.0.1 www.bidclix.com
127.0.0.1 bidclix.net #[IE-SpyAd]
127.0.0.1 www.bidclix.net
127.0.0.1 ads.bidvertiser.com #[IE-SpyAd]
127.0.0.1 bdv.bidvertiser.com
127.0.0.1 www.bidvertiser.com
127.0.0.1 c.bigmir.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net #[IE-SpyAd]
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 download.bigwebportal.com #[IE-SpyAd]
127.0.0.1 www.bigwebportal.com #[hotwebsearch.com]
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.black-hole.co.uk
127.0.0.1 www.blacklogic.net
127.0.0.1 blacksoft.info #[Trojan-Dropper.Win32.Microjoin.b]
127.0.0.1 www.blazehits.net #[gonnasearch.com]
127.0.0.1 cluster.blingblingcontent.com
127.0.0.1 gb.blingblingcontent.com
127.0.0.1 s7.blingblingcontent.com #[HJTH.EasyWebSearch Hijacker]
127.0.0.1 blockchecker.com #[IE-SpyAd]
127.0.0.1 weblog.blogads.com
127.0.0.1 images.blogads.com
127.0.0.1 images2.blogads.com
127.0.0.1 proxy.blogads.com
127.0.0.1 www.blogads.com
127.0.0.1 www.blyaxa.com #[Trojan.Goldrun.G][server down?]
127.0.0.1 blogmark.bokee.com #[Adware.BocaiToolbar]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 bans.bride.ru #[IE-SpyAd]
127.0.0.1 citi.bridgetrack.com #[IE-SpyAd][Ad-Aware.Tracking Cookie]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 www.browserplugin.com #[HJTH.EroticAccess][wobz.de]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 redemption.bullseye-media.net
127.0.0.1 users.bullseye-media.net
127.0.0.1 www.bullseye-media.net #[IE-SpyAd]
127.0.0.1 www.buildtraffic.com
127.0.0.1 buy-traffic.net #[searchmeup.com]
# C
127.0.0.1 images.cashfiesta.com #[AdWare.CashFiesta.a]
127.0.0.1 www.cashfiesta.com #[McAfee.Adware-CashFiesta]
127.0.0.1 www.cashventure.com
127.0.0.1 casino-on-net.com
127.0.0.1 java2.casino-on-net.com
127.0.0.1 www.casino-on-net.com
127.0.0.1 affiliate.casinorewards.com
127.0.0.1 deliver.castads.com
127.0.0.1 images.castads.com
127.0.0.1 serve.castads.com
127.0.0.1 www.care2.com #[TopMoxie]
127.0.0.1 ads.cars.com
127.0.0.1 msg.cd321.com #[Trojan.Startpage.Q]
127.0.0.1 www.cd321.com
127.0.0.1 ads.cdfreaks.com #[eTrust.Ads.cdfreaks]
127.0.0.1 cellaphone.net #[MHTMLRedir.Exploit]
127.0.0.1 www.celebritaspoglie.net #[IE-SpyAd]
127.0.0.1 mds.centrport.net #[IE-SpyAd][Ad-Aware.Tracking Cookie]
127.0.0.1 www.cerials.net #[C2Media/LOP variant]
127.0.0.1 abc.checkm8.com
127.0.0.1 rmm1u.checkm8.com
127.0.0.1 web.checkm8.com #[CHECKM8 AD TAGS]
127.0.0.1 ads.chellomedia.com
127.0.0.1 ad.cibleclick.com
127.0.0.1 www.cibleclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.classifieds1000.com
127.0.0.1 clearfind.com
127.0.0.1 www.clearfind.com #[IE-SpyAd]
127.0.0.1 ads.clickad.com #[eTrust.Tracking Cookie]
127.0.0.1 hits.clickandtrack.net
127.0.0.1 clickbank.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank][Adware.ClickDLoader]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com #[IE-SpyAd]
127.0.0.1 www.clickexchange.ru #[IE-SpyAd]
127.0.0.1 click2boost.com #[IE-SpyAd]
127.0.0.1 secure.click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 www.click2boost.com
127.0.0.1 www.clicks2you.com #[IE-SpyAd]
127.0.0.1 clicktracks.com
127.0.0.1 stats.clicktracks.com
127.0.0.1 stats1.clicktracks.com # [eTrust.Tracking Cookie]
127.0.0.1 stats2.clicktracks.com
127.0.0.1 www.clicktracks.com #[IE-SpyAd]
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com #[IE-SpyAd]
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com #[IE-SpyAd]
127.0.0.1 www.clicks4u.com #[IE-SpyAd]
127.0.0.1 ad1.clickhype.com #[IE-SpyAd]
127.0.0.1 cfg.clipgenie.com
127.0.0.1 download.clipgenie.com
127.0.0.1 dldw.clipgenie.com
127.0.0.1 ss.clipgenie.com
127.0.0.1 www.clipgenie.com #[Adware.ClipGenie]
127.0.0.1 banner.clubdicecasino.com
127.0.0.1 www.cnstats.com
127.0.0.1 ads.cobrad.com
127.0.0.1 comclick.com #[IE-SpyAd]
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com
127.0.0.1 aa.connextra.com
127.0.0.1 bb.connextra.com
127.0.0.1 cc.connextra.com
127.0.0.1 dd.connextra.com
127.0.0.1 ee.connextra.com
127.0.0.1 ff.connextra.com
127.0.0.1 data.connextra.com
127.0.0.1 consumeralertsystem.com #[Adw.ConsumerAlertSystem.CASClient]
127.0.0.1 www1.consumeralertsystem.com
127.0.0.1 www.consumeralertsystem.com #[PcTools.CasinoClient]
127.0.0.1 ads.contactmusic.com #[advertpro]
127.0.0.1 svp.contextuad.org #[IE-SpyAd]
127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][Adware.Fizzle]
127.0.0.1 ads.console.net
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 www.coolshader.com
127.0.0.1 counted.com #[IE-SpyAd]
127.0.0.1 bilbo.counted.com
127.0.0.1 www.counted.com
127.0.0.1 www.counter-gratis.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.counterguide.com
127.0.0.1 counter4u.de #[IE-SpyAd]
127.0.0.1 www.counting4free.com #[IE-SpyAd]
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com #[IE-SpyAd]
127.0.0.1 test.coremetrics.com
127.0.0.1 twci.coremetrics.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 cracks.am #[eTrust.Cracks.am][ADW_CRAMTB.A]
127.0.0.1 www.cracks.am #[[bleep]-portal.com][Adware.CramToolbar]
127.0.0.1 files.crackz.ws
127.0.0.1 wmw.crackz.ws
127.0.0.1 www.crackz.ws
127.0.0.1 www.crispads.com #[IE-SpyAd]
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com #[IE-SpyAd]
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 www.cytron.com
# D
127.0.0.1 ads.date.com #[IE-SpyAd]
127.0.0.1 banner.date.com
127.0.0.1 au.track.decideinteractive.com
127.0.0.1 au.link.decideinteractive.com
127.0.0.1 eu.link.decideinteractive.com
127.0.0.1 link.decideinteractive.com
127.0.0.1 www.decideinteractive.com
127.0.0.1 www.decideinteractive.co.uk
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com
127.0.0.1 delta2378493.com #[Download.Sumina]
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 track.did-it.com #[Wired.com]
127.0.0.1 diji-realm.net #[Backdoor.Mepcod]
127.0.0.1 comm1.digits.com
127.0.0.1 counter.digits.com #[IE-SpyAd]
127.0.0.1 direct-ip.com #[Adware-DirectIP]
127.0.0.1 www.direct-ip.com #[Adware-DirectIP][Adware-CommanderNET]
127.0.0.1 stats.directnic.com
127.0.0.1 cache.directorym.com #[c2.mii.instacontent.net]
127.0.0.1 www.divago.com #[Adware.Surfairy]
127.0.0.1 track.dmipartners.com
127.0.0.1 ad.dmpi.net
127.0.0.1 ad2.dmpi.net
127.0.0.1 ad3.dmpi.net
127.0.0.1 ad4.dmpi.net
127.0.0.1 ubnm.dmpi.net
127.0.0.1 test-ware.dyndns.biz #[Trojan.Totmau]
127.0.0.1 www.dnscaching.net #[stickypops.com]
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 www.donttrip.org #[IE-SpyAd]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 www.downloadalot.com #[IE-SpyAd]
127.0.0.1 www.downseek.com #[SunBelt.DownSeek Search]
127.0.0.1 dqmedia.net #[spam]
127.0.0.1 drmx01.net #[spam]
127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
127.0.0.1 www.drinkmagik.biz #[Trojan.Spbot.C]
127.0.0.1 ads.drugs.com
127.0.0.1 www.dudu.com #[Adware.DuDuAccelerator]
127.0.0.1 www.duenow.com
127.0.0.1 gfx.dvlabs.com #[IE-SpyAd]
127.0.0.1 klipads.dvlabs.com
# E
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 eaglehousing.com #[Trojan.Tabela.B]
127.0.0.1 www.eaglehousing.com #[Trojan.Eaghouse]
127.0.0.1 www.eastworldnetwork.com
127.0.0.1 easyhitcounters.com #[IE-SpyAd]
127.0.0.1 beta.easyhitcounters.com
127.0.0.1 www.easywebsearch.nl #[Easywebinstaller Control][IE-SpyAd]
127.0.0.1 www.e-bannerx.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.easycounter.com #[IE-SpyAd]
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com #[IE-SpyAd]
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 c2.edapebaf.com #[IE-SpyAd]
127.0.0.1 www.efinder.cc #[StartPage-DA]
127.0.0.1 www.ek21.com #[Trojan.Chost.B]
127.0.0.1 click3.ekahfmal.com
127.0.0.1 www.elancenet.org #[Worm/Eyeveg.CH]
127.0.0.1 ad1.emediate.dk
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[IE-SpyAd]
127.0.0.1 www.eshopads2.com
127.0.0.1 estat.com #[IE-SpyAd]
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 www.estat.com
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 adopt.euroclick.com
127.0.0.1 www.euroklik.nl #[EasyBar][HJTH.SinCity Dialer]
127.0.0.1 euro-randomizer.com #[Trojan.dropper]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net #[IE-SpyAd]
127.0.0.1 www.everythingyouneed.org #[Malware Installer]
127.0.0.1 advert.exaccess.ru
127.0.0.1 dynamic.exaccess.ru #[IE-SpyAd]
127.0.0.1 www.exchangead.com #[IE-SpyAd]
127.0.0.1 exit-ad.de #[Ad-Aware.Tracking Cookie]
127.0.0.1 exitexchange.com #[IE-SpyAd]
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com
127.0.0.1 www.exchangeexit.com #[HJTH.Winupie]
127.0.0.1 www.exittrade.com
127.0.0.1 www.exittraffic.net #[IE-SpyAd]
127.0.0.1 nyton.experclick.com #[p.mii.instacontent.net]
127.0.0.1 ads.expressindia.com
127.0.0.1 banners.expressindia.com
127.0.0.1 cdn.eyewonder.com #[IE-SpyAd]
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 www.eyeget.com #[McAfee.Adware-EyeGet]
127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]
127.0.0.1 ads.ezcybersearch.com #[Adware.EZSearch.B]
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 eziin.com #[Adware.Eziin]
127.0.0.1 www.eziin.com
# F
127.0.0.1 fast-web-search.com #[IE-SpyAd]
127.0.0.1 www.fast-web-search.com
127.0.0.1 www.fast2net.com
127.0.0.1 www.fastfind.org #[TROJ_STARTPAG.KF][Adware.Fastfind.B]
127.0.0.1 fasttrack.nu
127.0.0.1 counter.fateback.com
127.0.0.1 www.fatpickle.com #[FatPickle Toolbar][IE-SpyAd]
127.0.0.1 www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 filesharingaccess.com #[MHTMLRedir.Exploit]
127.0.0.1 adserver.filefront.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.filemix.net #[Surf+][IE-SpyAd]
127.0.0.1 www.find.fm #[AdWare.SideSearch.g]
127.0.0.1 www.fineclicks.com #[IE-SpyAd]
127.0.0.1 firstname.com #[IE-SpyAd]
127.0.0.1 clicks.firstname.com
127.0.0.1 www.fish-screensaver.com #[AdWare.Win32.Gator.1008]
127.0.0.1 www.fizzlewizzle.com #[HJTH.Trojan.Downloader.VB.EU]
127.0.0.1 www.flyeagles.com #[Trojan.Drivus]
127.0.0.1 flyinads.com #[IE-SpyAd]
127.0.0.1 www.flyinads.com
127.0.0.1 cdn.flashedmail.com
127.0.0.1 tracker1.flashedmail.com #[IE-SpyAd]
127.0.0.1 adserver.fmpub.net
127.0.0.1 js.forrestersurveys.com
127.0.0.1 securinews.free.fr #[Trojan.Hexem]
127.0.0.1 www.freedom850.com #[Trojan.Drivus]
127.0.0.1 www.freeloadmp3.com #[IE-SpyAd]
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 freelogs.com
127.0.0.1 bar.freelogs.com
127.0.0.1 goo.freelogs.com
127.0.0.1 ico.freelogs.com
127.0.0.1 joe.freelogs.com
127.0.0.1 mom.freelogs.com
127.0.0.1 xyz.freelogs.com
127.0.0.1 adserver.freenet.de
127.0.0.1 free-stats.com
127.0.0.1 counters.freewebs.com
127.0.0.1 www.freewebsites.com
127.0.0.1 www.free-windows-games.com #[Parasite.GAMsys][GamHelper]
127.0.0.1 ads.ft.com
127.0.0.1 www.funbangladesh.com #[ysbweb.com][Purityscan]
# G
127.0.0.1 adserver.gadu-gadu.pl
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads.gamespyid.com
127.0.0.1 ad1.gamezone.com #[RealMedia]
127.0.0.1 server.gamyun.net
127.0.0.1 www.gamyun.net #[Adware.GamyunIeToolbar]
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 sda.geek.com #[AdvertPro]
127.0.0.1 adserver.geenstijl.nl
127.0.0.1 kassa.geenstijl.nl
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 banners.geotarget.info
127.0.0.1 www.geowhere.net #[SunBelt.GeoWhere Search]
127.0.0.1 www.getsmart.com
127.0.0.1 bp2.getredirect.com #[IE-SpyAd]
127.0.0.1 4.getredirect.com #[superlogy.com]
127.0.0.1 www.getredirect.com
127.0.0.1 getupdate.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com #[IE-SpyAd]
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 oascentral.gigex.com #[RealMedia]
127.0.0.1 www.gigex.com #[download Class][eTrust.Gigex SpeedDelivery]
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com #[IE-SpyAd][CWS]
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 www.goldfer.net #[Backdoor.Generic.OCX]
127.0.0.1 goldstats.net #[IE-SpyAd]
127.0.0.1 www.goldstats.net
127.0.0.1 www.goggle.com #[IE-SpyAd][typo squatter]
127.0.0.1 partner.gonamic.de
127.0.0.1 goodcounter.com #[IE-SpyAd]
127.0.0.1 www.goodcounter.com
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[eTrust.GorillaNation]
127.0.0.1 adserver.gorillanation.com #[IE-SpyAd]
127.0.0.1 admonster.gorasoft.com #[TROJ_SMALL.AAL]
127.0.0.1 gostats.com #[IE-SpyAd]
127.0.0.1 as.gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 c3.gostats.com
127.0.0.1 www.gotoo.com
127.0.0.1 webcounter.goweb.de #[IE-SpyAd]
127.0.0.1 greatstartpage.com #[IE-SpyAd]
127.0.0.1 www.greatstartpage.com
127.0.0.1 www.greasypalm.co.uk #[PcTools.GreasyPalm bar]
127.0.0.1 ads.grokads.com
127.0.0.1 grokster.com #[IE-SpyAd][P2P]
127.0.0.1 dl.grokster.com
127.0.0.1 www.grokster.com
127.0.0.1 www.groovysearchesbar.com #[IE-SpyAd]
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 www.g-wizzads.net
# H
127.0.0.1 hao3344.com #[Adware.Adtest]
127.0.0.1 www.hao3344.com #[eTrust.Adtest]
127.0.0.1 www.harmonyhollow.net #[Adware Bundler]
127.0.0.1 ad0.haynet.com
127.0.0.1 stats.hecklerspray.com
127.0.0.1 www.henbang.net #[Adware.Henbang][SPYW_HAP.A]
127.0.0.1 ads.hitcents.com #[IE-SpyAd]
127.0.0.1 hits-counter.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com #[ADW_HITHOPPER.A]
127.0.0.1 hitkorea.co.kr #[Adware.Atlcontrol]
127.0.0.1 www.hitlogger.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 hit-parade.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 hitstats.net
127.0.0.1 www.hittracking.com
127.0.0.1 images.hitwise.co.uk
127.0.0.1 ads.home.net
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]
127.0.0.1 counters.honesty.com
127.0.0.1 cgi.honesty.com
127.0.0.1 horse-active.net #[Trojan.TrustedZones]
127.0.0.1 www.horse-active.net
127.0.0.1 horse-dns.net
127.0.0.1 horse-search.net
127.0.0.1 ad2.hotels.com
127.0.0.1 banners.hotlinks.net #[IE-SpyAd]
127.0.0.1 horseserver.net #[Troj/Haxdor-Fam][Trojan.Startpage.I]
127.0.0.1 www.horseserver.net #[Backdoor.Haxdoor.D]
127.0.0.1 hotsearch.com #[roar.com][IE-SpyAd]
127.0.0.1 www.hotsearch.com
127.0.0.1 www.10s.com.br #[Trojan.Cargao]
127.0.0.1 cgi.hotstat.nl #[IE-SpyAd]
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 vip.huigezi.com #[Backdoor.Graybird.Q][W32.Looked.F]
127.0.0.1 hc2.humanclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.humanclick.com #[IE-SpyAd]
127.0.0.1 custom1.hurricanedigitalmedia.com
127.0.0.1 custom3.hurricanedigitalmedia.com
127.0.0.1 www.hypertracker.com #[IE-SpyAd]
# I
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 idolch.net #[Trojan.Idocha]
127.0.0.1 www.idonate.com #[eTrust.IDonate]
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com #[IE-SpyAd]
127.0.0.1 gate.ilogbox.com
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com #[IE-SpyAd][eTrust.Tracking Cookie]
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 juggler.inetinteractive.com
127.0.0.1 rotator.juggler.inetinteractive.com
127.0.0.1 banners.inetfast.com
127.0.0.1 bn.inf3ct3d.info #[Backdoor.Shellbot]
127.0.0.1 images.infiads.com
127.0.0.1 www.infiads.com
127.0.0.1 reg1.info #[PWSteal.Reoxtan]
127.0.0.1 ads.infospace.com #[ADW_DEALHELPER.C]
127.0.0.1 bvads.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 www.infotelsrl.com #[eTrust.Infotel srl]
127.0.0.1 ads.injersey.com #[RealMedia]
127.0.0.1 ads.intellicast.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 strtt.interfree.it #[W32.Iberio]
127.0.0.1 ads.intermezzia.com #[IE-SpyAd]
127.0.0.1 indiads.com #[IE-SpyAd]
127.0.0.1 images.indiads.com
127.0.0.1 infostart.com #[IE-SpyAd]
127.0.0.1 popups.infostart.com #[eTrust.Popups.infostart.com]
127.0.0.1 oc.inspectorclick.com
127.0.0.1 trax.inspectorclick.com #[IE-SpyAd]
127.0.0.1 v2.inspectorclick.com
127.0.0.1 v3.inspectorclick.com
127.0.0.1 instadia.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.instadia.net
127.0.0.1 instantsearch.cc #[Panda.Adware/TheLocalSearch]
127.0.0.1 www.instantsearch.cc #[F-Secure.Small.wy]
127.0.0.1 anm.intelli-direct.com
127.0.0.1 oxfam.intelli-direct.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 newadserver.interfree.it #[Adcycle]
127.0.0.1 channels.intwined.com #[Adware/ToolBar.ISearch.c]
127.0.0.1 search.intwined.com
127.0.0.1 www.intwined.com #[McAfee.Adware-SSF!Hosts]
127.0.0.1 inqwire.com #[IE-SpyAd]
127.0.0.1 ww2.inqwire.com
127.0.0.1 www.inqwire.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipstat.com #[IE-SpyAd]
127.0.0.1 adzones.ircspy.com
127.0.0.1 www.iservicepack.com #[Trojan.Heoms]
127.0.0.1 www.istats.nl #[IE-SpyAd]
127.0.0.1 adserver1.isohunt.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 ads1.itadnetwork.co.uk
127.0.0.1 www.itrafficstar.com #[IE-SpyAd]
# J
127.0.0.1 www.j4sb.com #[Trojan.Jasbom]
127.0.0.1 ad.jamba.net #[IE-SpyAd]
127.0.0.1 ad.jamster.com
127.0.0.1 www.japan213.com #[Trojan.Finfanse]
127.0.0.1 www.jcount.com #[IE-SpyAd]
127.0.0.1 www.jellycounter.com
127.0.0.1 app2.jkahfmal.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.joltid.com #[Adware.P2PNetworking][SPYW_PPNETWORK.B]
127.0.0.1 play.joyiex.com #[Trojan.Joex]
127.0.0.1 www.joyiex.com #[Trojan.Startpage.Q]
127.0.0.1 promotion.jpds.com
# K
127.0.0.1 kazaalite.pl
127.0.0.1 www.kazaalite.pl #[MHTMLRedir.Exploit]
127.0.0.1 adserve.kikizo.com
127.0.0.1 www1.kliks.nl #[IE-SpyAd]
127.0.0.1 www2.kliks.nl
127.0.0.1 www.kliks.nl
127.0.0.1 kt3.kliptracker.com #[IE-SpyAd]
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 www.kmindex.ru
127.0.0.1 ads.kmpads.com #[IE-SpyAd]
127.0.0.1 koolbar.net #[Adware Bundler][ADW_KOOLBAR.A]
127.0.0.1 www.koolbar.net #[eTrust.AutoSearch][IE-SpyAd]
127.0.0.1 kutsap.com #[Trojan.Anicmoo]
# L
127.0.0.1 layer-ads.de
127.0.0.1 www.leopardsearch.com
127.0.0.1 ts1.lexmark.com
127.0.0.1 www.linkads.net #[IE-SpyAd]
127.0.0.1 www.lineage0.com #[Trojan.Rohoteng]
127.0.0.1 linkbuddies.com #[IE-SpyAd]
127.0.0.1 banners.linkbuddies.com
127.0.0.1 www.linkbuddies.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linkexchange.ru #[IE-SpyAd]
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com #[IE-SpyAd]
127.0.0.1
  • 0

#12
guitarguy99

guitarguy99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi-looks like my last post was cutoff so here's a repost of HOSTS file from HiJackThis:

# This MVPS HOSTS file is a free download from: #
# http://www.mvps.org/winhelp2002/ #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# ********************************************************#
# ------------------Updated: 11-15-05---------------------#
# ********************************************************#
# Entries marked with Parasite or Trojan comments should #
# be placed in the Internet Explorer Restricted Zone. #
# http://mvps.org/winh.../restricted.htm #
# #
# Entries with other comments are searchable via Google. #
# #
# Disclaimer: this file is free to use, however it is NOT #
# permitted to post on any other site without permission. #
# #
# This work is licensed under the Creative Commons #
# Attribution-NonCommercial-ShareAlike License. #
# http://creativecommo...s/by-nc-sa/2.0/ #

127.0.0.1 localhost

#start of lines added by WinHelp2002
# [Misc A - Z]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 data2.activshopper.com
127.0.0.1 search.activshopper.com
127.0.0.1 www.activshopper.com #[McAfee.Adware-ActivShop]
127.0.0.1 www.activesearch.com #[Adware.ActiveSearch]
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com #[IE-SpyAd]
127.0.0.1 www.adcipta.net #[W32/Malware]
127.0.0.1 adserv.adbonus.com #[IE-SpyAd]
127.0.0.1 www.adbonus.com
127.0.0.1 media.adcentriconline.com #[IE-SpyAd]
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 www.adcept.net #[IE-SpyAd]
127.0.0.1 adcomplete.com #[IE-SpyAd]
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 ads.adcorps.com #[verticalwebventures.com]
127.0.0.1 ads2.adcorps.com
127.0.0.1 ads.addynamix.com #[IE-SpyAd]
127.0.0.1 ad5.adecn.com #[p.mii.instacontent.net][IE-SpyAd]
127.0.0.1 www.adengage.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com #[IE-SpyAd]
127.0.0.1 www.ad4ever.com #[IE-SpyAd]
127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
127.0.0.1 ssl3.adhost.com #[IE-SpyAd]
127.0.0.1 www2.adhost.com
127.0.0.1 www.addme.com #[IE-SpyAd]
127.0.0.1 adsvr.adknowledge.com #[IE-SpyAd]
127.0.0.1 web.adknowledge.com
127.0.0.1 te.adlandpro.com #[IE-SpyAd]
127.0.0.1 ad.adlegend.com #[blocks Webroot Amber Alert]
127.0.0.1 media.adlegend.com
127.0.0.1 classic.adlink.de #[IE-SpyAd]
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 www.adminder.com #[IE-SpyAd]
127.0.0.1 s1.ad.adocean.pl
127.0.0.1 ad01.adonspot.com
127.0.0.1 ad02.adonspot.com
127.0.0.1 www.adonweb.com
127.0.0.1 adreactor.com #[IE-SpyAd]
127.0.0.1 adserver.adreactor.com #[Ad-Aware Tracking Cookie]
127.0.0.1 www.adrelevance.com #[NetRatings][IE-SpyAd]
127.0.0.1 adserver.adremedy.com #[Ad-Aware Tracking Cookie]
127.0.0.1 media.adrevolver.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 track.adrevolver.com #[IE-SpyAd]
127.0.0.1 ad.adriver.ru
127.0.0.1 serv.ad-rotator.com
127.0.0.1 ad.ads8.com
127.0.0.1 vip.ads8.com
127.0.0.1 livelines.ads365.com
127.0.0.1 www.ads365.com #[IE-SpyAd]
127.0.0.1 ad.ads.dk #[IE-SpyAd]
127.0.0.1 tdkads.ads.dk
127.0.0.1 ads.adsag.com
127.0.0.1 di.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 www.adserv.com
127.0.0.1 command.adservs.com #[c2.mii.instacontent.net]
127.0.0.1 csx.adservs.com #[Norman.W32/Downloader]
127.0.0.1 adsfac.net #[IE-SpyAd]
127.0.0.1 adsincontext.com #[Adware.ZioCom]
127.0.0.1 adserver.adsincontext.com #[PcTools.AdsInContext]
127.0.0.1 www.adsincontext.com #[eTrust.AdsInContext]
127.0.0.1 37.adsonar.com
127.0.0.1 ads.adsonar.com
127.0.0.1 js.adsonar.com
127.0.0.1 www.adsprve1.com #[IE-SpyAd]
127.0.0.1 adtology.com
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com #[IE-SpyAd]
127.0.0.1 www.adtrader.com #[IE-SpyAd]
127.0.0.1 survey.advantageresearch.com #[IE-SpyAd]
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net #[IE-SpyAd]
127.0.0.1 advertisingvision.com #[IE-SpyAd]
127.0.0.1 www.advertisingvision.com #[Adware.Advision]
127.0.0.1 adpowerzone.advertserve.com
127.0.0.1 bayoubuzz.advertserve.com #[AdvertPro]
127.0.0.1 adviva.com #[IE-SpyAd]
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net #[IE-SpyAd]
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[IE-SpyAd][msvrl.dll]
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 www.affiliatefuel.com #[IE-SpyAd]
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 www.affiliatetracking.net #[IE-SpyAd]
127.0.0.1 www.affiliatetracking.com #[IE-SpyAd]
127.0.0.1 adz.afterdawn.net
127.0.0.1 aams1.aim4media.com
127.0.0.1 adcodes.aim4media.com
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 artwork.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 www.aim4media.com #[IE-SpyAd]
127.0.0.1 adlik2.akavita.com
127.0.0.1 download.alexa.com #[Trackware.Alexa][SPYW_ALEXA.A]
127.0.0.1 download.china.alibaba.com #[Adware.AlibabaTB]
127.0.0.1 click.allfeeds.com #[IE-SpyAd]
127.0.0.1 tracking.allposters.com
127.0.0.1 www.allthatsearch.com #[IE-SpyAd]
127.0.0.1 v7.alwaysupdatednews.com
127.0.0.1 v8.alwaysupdatednews.com #[Trojan.Alwayup]
127.0.0.1 www.alwaysupdatednews.com #[Trojan-Downloader.Win32.Small.akz]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster][IE-SpyAd]
127.0.0.1 bantam.ai.net #[IE-SpyAd]
127.0.0.1 fiona.ai.net
127.0.0.1 www.amazingcounters.com
127.0.0.1 ads.amazingmedia.com #[IE-SpyAd]
127.0.0.1 banner.ambercoastcasino.com #[IE-SpyAd]
127.0.0.1 adserver.ancestry.com #[RealMedia]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 search.antarasystems.com #[Spyware.SearchPounder]
127.0.0.1 www.antarasystems.com
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 asimpleinternet.com #[Parasite.SpecialOffers]
127.0.0.1 www.asimpleinternet.com #[IE-SpyAd]
127.0.0.1 ads.aspalliance.com
127.0.0.1 dist.atlas-ia.com #[ADW_ATLAST.A]
127.0.0.1 www.atlas-ia.com #[Adware.OfferAgent]
127.0.0.1 te.audiencematch.net
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com
127.0.0.1 www.autosurfpro.com #[IE-SpyAd]
127.0.0.1 adserving.autotrader.com
127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]
127.0.0.1 www.azads.net #[IE-SpyAd]
# B
127.0.0.1 bar.baidu.com #[SPYW_BDPLUGIN.A][Sophos.JS/BDHelper-A]
127.0.0.1 www.banex.ca #[IE-SpyAd]
127.0.0.1 adserver.banneradministration.com
127.0.0.1 bannerboxes.com #[BannerBoxes Ad Code]
127.0.0.1 clicks.bannerboxes.com
127.0.0.1 feeds.bannerboxes.com
127.0.0.1 www.bannerboxes.com
127.0.0.1 ad.bannerconnect.net
127.0.0.1 www.banner-exchange.nl #[IE-SpyAd]
127.0.0.1 ad.bannerhost.ru
127.0.0.1 www.bannermanagement.nl #[IE-SpyAd]
127.0.0.1 www.bannerpromotion.it #[IE-SpyAd]
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com #[IE-SpyAd]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com #[IE-SpyAd]
127.0.0.1 www.bannerswap.com
127.0.0.1 bardownload.com
127.0.0.1 www.bardownload.com #[MHTMLRedir.Exploit][007installer Control]
127.0.0.1 media.baventures.com
127.0.0.1 www.besttoolbars.net #[ADW_TBARWIN32.A]
127.0.0.1 ads.betanews.com
127.0.0.1 ads.bidclix.com #[IE-SpyAd]
127.0.0.1 www.bidclix.com
127.0.0.1 bidclix.net #[IE-SpyAd]
127.0.0.1 www.bidclix.net
127.0.0.1 ads.bidvertiser.com #[IE-SpyAd]
127.0.0.1 bdv.bidvertiser.com
127.0.0.1 www.bidvertiser.com
127.0.0.1 c.bigmir.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net #[IE-SpyAd]
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 download.bigwebportal.com #[IE-SpyAd]
127.0.0.1 www.bigwebportal.com #[hotwebsearch.com]
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.black-hole.co.uk
127.0.0.1 www.blacklogic.net
127.0.0.1 blacksoft.info #[Trojan-Dropper.Win32.Microjoin.b]
127.0.0.1 www.blazehits.net #[gonnasearch.com]
127.0.0.1 cluster.blingblingcontent.com
127.0.0.1 gb.blingblingcontent.com
127.0.0.1 s7.blingblingcontent.com #[HJTH.EasyWebSearch Hijacker]
127.0.0.1 blockchecker.com #[IE-SpyAd]
127.0.0.1 weblog.blogads.com
127.0.0.1 images.blogads.com
127.0.0.1 images2.blogads.com
127.0.0.1 proxy.blogads.com
127.0.0.1 www.blogads.com
127.0.0.1 www.blyaxa.com #[Trojan.Goldrun.G][server down?]
127.0.0.1 blogmark.bokee.com #[Adware.BocaiToolbar]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 bans.bride.ru #[IE-SpyAd]
127.0.0.1 citi.bridgetrack.com #[IE-SpyAd][Ad-Aware.Tracking Cookie]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 www.browserplugin.com #[HJTH.EroticAccess][wobz.de]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 redemption.bullseye-media.net
127.0.0.1 users.bullseye-media.net
127.0.0.1 www.bullseye-media.net #[IE-SpyAd]
127.0.0.1 www.buildtraffic.com
127.0.0.1 buy-traffic.net #[searchmeup.com]
# C
127.0.0.1 images.cashfiesta.com #[AdWare.CashFiesta.a]
127.0.0.1 www.cashfiesta.com #[McAfee.Adware-CashFiesta]
127.0.0.1 www.cashventure.com
127.0.0.1 casino-on-net.com
127.0.0.1 java2.casino-on-net.com
127.0.0.1 www.casino-on-net.com
127.0.0.1 affiliate.casinorewards.com
127.0.0.1 deliver.castads.com
127.0.0.1 images.castads.com
127.0.0.1 serve.castads.com
127.0.0.1 www.care2.com #[TopMoxie]
127.0.0.1 ads.cars.com
127.0.0.1 msg.cd321.com #[Trojan.Startpage.Q]
127.0.0.1 www.cd321.com
127.0.0.1 ads.cdfreaks.com #[eTrust.Ads.cdfreaks]
127.0.0.1 cellaphone.net #[MHTMLRedir.Exploit]
127.0.0.1 www.celebritaspoglie.net #[IE-SpyAd]
127.0.0.1 mds.centrport.net #[IE-SpyAd][Ad-Aware.Tracking Cookie]
127.0.0.1 www.cerials.net #[C2Media/LOP variant]
127.0.0.1 abc.checkm8.com
127.0.0.1 rmm1u.checkm8.com
127.0.0.1 web.checkm8.com #[CHECKM8 AD TAGS]
127.0.0.1 ads.chellomedia.com
127.0.0.1 ad.cibleclick.com
127.0.0.1 www.cibleclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.classifieds1000.com
127.0.0.1 clearfind.com
127.0.0.1 www.clearfind.com #[IE-SpyAd]
127.0.0.1 ads.clickad.com #[eTrust.Tracking Cookie]
127.0.0.1 hits.clickandtrack.net
127.0.0.1 clickbank.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank][Adware.ClickDLoader]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com #[IE-SpyAd]
127.0.0.1 www.clickexchange.ru #[IE-SpyAd]
127.0.0.1 click2boost.com #[IE-SpyAd]
127.0.0.1 secure.click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 www.click2boost.com
127.0.0.1 www.clicks2you.com #[IE-SpyAd]
127.0.0.1 clicktracks.com
127.0.0.1 stats.clicktracks.com
127.0.0.1 stats1.clicktracks.com # [eTrust.Tracking Cookie]
127.0.0.1 stats2.clicktracks.com
127.0.0.1 www.clicktracks.com #[IE-SpyAd]
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com #[IE-SpyAd]
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com #[IE-SpyAd]
127.0.0.1 www.clicks4u.com #[IE-SpyAd]
127.0.0.1 ad1.clickhype.com #[IE-SpyAd]
127.0.0.1 cfg.clipgenie.com
127.0.0.1 download.clipgenie.com
127.0.0.1 dldw.clipgenie.com
127.0.0.1 ss.clipgenie.com
127.0.0.1 www.clipgenie.com #[Adware.ClipGenie]
127.0.0.1 banner.clubdicecasino.com
127.0.0.1 www.cnstats.com
127.0.0.1 ads.cobrad.com
127.0.0.1 comclick.com #[IE-SpyAd]
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com
127.0.0.1 aa.connextra.com
127.0.0.1 bb.connextra.com
127.0.0.1 cc.connextra.com
127.0.0.1 dd.connextra.com
127.0.0.1 ee.connextra.com
127.0.0.1 ff.connextra.com
127.0.0.1 data.connextra.com
127.0.0.1 consumeralertsystem.com #[Adw.ConsumerAlertSystem.CASClient]
127.0.0.1 www1.consumeralertsystem.com
127.0.0.1 www.consumeralertsystem.com #[PcTools.CasinoClient]
127.0.0.1 ads.contactmusic.com #[advertpro]
127.0.0.1 svp.contextuad.org #[IE-SpyAd]
127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][Adware.Fizzle]
127.0.0.1 ads.console.net
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 www.coolshader.com
127.0.0.1 counted.com #[IE-SpyAd]
127.0.0.1 bilbo.counted.com
127.0.0.1 www.counted.com
127.0.0.1 www.counter-gratis.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.counterguide.com
127.0.0.1 counter4u.de #[IE-SpyAd]
127.0.0.1 www.counting4free.com #[IE-SpyAd]
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com #[IE-SpyAd]
127.0.0.1 test.coremetrics.com
127.0.0.1 twci.coremetrics.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 cracks.am #[eTrust.Cracks.am][ADW_CRAMTB.A]
127.0.0.1 www.cracks.am #[[bleep]-portal.com][Adware.CramToolbar]
127.0.0.1 files.crackz.ws
127.0.0.1 wmw.crackz.ws
127.0.0.1 www.crackz.ws
127.0.0.1 www.crispads.com #[IE-SpyAd]
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com #[IE-SpyAd]
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 www.cytron.com
# D
127.0.0.1 ads.date.com #[IE-SpyAd]
127.0.0.1 banner.date.com
127.0.0.1 au.track.decideinteractive.com
127.0.0.1 au.link.decideinteractive.com
127.0.0.1 eu.link.decideinteractive.com
127.0.0.1 link.decideinteractive.com
127.0.0.1 www.decideinteractive.com
127.0.0.1 www.decideinteractive.co.uk
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com
127.0.0.1 delta2378493.com #[Download.Sumina]
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 track.did-it.com #[Wired.com]
127.0.0.1 diji-realm.net #[Backdoor.Mepcod]
127.0.0.1 comm1.digits.com
127.0.0.1 counter.digits.com #[IE-SpyAd]
127.0.0.1 direct-ip.com #[Adware-DirectIP]
127.0.0.1 www.direct-ip.com #[Adware-DirectIP][Adware-CommanderNET]
127.0.0.1 stats.directnic.com
127.0.0.1 cache.directorym.com #[c2.mii.instacontent.net]
127.0.0.1 www.divago.com #[Adware.Surfairy]
127.0.0.1 track.dmipartners.com
127.0.0.1 ad.dmpi.net
127.0.0.1 ad2.dmpi.net
127.0.0.1 ad3.dmpi.net
127.0.0.1 ad4.dmpi.net
127.0.0.1 ubnm.dmpi.net
127.0.0.1 test-ware.dyndns.biz #[Trojan.Totmau]
127.0.0.1 www.dnscaching.net #[stickypops.com]
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 www.donttrip.org #[IE-SpyAd]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 www.downloadalot.com #[IE-SpyAd]
127.0.0.1 www.downseek.com #[SunBelt.DownSeek Search]
127.0.0.1 dqmedia.net #[spam]
127.0.0.1 drmx01.net #[spam]
127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
127.0.0.1 www.drinkmagik.biz #[Trojan.Spbot.C]
127.0.0.1 ads.drugs.com
127.0.0.1 www.dudu.com #[Adware.DuDuAccelerator]
127.0.0.1 www.duenow.com
127.0.0.1 gfx.dvlabs.com #[IE-SpyAd]
127.0.0.1 klipads.dvlabs.com
# E
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 eaglehousing.com #[Trojan.Tabela.B]
127.0.0.1 www.eaglehousing.com #[Trojan.Eaghouse]
127.0.0.1 www.eastworldnetwork.com
127.0.0.1 easyhitcounters.com #[IE-SpyAd]
127.0.0.1 beta.easyhitcounters.com
127.0.0.1 www.easywebsearch.nl #[Easywebinstaller Control][IE-SpyAd]
127.0.0.1 www.e-bannerx.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.easycounter.com #[IE-SpyAd]
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com #[IE-SpyAd]
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 c2.edapebaf.com #[IE-SpyAd]
127.0.0.1 www.efinder.cc #[StartPage-DA]
127.0.0.1 www.ek21.com #[Trojan.Chost.B]
127.0.0.1 click3.ekahfmal.com
127.0.0.1 www.elancenet.org #[Worm/Eyeveg.CH]
127.0.0.1 ad1.emediate.dk
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[IE-SpyAd]
127.0.0.1 www.eshopads2.com
127.0.0.1 estat.com #[IE-SpyAd]
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 www.estat.com
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 adopt.euroclick.com
127.0.0.1 www.euroklik.nl #[EasyBar][HJTH.SinCity Dialer]
127.0.0.1 euro-randomizer.com #[Trojan.dropper]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net #[IE-SpyAd]
127.0.0.1 www.everythingyouneed.org #[Malware Installer]
127.0.0.1 advert.exaccess.ru
127.0.0.1 dynamic.exaccess.ru #[IE-SpyAd]
127.0.0.1 www.exchangead.com #[IE-SpyAd]
127.0.0.1 exit-ad.de #[Ad-Aware.Tracking Cookie]
127.0.0.1 exitexchange.com #[IE-SpyAd]
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com
127.0.0.1 www.exchangeexit.com #[HJTH.Winupie]
127.0.0.1 www.exittrade.com
127.0.0.1 www.exittraffic.net #[IE-SpyAd]
127.0.0.1 nyton.experclick.com #[p.mii.instacontent.net]
127.0.0.1 ads.expressindia.com
127.0.0.1 banners.expressindia.com
127.0.0.1 cdn.eyewonder.com #[IE-SpyAd]
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 www.eyeget.com #[McAfee.Adware-EyeGet]
127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]
127.0.0.1 ads.ezcybersearch.com #[Adware.EZSearch.B]
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 eziin.com #[Adware.Eziin]
127.0.0.1 www.eziin.com
# F
127.0.0.1 fast-web-search.com #[IE-SpyAd]
127.0.0.1 www.fast-web-search.com
127.0.0.1 www.fast2net.com
127.0.0.1 www.fastfind.org #[TROJ_STARTPAG.KF][Adware.Fastfind.B]
127.0.0.1 fasttrack.nu
127.0.0.1 counter.fateback.com
127.0.0.1 www.fatpickle.com #[FatPickle Toolbar][IE-SpyAd]
127.0.0.1 www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 filesharingaccess.com #[MHTMLRedir.Exploit]
127.0.0.1 adserver.filefront.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.filemix.net #[Surf+][IE-SpyAd]
127.0.0.1 www.find.fm #[AdWare.SideSearch.g]
127.0.0.1 www.fineclicks.com #[IE-SpyAd]
127.0.0.1 firstname.com #[IE-SpyAd]
127.0.0.1 clicks.firstname.com
127.0.0.1 www.fish-screensaver.com #[AdWare.Win32.Gator.1008]
127.0.0.1 www.fizzlewizzle.com #[HJTH.Trojan.Downloader.VB.EU]
127.0.0.1 www.flyeagles.com #[Trojan.Drivus]
127.0.0.1 flyinads.com #[IE-SpyAd]
127.0.0.1 www.flyinads.com
127.0.0.1 cdn.flashedmail.com
127.0.0.1 tracker1.flashedmail.com #[IE-SpyAd]
127.0.0.1 adserver.fmpub.net
127.0.0.1 js.forrestersurveys.com
127.0.0.1 securinews.free.fr #[Trojan.Hexem]
127.0.0.1 www.freedom850.com #[Trojan.Drivus]
127.0.0.1 www.freeloadmp3.com #[IE-SpyAd]
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 freelogs.com
127.0.0.1 bar.freelogs.com
127.0.0.1 goo.freelogs.com
127.0.0.1 ico.freelogs.com
127.0.0.1 joe.freelogs.com
127.0.0.1 mom.freelogs.com
127.0.0.1 xyz.freelogs.com
127.0.0.1 adserver.freenet.de
127.0.0.1 free-stats.com
127.0.0.1 counters.freewebs.com
127.0.0.1 www.freewebsites.com
127.0.0.1 www.free-windows-games.com #[Parasite.GAMsys][GamHelper]
127.0.0.1 ads.ft.com
127.0.0.1 www.funbangladesh.com #[ysbweb.com][Purityscan]
# G
127.0.0.1 adserver.gadu-gadu.pl
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads.gamespyid.com
127.0.0.1 ad1.gamezone.com #[RealMedia]
127.0.0.1 server.gamyun.net
127.0.0.1 www.gamyun.net #[Adware.GamyunIeToolbar]
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 sda.geek.com #[AdvertPro]
127.0.0.1 adserver.geenstijl.nl
127.0.0.1 kassa.geenstijl.nl
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 banners.geotarget.info
127.0.0.1 www.geowhere.net #[SunBelt.GeoWhere Search]
127.0.0.1 www.getsmart.com
127.0.0.1 bp2.getredirect.com #[IE-SpyAd]
127.0.0.1 4.getredirect.com #[superlogy.com]
127.0.0.1 www.getredirect.com
127.0.0.1 getupdate.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com #[IE-SpyAd]
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 oascentral.gigex.com #[RealMedia]
127.0.0.1 www.gigex.com #[download Class][eTrust.Gigex SpeedDelivery]
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com #[IE-SpyAd][CWS]
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 www.goldfer.net #[Backdoor.Generic.OCX]
127.0.0.1 goldstats.net #[IE-SpyAd]
127.0.0.1 www.goldstats.net
127.0.0.1 www.goggle.com #[IE-SpyAd][typo squatter]
127.0.0.1 partner.gonamic.de
127.0.0.1 goodcounter.com #[IE-SpyAd]
127.0.0.1 www.goodcounter.com
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[eTrust.GorillaNation]
127.0.0.1 adserver.gorillanation.com #[IE-SpyAd]
127.0.0.1 admonster.gorasoft.com #[TROJ_SMALL.AAL]
127.0.0.1 gostats.com #[IE-SpyAd]
127.0.0.1 as.gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 c3.gostats.com
127.0.0.1 www.gotoo.com
127.0.0.1 webcounter.goweb.de #[IE-SpyAd]
127.0.0.1 greatstartpage.com #[IE-SpyAd]
127.0.0.1 www.greatstartpage.com
127.0.0.1 www.greasypalm.co.uk #[PcTools.GreasyPalm bar]
127.0.0.1 ads.grokads.com
127.0.0.1 grokster.com #[IE-SpyAd][P2P]
127.0.0.1 dl.grokster.com
127.0.0.1 www.grokster.com
127.0.0.1 www.groovysearchesbar.com #[IE-SpyAd]
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 www.g-wizzads.net
# H
127.0.0.1 hao3344.com #[Adware.Adtest]
127.0.0.1 www.hao3344.com #[eTrust.Adtest]
127.0.0.1 www.harmonyhollow.net #[Adware Bundler]
127.0.0.1 ad0.haynet.com
127.0.0.1 stats.hecklerspray.com
127.0.0.1 www.henbang.net #[Adware.Henbang][SPYW_HAP.A]
127.0.0.1 ads.hitcents.com #[IE-SpyAd]
127.0.0.1 hits-counter.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com #[ADW_HITHOPPER.A]
127.0.0.1 hitkorea.co.kr #[Adware.Atlcontrol]
127.0.0.1 www.hitlogger.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 hit-parade.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 hitstats.net
127.0.0.1 www.hittracking.com
127.0.0.1 images.hitwise.co.uk
127.0.0.1 ads.home.net
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]
127.0.0.1 counters.honesty.com
127.0.0.1 cgi.honesty.com
127.0.0.1 horse-active.net #[Trojan.TrustedZones]
127.0.0.1 www.horse-active.net
127.0.0.1 horse-dns.net
127.0.0.1 horse-search.net
127.0.0.1 ad2.hotels.com
127.0.0.1 banners.hotlinks.net #[IE-SpyAd]
127.0.0.1 horseserver.net #[Troj/Haxdor-Fam][Trojan.Startpage.I]
127.0.0.1 www.horseserver.net #[Backdoor.Haxdoor.D]
127.0.0.1 hotsearch.com #[roar.com][IE-SpyAd]
127.0.0.1 www.hotsearch.com
127.0.0.1 www.10s.com.br #[Trojan.Cargao]
127.0.0.1 cgi.hotstat.nl #[IE-SpyAd]
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 vip.huigezi.com #[Backdoor.Graybird.Q][W32.Looked.F]
127.0.0.1 hc2.humanclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.humanclick.com #[IE-SpyAd]
127.0.0.1 custom1.hurricanedigitalmedia.com
127.0.0.1 custom3.hurricanedigitalmedia.com
127.0.0.1 www.hypertracker.com #[IE-SpyAd]
# I
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 idolch.net #[Trojan.Idocha]
127.0.0.1 www.idonate.com #[eTrust.IDonate]
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com #[IE-SpyAd]
127.0.0.1 gate.ilogbox.com
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com #[IE-SpyAd][eTrust.Tracking Cookie]
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 juggler.inetinteractive.com
127.0.0.1 rotator.juggler.inetinteractive.com
127.0.0.1 banners.inetfast.com
127.0.0.1 bn.inf3ct3d.info #[Backdoor.Shellbot]
127.0.0.1 images.infiads.com
127.0.0.1 www.infiads.com
127.0.0.1 reg1.info #[PWSteal.Reoxtan]
127.0.0.1 ads.infospace.com #[ADW_DEALHELPER.C]
127.0.0.1 bvads.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 www.infotelsrl.com #[eTrust.Infotel srl]
127.0.0.1 ads.injersey.com #[RealMedia]
127.0.0.1 ads.intellicast.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 strtt.interfree.it #[W32.Iberio]
127.0.0.1 ads.intermezzia.com #[IE-SpyAd]
127.0.0.1 indiads.com #[IE-SpyAd]
127.0.0.1 images.indiads.com
127.0.0.1 infostart.com #[IE-SpyAd]
127.0.0.1 popups.infostart.com #[eTrust.Popups.infostart.com]
127.0.0.1 oc.inspectorclick.com
127.0.0.1 trax.inspectorclick.com #[IE-SpyAd]
127.0.0.1 v2.inspectorclick.com
127.0.0.1 v3.inspectorclick.com
127.0.0.1 instadia.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.instadia.net
127.0.0.1 instantsearch.cc #[Panda.Adware/TheLocalSearch]
127.0.0.1 www.instantsearch.cc #[F-Secure.Small.wy]
127.0.0.1 anm.intelli-direct.com
127.0.0.1 oxfam.intelli-direct.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 newadserver.interfree.it #[Adcycle]
127.0.0.1 channels.intwined.com #[Adware/ToolBar.ISearch.c]
127.0.0.1 search.intwined.com
127.0.0.1 www.intwined.com #[McAfee.Adware-SSF!Hosts]
127.0.0.1 inqwire.com #[IE-SpyAd]
127.0.0.1 ww2.inqwire.com
127.0.0.1 www.inqwire.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipstat.com #[IE-SpyAd]
127.0.0.1 adzones.ircspy.com
127.0.0.1 www.iservicepack.com #[Trojan.Heoms]
127.0.0.1 www.istats.nl #[IE-SpyAd]
127.0.0.1 adserver1.isohunt.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 ads1.itadnetwork.co.uk
127.0.0.1 www.itrafficstar.com #[IE-SpyAd]
# J
127.0.0.1 www.j4sb.com #[Trojan.Jasbom]
127.0.0.1 ad.jamba.net #[IE-SpyAd]
127.0.0.1 ad.jamster.com
127.0.0.1 www.japan213.com #[Trojan.Finfanse]
127.0.0.1 www.jcount.com #[IE-SpyAd]
127.0.0.1 www.jellycounter.com
127.0.0.1 app2.jkahfmal.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 www.joltid.com #[Adware.P2PNetworking][SPYW_PPNETWORK.B]
127.0.0.1 play.joyiex.com #[Trojan.Joex]
127.0.0.1 www.joyiex.com #[Trojan.Startpage.Q]
127.0.0.1 promotion.jpds.com
# K
127.0.0.1 kazaalite.pl
127.0.0.1 www.kazaalite.pl #[MHTMLRedir.Exploit]
127.0.0.1 adserve.kikizo.com
127.0.0.1 www1.kliks.nl #[IE-SpyAd]
127.0.0.1 www2.kliks.nl
127.0.0.1 www.kliks.nl
127.0.0.1 kt3.kliptracker.com #[IE-SpyAd]
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 www.kmindex.ru
127.0.0.1 ads.kmpads.com #[IE-SpyAd]
127.0.0.1 koolbar.net #[Adware Bundler][ADW_KOOLBAR.A]
127.0.0.1 www.koolbar.net #[eTrust.AutoSearch][IE-SpyAd]
127.0.0.1 kutsap.com #[Trojan.Anicmoo]
# L
127.0.0.1 layer-ads.de
127.0.0.1 www.leopardsearch.com
127.0.0.1 ts1.lexmark.com
127.0.0.1 www.linkads.net #[IE-SpyAd]
127.0.0.1 www.lineage0.com #[Trojan.Rohoteng]
127.0.0.1 linkbuddies.com #[IE-SpyAd]
127.0.0.1 banners.linkbuddies.com
127.0.0.1 www.linkbuddies.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linkexchange.ru #[IE-SpyAd]
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com #[IE-SpyAd]
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com #[IE-SpyAd]
127.0.0.1 escati.linkopp.net #[IE-SpyAd]
127.0.0.1 www.linkopp.net
127.0.0.1 linkshelper.com #[Adware.MetaSearch]
127.0.0.1 js.livehelper.com #[IE-SpyAd]
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 www.liveperson.com
127.0.0.1 liveperson.net #[IE-SpyAd]
127.0.0.1 sales.liveperson.net
127.0.0.1 server.iad.liveperson.net #[Ad-Aware.Data Miner][HumanTag Monitor]
127.0.0.1 secwave.vo.llnwd.net #[IE-SpyAd][server down?]
127.0.0.1 locators.com #[Adware.Locator]
127.0.0.1 toolbar.locators.com #[SunBelt.Locators Toolbar]
127.0.0.1 www.locators.com
127.0.0.1 www.lookde5.com #[W32.Looked]
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 jama.lovinghost.com #[Trojan-Proxy.Win32.Agemt.ei]
127.0.0.1 exploited.lsass.cc #[Backdoor.Win32.SdBot.gen]
127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]
127.0.0.1 www.luckyhomepage.com #[IE-SpyAd]
127.0.0.1 www.lvip.net #[McAfee.StartPage-HI]
127.0.0.1 counter.lyricsdownload.com
127.0.0.1 www.lyricspy.com #[PluginAccess]
# M
127.0.0.1 www.madoogali.com #[Madoogali][IE-SpyAd]
127.0.0.1 go.mailbits.com
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 we.malresearch.org #[Backdoor.Win32.IRCBot.ay]
127.0.0.1 erotic.masterstats.com
127.0.0.1 image.masterstats.com #[IE-SpyAd]
127.0.0.1 link.masterstats.com
127.0.0.1 vw.masterstats.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 associmage.match.com #[IE-SpyAd]
127.0.0.1 adserver.matchcraft.com
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 acvs.mediaonenetwork.net
127.0.0.1 acvsrv.mediaonenetwork.net
127.0.0.1 ads.mediaturf.net
127.0.0.1 www.meet2k.com #[W32.Peerload.A]
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com #[typo squatter][IE-SpyAd]
127.0.0.1 www.megaseek.net #[IE-SpyAd]
127.0.0.1 megatds.com #[Panda.Adware/Megatds]
127.0.0.1 admintds.megatds.com
127.0.0.1 tds.megatds.com
127.0.0.1 www.megatds.com
127.0.0.1 ads.metropol.dk
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 www.mgshareware.com #[Adware Bundler][Parasite.MySearch]
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 banner.missingkids.com
127.0.0.1 ads.mixtraffic.com #[IE-SpyAd]
127.0.0.1 smile.modchipstore.com
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com
127.0.0.1 www.movieland.com #[IE-SpyAd]
127.0.0.1 mp3today.net
127.0.0.1 www.mp3yes.com #[HJTH.C2Media/LOP variant][IE-SpyAd]
127.0.0.1 mpamexit.com
127.0.0.1 www.messagetag.com #[Email tracker][IE-SpyAd]
127.0.0.1 msgtag.com
127.0.0.1 img.msgtag.com #[IE-SpyAd]
127.0.0.1 www.msgtag.com
127.0.0.1 msxpsupport.com #[Adware.SearchMaid]
127.0.0.1 www.msxpsupport.com #[Trojan.Win32.Fakespy.a]
127.0.0.1 multi1.rmuk.co.uk #[RealMedia]
127.0.0.1 musah.info #[Trojan-Downloader.Win32.Delf.h][TROJ_DLOADER.AFB]
127.0.0.1 www.musicmass.com #[HJTH.C2Media/LOP variant]
127.0.0.1 www.musicsonglyrics.com #[static.windupdates.com]
127.0.0.1 mvtracker.com #[IE-SpyAd]
127.0.0.1 www.mvtracker.com
127.0.0.1 mvr3d.net #[NavExcel\n-CASE]
127.0.0.1 www.mvr3d.net
127.0.0.1 mvr.us #[Parasite.NavExcel]
127.0.0.1 www.mvr.us
127.0.0.1 www.myadtrack.com #[Email Tracker][IE-SpyAd]
127.0.0.1 www.myaffiliateprogram.com #[IE-SpyAd]
127.0.0.1 www.myarmory.com #[Spyware.Bazookabar]
127.0.0.1 www.myemessenger.com
127.0.0.1 noe.myftp.biz #[Backdoor.Botnachala]
127.0.0.1 www.mylinker.net #[Adware.MyLinker]
127.0.0.1 rm.myoc.com
127.0.0.1 myhitlogger.com
127.0.0.1 www.mystats.nl
127.0.0.1 www2.mystats.nl
127.0.0.1 liveupdate.myim.cn #[Adware.BeSys]
# N
127.0.0.1 hit.namimedia.com #[IE-SpyAd]
127.0.0.1 ads.nandomedia.com
127.0.0.1 naupoint.com #[Parasite.Naupoint][ADW_NAUPONT.A]
127.0.0.1 feed.naupoint.com #[eTrust.Win32.Dudrev.A]
127.0.0.1 hp.naupoint.com #[NPCenter][SunBelt.NauPoint Installer]
127.0.0.1 www.naupoint.com #[TROJ_STARTPAG.X]
127.0.0.1 ads.neowin.net
127.0.0.1 banman.nepsecure.co.uk #[Ban Man Pro Banner Code]
127.0.0.1 code.netbreak.com.au
127.0.0.1 banners.netcraft.com
127.0.0.1 www.netflip.com #[IE-SpyAd]
127.0.0.1 money2.netfirms.com #[The Money Toolbar]
127.0.0.1 hints.netflame.cc #[Fireclick Web Analytics]
127.0.0.1 ssl-hints.netflame.cc
127.0.0.1 stat.netlogic.ru #[NetLogic Logger]
127.0.0.1 partner.netmechanic.com
127.0.0.1 tracker.netmechanic.com
127.0.0.1 counter.netmore.net
127.0.0.1 www.netpoll.nl
127.0.0.1 www.netpumper.com #[CounterSpy.Adware Bundler]
127.0.0.1 servedby.netshelter.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.network-tool.net #[Trojan.Magise]
127.0.0.1 www.newsh.com #[Kephyr.PUP]
127.0.0.1 ads.newsint.co.uk
127.0.0.1 adq.nextag.com
127.0.0.1 www.nlbanner.nl #[IE-SpyAd]
127.0.0.1 nowbox.com
127.0.0.1 www.nowbox.com #[Parasite.NowBox]
127.0.0.1 ad.nozonedata.com #[Ad-Aware Tracking Cookie]
127.0.0.1 ad1.nozonedata.com
127.0.0.1 ns2.iad1.nssrv.com #[IE-SpyAd]
127.0.0.1 nugget-sales.com #[ISC.Alert]
127.0.0.1 nzads.net.nz
# O
127.0.0.1 node2.ocslab.com #[TROJ_LOADER.D][TROJ_APROPO.H]
127.0.0.1 okcounter.com #[IE-SpyAd][eTrust.Tracking Cookie]
127.0.0.1 www.okww.net #[Trojan.StartPage.C]
127.0.0.1 stat.onestat.com #[IE-SpyAd][Ad-Aware.Tracking Cookie]
127.0.0.1 www.onestat.com
127.0.0.1 one.ru
127.0.0.1 cnt.one.ru
127.0.0.1 stats0.one.ru
127.0.0.1 stats1.one.ru
127.0.0.1 stats2.one.ru
127.0.0.1 ads.oneandonlynetwork.com
127.0.0.1 www.oneandonlynetwork.com #[Ticketmaster][IE-SpyAd]
127.0.0.1 ads.onemodelplace.com
127.0.0.1 reklama.onet.pl
127.0.0.1 online-service.cc
127.0.0.1 www.online-service.cc #[Trojan.Magise]
127.0.0.1 adserver.online-tech.com
127.0.0.1 server1.opentracker.net
127.0.0.1 ccc00.opinionlab.com
207.68.172.246 msn.com
127.0.0.1 rate.opinionlab.com
127.0.0.1 www.opinionlab.com #[IE-SpyAd]
127.0.0.1 by.optimost.com
127.0.0.1 banner.orb.net
127.0.0.1 tg-images.osdn.com
127.0.0.1 otx5.otxresearch.com
127.0.0.1 otx.ifilm.com #[OTXMedia.dll]
127.0.0.1 survey.otxresearch.com #[TrojanDownloader.OTXloader.A]
127.0.0.1 www.otxresearch.com #[OTXMovie Class]
127.0.0.1 adpopper.outblaze.com #[ADW_BBINSTALL.B][bargain-buddy.net]
127.0.0.1 adp4.us4.outblaze.com
127.0.0.1 adserver.hk.outblaze.com
127.0.0.1 adserver.us.outblaze.com
127.0.0.1 download2.us4.outblaze.com #[HJTH.Bargain Buddy]
127.0.0.1 www.overpeer.com #[Trojan.Wimad]
# P
127.0.0.1 www.p2p-load.de #[W32.Peerload.A]
127.0.0.1 www.p3marketing.com #[Zapspot]
127.0.0.1 www.pantanalvip.com.br #[McAfee.Downloader-AFV]
127.0.0.1 click.payserve.com #[IE-SpyAd]
127.0.0.1 pcadprotector.cc #[McAfee.AdClicker-DI]
127.0.0.1 www.pcadprotector.cc #[Rogue/Suspect.sites]
127.0.0.1 www.pcbutts1.com #[Unauthorized Downloads]
127.0.0.1 www.pc-test.net
127.0.0.1 ad1.peel.com
127.0.0.1 ad3.peel.com
127.0.0.1 ads.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ads5.peel.com
127.0.0.1 freeps3.peel.com
127.0.0.1 www.peel.com #[IE-SpyAd]
127.0.0.1 www.peel.net
127.0.0.1 ads.pennyweb.com #[addynamix.com]
127.0.0.1 banners.pennyweb.com #[IE-SpyAd]
127.0.0.1 www.peruvianmarket.com #[Trojan.Beagooz.D]
127.0.0.1 ads.photosight.ru
127.0.0.1 phpadsnew.com
127.0.0.1 www.phpadsnew.com
127.0.0.1 ads.planetactive.com
127.0.0.1 ads2.playnet.com
127.0.0.1 adserver.pollstar.com #[eTrust.Tracking Cookie]
127.0.0.1 popfind.net #[Adware.Ddpop]
127.0.0.1 www.pops-stop.com #[Spyware.SafeSurfing]
127.0.0.1 www.popupads.com #[IE-SpyAd]
127.0.0.1 www.popupad.net #[IE-SpyAd]
127.0.0.1 popupblockade.com #[Parasite.Httper]
127.0.0.1 www.popupblockade.com #[IE-SpyAd]
127.0.0.1 popupmoney.com #[IE-SpyAd]
127.0.0.1 server01.popupmoney.com
127.0.0.1 www.popupmoney.com
127.0.0.1 popadstop.com #[Adware.PopAdStop]
127.0.0.1 www.popadstop.com
127.0.0.1 www.popunder.info #[TROJ_CHECKIN.B]
127.0.0.1 www2.portdetective.com
127.0.0.1 www.ppctracking.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 adview.ppro.de
127.0.0.1 x0x0l.pp.ru #[BKDR_CCT.A]
127.0.0.1 www.praize.com #[Adware.Praize]
127.0.0.1 ads.primeinteractive.net
127.0.0.1 www.promarketingclub.com
127.0.0.1 www.prtracker.com
127.0.0.1 www.profitzone.com #[SunBelt.ProfitZONE Adbar]
127.0.0.1 ads.pro-market.net
127.0.0.1 pbid.pro-market.net
127.0.0.1 www.promo.com.au
127.0.0.1 www.prutect.com #[Spyware.e2give][Win32.Prutec.A]
127.0.0.1 www.protectedmedia.com #[Trojan.Wimad][Panda.WmvDown.B]
127.0.0.1 ad.prv.pl
127.0.0.1 ad.sma.punto.net
127.0.0.1 sma.punto.net
127.0.0.1 www.pureseeker.com #[C2Media/LOP variant][IE-SpyAd]
127.0.0.1 www.pwallet.com #[IE-SpyAd]
# Q
127.0.0.1 qanmqqoiw.com #[Trojan.Gamqowi]
127.0.0.1 adserv.quality-channel.de
127.0.0.1 ads-205.quarterserver.de
127.0.0.1 questionmarket.com #[IE-SpyAd]
127.0.0.1 amch.questionmarket.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 survey.questionmarket.com
127.0.0.1 www.questionmarket.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 quickmetasearch.com #[ADW_SEARCHMETA.A][Adware.MetaSearch]
127.0.0.1 www.qq886.com #[Backdoor.Semes]
127.0.0.1 qqqqqq.info #[Trojan-Spy.Win32.Goldun.do]
# R
127.0.0.1 counter.rapidcounter.com
127.0.0.1 www.rapidcounter.com
127.0.0.1 www.autoraskrutka.ru #[Spyware.Acext]
127.0.0.1 www.raskrutim.ru #[Spyware.Acext]
127.0.0.1 www.realclicks.com
127.0.0.1 ads.rediff.com
127.0.0.1 adworks.rediff.com
127.0.0.1 imadworks.rediff.com
127.0.0.1 visit.referralware.com
127.0.0.1 ads.register.com
127.0.0.1 www.registrarads.com
127.0.0.1 counter.relmaxtop.com
127.0.0.1 www.relmaxtop.com
127.0.0.1 banner.relcom.ru
127.0.0.1 adservice.recon-networks.com
127.0.0.1 dae.responsetarget.com #[AutoGK][IE-SpyAd]
127.0.0.1 ads.revenews.com
127.0.0.1 ads.revsci.net
127.0.0.1 js.revsci.net
127.0.0.1 pix01.revsci.net
127.0.0.1 rightstats.com
127.0.0.1 www.rightstats.com
127.0.0.1 m.rmbclick.com #[IE-SpyAd]
127.0.0.1 client.roiadtracker.com #[IE-SpyAd]
127.0.0.1 hits.roitracker.com #[IE-SpyAd]
127.0.0.1 www.rgs-rostock.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 ad.ro2cn.com #[Adware.Ro2cn]
127.0.0.1 ldkiekxc.rr.nu #[Backdoor.Ryejet.B]
# S
127.0.0.1 judo.salon.com
127.0.0.1 oas.salon.com
127.0.0.1 www.savehits.com #[IE-SpyAd]
127.0.0.1 matchnet.st.sageanalyst.net
127.0.0.1 st.sageanalyst.net #[IE-SpyAd][Ad-Aware.Tracking Cookie]
127.0.0.1 pigmailer.scarryserv.biz #[Trojan.Mochi]
127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]
127.0.0.1 www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]
127.0.0.1 www.scratchindian.com #[Backdoor.Samkams]
127.0.0.1 adsremote.scripps.com
127.0.0.1 te.scripps.com
127.0.0.1 counter.search.bg #[IE-SpyAd]
127.0.0.1 searchalot.com #[IE-SpyAd]
127.0.0.1 cards.searchalot.com
127.0.0.1 mail.searchalot.com
127.0.0.1 search.searchalot.com
127.0.0.1 web.searchalot.com
127.0.0.1 www.searchalot.com #[McAfee.Adware-Tronix]
127.0.0.1 searchandclick.com
127.0.0.1 search.searchandclick.com
127.0.0.1 www.searchandclick.com #[Parasite.Browseraid][SearchAndClick]
127.0.0.1 www.searchgauge.com
127.0.0.1 searchitquick.com #[IE-SpyAd]
127.0.0.1 tb.searchitquick.com #[hotwebsearch.com][HJTH.Begin2Search Adware]
127.0.0.1 www.searchitquick.com #[SunBelt.SearchItQuick Toolbar]
127.0.0.1 www.searchlistings.biz #[IE-SpyAd]
127.0.0.1 www.searchmachine.com #[IE-SpyAd]
127.0.0.1 www.searchmagnifier.com
127.0.0.1 searchproject.net #[Trojan.Phel.A]
127.0.0.1 www.searchrelevancy.com #[Spyware.Relevancy]
127.0.0.1 www.searchresult.net #[Parasite.IgetNet]
127.0.0.1 searchtofind.net #[W32/Agent.DIR]
127.0.0.1 www.search-toolbar.com #[Trojan.Magise]
127.0.0.1 home.searchwords.com #[eTrust.AdRoad.Cpr]
127.0.0.1 www.searchwords.com #[Adware.SearchWords]
127.0.0.1 browser.secondpower.com
127.0.0.1 download.secondpower.com
127.0.0.1 www1.secondpower.com
127.0.0.1 www3.secondpower.com #[IE-SpyAd][KB320159]
127.0.0.1 www.secondpower.com #[SunBelt.SecondPower Multimedia Speedbar]
127.0.0.1 plugin.secureservicepack.com #[HJTH.GoDOTLess]
127.0.0.1 adserver.securityfocus.com #[RealMedia]
127.0.0.1 www.sedotracker.com
127.0.0.1 www.sedotracker.de #[IE-SpyAd]
127.0.0.1 www.selfsurveys.com #[IE-SpyAd]
127.0.0.1 www.seehits.com
127.0.0.1 www.seekmp3.com #[HJTH.C2Media/LOP variant]
127.0.0.1 www.send-safe.com #[Spamware]
127.0.0.1 servirc1.servebeer.com
127.0.0.1 servirc2.servebeer.com #[Backdoor.Sparta.D]
127.0.0.1 sesso.com
127.0.0.1 www.sesso.com #[VBS.Biscuit.A@mm]
127.0.0.1 www.sexyads.net
127.0.0.1 simplenter.com #[Adware.UniversalTB]
127.0.0.1 www.simplenter.com
127.0.0.1 www.simpletoolbar.com #[SunBelt.UniversalSearchToolbar]
127.0.0.1 sincooweb.com #[Backdoor.Graybird.N]
127.0.0.1 quasar.sitegauge.com
127.0.0.1 tracker.sitescout.com #[IE-SpyAd]
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 www.sitestatslive.com
127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]
127.0.0.1 ads.shizmoo.com #[IE-SpyAd]
127.0.0.1 www.shockcounter.com #[IE-SpyAd]
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com #[IE-SpyAd]
127.0.0.1 www.smartadstats.com #[IE-SpyAd]
127.0.0.1 smart-browser.com #[eTrust.SmartBrowser]
127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]
127.0.0.1 www.smart-browser.com #[Adware.SmartBrowser]
127.0.0.1 smartclicks.net #[IE-SpyAd]
127.0.0.1 www.smartclicks.net
127.0.0.1 smarter.com #[IE-SpyAd]
127.0.0.1 sidebar.smarter.com
127.0.0.1 www.smarter.com #[SunBelt.eBates.WebSearch]
127.0.0.1 ads.smni.com
127.0.0.1 static.smni.com
127.0.0.1 a.softpedia.com
127.0.0.1 adserver.softwareonline.com
127.0.0.1 www1.spaex.com #[searchboss.com][IE-SpyAd]
127.0.0.1 www.spedia.net #[SunBelt.SpediaBar][IE-SpyAd]
127.0.0.1 ftp.sptr.info
127.0.0.1 www.sptr.info #[AVG.PSW.Generic.DLE][Backdoor.Zagaban]
127.0.0.1 www.spyarsenal.com #[Spyware.DesktopSpy][Spyware.FamilyKeylog]
127.0.0.1 www.spymoon.com #[Trojan.Eaghouse.B]
127.0.0.1 spyware.com #[roar.com]
127.0.0.1 ss999ss.com #[Trojan.Snines]
127.0.0.1 www.ssppyy.com #[Spyware.Ssppyy]
127.0.0.1 www.s-tracking.com
127.0.0.1 ads.starpulse.com
127.0.0.1 adsintl.starwave.com
127.0.0.1 c1.statcounter.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 c2.statcounter.com
127.0.0.1 c3.statcounter.com #[eTrust.Tracking Cookie]
127.0.0.1 c4.statcounter.com
127.0.0.1 c5.statcounter.com
127.0.0.1 c6.statcounter.com
127.0.0.1 c7.statcounter.com
127.0.0.1 c8.statcounter.com
127.0.0.1 c9.statcounter.com #[server down?]
127.0.0.1 c10.statcounter.com
127.0.0.1 s2.statcounter.com
127.0.0.1 www.statcounter.com #[IE-SpyAd]
127.0.0.1 js.statistici.ro
127.0.0.1 log.statistici.ro
127.0.0.1 s.statistici.ro #[IE-SpyAd]
127.0.0.1 www.statomatic.com #[IE-SpyAd]
127.0.0.1 statistik-gallup.net
127.0.0.1 stats4you.com #[IE-SpyAd]
127.0.0.1 reg.stats4all.com
127.0.0.1 www.stats4you.com #[IE-SpyAd]
127.0.0.1 stats4all.ws
127.0.0.1 www.stats4all.ws
127.0.0.1 statswhere.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.stickypops.com #[eTrust.Stickypops][IE-SpyAd]
127.0.0.1 i.stolefrommvps.org
127.0.0.1 www.sublimemedia.net
127.0.0.1 clix.superclix.de #[IE-SpyAd]
127.0.0.1 www.superlogy.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 adidm.supermedia.pl
127.0.0.1 sqwire.com #[Adware.Sqwire][Xupiter.Sqwire]
127.0.0.1 www.sqwire.com #[Parasite.Xupiter][Adware-PornKings]
127.0.0.1 www.surfassistant.com
127.0.0.1 rd1.surfernetwork.com #[SurferNETWORK Plugin]
127.0.0.1 www.surfernetwork.com
127.0.0.1 www.surveynetworks.com
127.0.0.1 www.surveysite.com
127.0.0.1 www2.survey-poll.com #[Microsoft]
127.0.0.1 www1.sweetbar.com #[ADW_SWEETBAR.A]
127.0.0.1 www.sweetbar.com #[SecurityRisk.Downldr]
127.0.0.1 www.symantic.com #[Typo Squatter][IE-SpyAd]
127.0.0.1 www.syamantec.com #[Typo Squatter]
127.0.0.1 adpick.switchboard.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 www.szadk.com #[PWSteal.Trojan]
# T
127.0.0.1 an.tacoda.net
127.0.0.1 anad.tacoda.net
127.0.0.1 te.tacoda.net
127.0.0.1 ads.tagword.com
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 srs.targetpoint.com
127.0.0.1 tat-neftbank.ru #[Backdoor.Berbew.H]
127.0.0.1 ad.gen.tbn.ru
127.0.0.1 ad.120-gen.tbn.ru
127.0.0.1 www.tenmonkey.com
127.0.0.1 www.teslaplus.com #[Rogue/Suspect.Affiliate][Psguard]
127.0.0.1 www.textads.biz
127.0.0.1 www.text-link-ads.com
127.0.0.1 a.tfag.de
127.0.0.1 ak.tfag.de
127.0.0.1 theaffiliateprogram.com
127.0.0.1 adbot.theonion.com
127.0.0.1 oascentral.theonionavclub.com
127.0.0.1 www.thepokerclub.com #[SecurityRisk.ClubPoker]
127.0.0.1 webtrends.thisis.co.uk #[Hitbox]
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 tnc4u.com #[Parasite.DownloadPlus]
127.0.0.1 new.tnc4u.com
127.0.0.1 www.tnc4u.com #[Adware.DownloadPlus]
127.0.0.1 www.toilet.com #[IE-SpyAd]
127.0.0.1 ad.tomshardware.com
127.0.0.1 topinstalls.com #[AVG.Trojan.Dropper.Agent.PP]
127.0.0.1 www.topinstalls.com #[TROJ_SMALL.AAL]
127.0.0.1 log.trafic.ro #[IE-SpyAd]
127.0.0.1 storage.trafic.ro
127.0.0.1 www.toolshack.com #[IE-SpyAd]
127.0.0.1 www.top-search.com #[Adware-SSF.dr]
127.0.0.1 ad.topstat.com
127.0.0.1 nl.topstat.com #[IE-SpyAd]
127.0.0.1 s26.topstat.com
127.0.0.1 xl.topstat.com
127.0.0.1 banners.toteme.com
127.0.0.1 cachebanners.toteme.com
127.0.0.1 ads.track-star.com
127.0.0.1 adserver.track-star.com
127.0.0.1 geo2.track-star.com
127.0.0.1 www.track-star.com
127.0.0.1 www.traffic-stock.com #[Parasite.RichFind]
127.0.0.1 tradeexit.com #[SunBelt.TradeExit]
127.0.0.1 www.tradeexit.com #[Parasite.Winupie]
127.0.0.1 ads.traderonline.com #[RealMedia]
127.0.0.1 www.trafficbeamer.nl
127.0.0.1 trafficg.com #[IE-SpyAd]
127.0.0.1 www.trafficg.com
127.0.0.1 www.trafficflame.com
127.0.0.1 trafficfile.com #[IE-SpyAd]
127.0.0.1 www.trafficfile.com
127.0.0.1 trackyourstats.com
127.0.0.1 hit.traxdb.net
127.0.0.1 media.travelzoo.com
127.0.0.1 media2.travelzoo.com
127.0.0.1 troyanov.net #[Trojan.Anicmoo]
127.0.0.1 www.troyanov.net #[nowfind.net]
127.0.0.1 trustbid.ws
127.0.0.1 www.trustbid.ws
127.0.0.1 www.trusttoolbar.com #[eTrust.Trust Toolbar]
127.0.0.1 counts.tucows.com
127.0.0.1 google.tucows.com
127.0.0.1 www.turbomemorycharger.com #[Adware.Fapi]
127.0.0.1 ads.tweakxp.com
# U
127.0.0.1 ads.ucomics.com #[RealMedia]
127.0.0.1 image.ugo.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 www.ukbanners.com #[IE-SpyAd]
127.0.0.1 ukstories.net #[Trojan-Spy.Win32.Goldun.bk][Trojan.Repsamo]
127.0.0.1 ultimatecounter.com #[IE-SpyAd]
127.0.0.1 www.ultimatecounter.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 ads.unlimitedbanners.com #[IE-SpyAd]
127.0.0.1 undertonenetworks.com #[zedo.com][IE-SpyAd]
127.0.0.1 www.undertonenetworks.com
127.0.0.1 ads1.updated.com
127.0.0.1 www.updatehq.net #[Spyware.Surfcomp]
127.0.0.1 www.updatenow.org #[IE-SpyAd]
127.0.0.1 www.upgradenow.org
127.0.0.1 www.up-the-creek.com #[MHTMLRedir.Exploit]
127.0.0.1 www.upspiral.com #[Adware.UpSpiralBar]
127.0.0.1 usachoice.net #[IE-SpyAd]
127.0.0.1 ushuistov.net #[Win32.Chisyne.F]
127.0.0.1 www.utarget.co.uk #[utarget Ad code]
# V
127.0.0.1 beacon.valeoip.com
127.0.0.1 ad.valuehost.ru #[IE-SpyAd]
127.0.0.1 counters.vendio.com
127.0.0.1 www.venus123.com #[IE-SpyAd]
127.0.0.1 www.verticlick.com
127.0.0.1 image.versiontracker.com
127.0.0.1 spinbox.versiontracker.com
127.0.0.1 ads.vesperexchange.com
127.0.0.1 www.vesperexchange.com
127.0.0.1 cinnam.vibrahost.com #[PWSteal.Revcuss.C][Win32.Revcuss.C]
127.0.0.1 vivi.vibrahost.com #[PWSteal.Revcuss.A]
127.0.0.1 yihuu.vicp.net #[Backdoor.Darkmoon.B]
127.0.0.1 oas.villagevoice.com
127.0.0.1 stat1.vipstat.com
127.0.0.1 banners.vipprofits.com
127.0.0.1 visit-link.com
127.0.0.1 www.voonda.com #[Spyware.TAFbar]
127.0.0.1 www.vstats.net #[IE-SpyAd]
127.0.0.1 ads.vnuemedia.com #[VNUAdTag]
127.0.0.1 sevenc.vze.com #[VBS.Powcox@mm]
# W
127.0.0.1 www.w3exit.com
127.0.0.1 www.want2c.com #[IE-SpyAd]
127.0.0.1 www.warezdownload.ws #[TROJ_BANKER.DC]
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 way4find.com
127.0.0.1 www.way4find.com #[Downloader-TA.dll]
127.0.0.1 wcft.net #[Parasite.LinkReplacer]
127.0.0.1 www.wcft.net
127.0.0.1 ads.weather.com
127.0.0.1 100webads.com #[IE-SpyAd]
127.0.0.1 ads.webattack.com
127.0.0.1 webcounter.com #[IE-SpyAd]
127.0.0.1 www.webcounter.com
127.0.0.1 ads.webhosting.info
127.0.0.1 banners.webmasterplan.com
127.0.0.1 fc.webmasterpro.de
127.0.0.1 adv.webmd.com
127.0.0.1 webhits.de #[IE-SpyAd]
127.0.0.1 stat.webmedia.pl #[IE-SpyAd]
127.0.0.1 bannervip.web1000.com #[IE-SpyAd]
127.0.0.1 ads.webads360.com #[IE-SpyAd]
127.0.0.1 clickcash.webpower.com #[IE-SpyAd]
127.0.0.1 orders.webpower.com
127.0.0.1 img.webring.com
127.0.0.1 img1.webring.com
127.0.0.1 ss.webring.com
127.0.0.1 ads.webshots.com
127.0.0.1 www.webstars2000.com
127.0.0.1 www.webstat.net
127.0.0.1 fry.webtistic.com
127.0.0.1 www.webtistic.com #[IE-SpyAd]
127.0.0.1 toolbar.webtoolbars.com #[IE-SpyAd]
127.0.0.1 weirdontheweb.net
127.0.0.1 www.weirdontheweb.net #[Adware.WeirdOnTheWeb]
127.0.0.1 www.wenksdisdkjeilsow.com #[Parasite.AutoStartup][Download.Trojan]
127.0.0.1 wetrack.it #[IE-SpyAd]
127.0.0.1 st.wetrack.it
127.0.0.1 www.wgutv.com #[Adware.BuddyLinks]
127.0.0.1 partner1.whatsfind.com
127.0.0.1 www.whatsfind.com #[HTML_STARTPAGE.C]
127.0.0.1 y0.windows-center.com #[Backdoor.Shellbot]
127.0.0.1 join1.winhundred.com
127.0.0.1 www.win-update.net #[Trojan.Magise]
127.0.0.1 window1.com #[IE-SpyAd]
127.0.0.1 ads.winhelp2002.com
127.0.0.1 ads.winsite.com
127.0.0.1 winstream.com #[Parasite.Searchex]
127.0.0.1 www.winstream.com
127.0.0.1 clicktrack.wnu.com
127.0.0.1 www.wowweb.net #[Adware.WWWBar]
127.0.0.1 www.wslm.net #[REG_SEEKER.N]
# X
127.0.0.1 x0x.biz
127.0.0.1 www.x0x.biz #[Backdoor.Berbew.D]
127.0.0.1 xcounters.com
127.0.0.1 a.xcounters.com
127.0.0.1 count.xhit.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 xlonhcld.xlontech.net #[IE-SpyAd]
127.0.0.1 nedstats.xs4all.nl
127.0.0.1 hit1.xstats.com
127.0.0.1 view1.xstats.com
127.0.0.1 ads.xtra.co.nz
# Y
127.0.0.1 freegames.yaboo.dk #[W32.Guapim]
127.0.0.1 ads.yadio.com
127.0.0.1 dl.yadio.com
127.0.0.1 www.yadio.com
127.0.0.1 ad.yadro.ru #[IE-SpyAd]
127.0.0.1 counter.yadro.ru
127.0.0.1 bs.yandex.ru
127.0.0.1 www.yandex.ru
127.0.0.1 crsky2004.yeah.net #[Backdoor.Singu.B]
127.0.0.1 lb1.youbettersearch.com
127.0.0.1 ysearchus.com #[Parasite.TinyBar]
127.0.0.1 www.ysearchus.com
127.0.0.1 www.yuups.com #[Adware.Yuupsearch]
127.0.0.1 www.yyue.com #[TROJ_STARTPAG.OC]
# Z
127.0.0.1 ad.zanox.com
127.0.0.1 zanox-affiliate.de
127.0.0.1 www.zenotecnico.com #[desktoptraffic.net][Adware.ZenoSearch]
127.0.0.1 counter.zone.ee
127.0.0.1 mp3.zonebg.com #[HJTH.C2Media/LOP variant]
127.0.0.1 ads.zone-media.com #[Troj/Swizzor-CN]
127.0.0.1 ayb.zone-media.com
127.0.0.1 www.zone-media.com
127.0.0.1 bannerads.zwire.com
127.0.0.1 zxserv0.com #[Trojan.Zhopa][F-Secure.Small.wy]
# [Misc]
127.0.0.1 0cat.com #[0Cat YellowPages]
127.0.0.1 www.0cat.com #[Adware.STIEBar]
127.0.0.1 banner.0catch.com
127.0.0.1 www.0stats.com
127.0.0.1 cc.1asphost.com #[Trojan.Bansap]
127.0.0.1 123mania.com #[ADW_123MANIA.A]
127.0.0.1 www.123mania.com #[Parasite.123Mania][Adware.MatrixSearch]
127.0.0.1 123stat.com #[IE-SpyAd]
127.0.0.1 ad2.163.com
127.0.0.1 adclient.163.com
127.0.0.1 images.163.com
127.0.0.1 popme.163.com
127.0.0.1 smtp.163.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 1234.2bro.com #[Adware.Satbo]
127.0.0.1 www.241hits.com
127.0.0.1 up.isp.2ch.net #[Trojan.Upchan]
127.0.0.1 2z0o.net #[Trojan.Popper]
127.0.0.1 pop1.2z0o.net #[admarketplace.net]
127.0.0.1 pop2.2z0o.net #[TROJ_DLOADER.AGS]
127.0.0.1 req2.2z0o.net #[McAfee.Downloader-ACV]
127.0.0.1 www.3d-icons.com #[Adware bundler]
127.0.0.1 www.3find.com #[Trojan-Clicker.Win32.Small.hn]
127.0.0.1 www.3241.com #[Troj/Zikdow-B]
127.0.0.1 guannan.3322.net #[IE-SpyAd]
127.0.0.1 download.35mb.com #[impregnable.net]
127.0.0.1 static.35mb.com #[HJTH.Win32.IstBar.fa]
127.0.0.1 www.35mb.com #[HJTH.MediaTickets Installer]
127.0.0.1 ct.360i.com
127.0.0.1 ad.37.com
127.0.0.1 www.40best.com #[HJTH.C2Media/LOP variant]
127.0.0.1 41m.com #[HJTH.XXXToolbar Variant][Trojan.Clicker.BL]
127.0.0.1 cshacks.41m.com
127.0.0.1 msncheck.41m.com
127.0.0.1 www.41m.com
127.0.0.1 5sec.biz #[Backdoor.Fivsec]
127.0.0.1 5sec.info
127.0.0.1 www.5sec.info
127.0.0.1 5sec.org
127.0.0.1 www.ff.iij4u.or.jp #[Trojan.Upchan]
127.0.0.1 10000hits.net #[IE-SpyAd]
127.0.0.1 1000stars.ru #[IE-SpyAd]
127.0.0.1 7am.com
127.0.0.1 www.75558889.com #[Panda.Hupigon.BS]
127.0.0.1 www.777search.com #[C2Media/LOP]
127.0.0.1 www.7000n.com #[Adware.7000n]
127.0.0.1 ajim.delphibbs.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 banners.4d5.net
127.0.0.1 banner.50megs.com
127.0.0.1 www.53best.com #[Trojan-PSW.Win32.Lmir.gen]
127.0.0.1 banners.dot.tk
127.0.0.1 topsites.us #[Parasite.eStart]
127.0.0.1 www.9ringtone.com
# [123Banners][123Greetings.com][TROJ_NALDEM.A][Trojan.Naldem]
127.0.0.1 www.123banners.com
127.0.0.1 ftp.123banners.com
127.0.0.1 123go.com
127.0.0.1 ns1.123go.net
# [180solutions][CDT Inc][KB317714][KB320162]
127.0.0.1 180solutions.com
127.0.0.1 ads.180solutions.com
127.0.0.1 ax.180solutions.com #[HJTH.nCase Variant]
127.0.0.1 bis.180solutions.com #[nCaseInstaller Class][ADW_SOLU180.F]
127.0.0.1 bisads.180solutions.com
127.0.0.1 config.180solutions.com #[eTrust.180SearchAssistant]
127.0.0.1 cts.180solutions.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 installs.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 tv.180solutions.com
127.0.0.1 www.180solutions.com #[Parasite.nCase]
127.0.0.1 www.180solutions.net
127.0.0.1 infinity.180searchassistant.com #[ADW_SOLU180.H]
127.0.0.1 www.180searchassistant.com #[Adware.180Search]
127.0.0.1 blazefind.com #[IE SearchBar][Adware.CDT]
127.0.0.1 findwhatevernow.blazefind.com
127.0.0.1 omniscient.blazefind.com #[TROJ_BLAZEFIND.A]
127.0.0.1 xml.blazefind.com
127.0.0.1 www.blazefind.com #[Adware.BlazeFind.B]
127.0.0.1 www.captioncity.com
127.0.0.1 www.enterjericho.com
127.0.0.1 www.epipo.com
127.0.0.1 flingstone.com #[TROJ_WINFAVS.A][Trojan.TrustedZones]
127.0.0.1 redirect.flingstone.com
127.0.0.1 static.flingstone.com #[brdg Class]
127.0.0.1 www.flingstone.com #[Adware.WinFavorites.B]
127.0.0.1 www2.flingstone.com #[brdg Class][Win32/Bryss.Spy.Trojan]
127.0.0.1 www.fullarmorstudios.com
127.0.0.1 loudcash.com
127.0.0.1 partners.loudcash.com
127.0.0.1 www.loudcash.com
127.0.0.1 www.metricsdirect.com
127.0.0.1 n-case.com
127.0.0.1 www.n-case.com #[Panda.Adware/nCase]
127.0.0.1 www.n-case.net
127.0.0.1 page-not-found.org
127.0.0.1 www.radiopranks.com
127.0.0.1 public.searchbarcash.com #[HJTH.SearchBarCash]
127.0.0.1 www.searchbarcash.com #[Parasite.TinyBar][Downloader.Small.5.Y]
127.0.0.1 searchbrowser.com
127.0.0.1 findwhatevernow.searchbrowser.com
127.0.0.1 search.prositefinder.com #[SunBelt.bho.180Solutions.ProSiteFinder]
127.0.0.1 skoobidoo.com
127.0.0.1 www.skoobidoo.com
127.0.0.1 www2.skoobidoo.com #[Downloader.MSCache]
127.0.0.1 www.starpranks.com
127.0.0.1 winadclient.com
127.0.0.1 eula.winadclient.com
127.0.0.1 www.winadclient.com
127.0.0.1 windowssr.com
127.0.0.1 windupdates.com #[Adware.WinTaskAd][Trojan.TrustedZones]
127.0.0.1 public.windupdates.com #[Windows SyncroAd]
127.0.0.1 static.windupdates.com #[ADW_WUPD.F][ADW_WINSTATX.A]
127.0.0.1 www.windupdates.com #[AdvWare.WinAD]
127.0.0.1 counterstrike.server.us #[Downloader.CDT]
127.0.0.1 downloads.zango.com #[SunBelt.180Solutions.Zango.TVTimes]
127.0.0.1 games.zango.com #[SunBelt.Adw.Zango.Solitaire]
127.0.0.1 infinity.zango.com #[ZangoInstaller Class]
127.0.0.1 lp.zango.com
127.0.0.1 messenger.zango.com
127.0.0.1 showtimes.zango.com
127.0.0.1 www.zango.com #[Adware.ZangoSearch]
127.0.0.1 prompt.zangocash.com
127.0.0.1 static.zangocash.com
127.0.0.1 www.zangogames.com
127.0.0.1 www.zangomessenger.com
127.0.0.1 www.zangopartner.com
127.0.0.1 www.zangopartner.net
127.0.0.1 www.zangoshowtimes.com
# [3721.COM][Parasite.CnsMin][Adware.Wengs]
127.0.0.1 address.3721.com
127.0.0.1 agent.3721.com
127.0.0.1 assistant.3721.com
127.0.0.1 cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 corp.3721.com
127.0.0.1 dir.3721.com
127.0.0.1 download.3721.com
127.0.0.1 express.3721.com
127.0.0.1 img.3721.com
127.0.0.1 magic.3721.com
127.0.0.1 mark.3721.com
127.0.0.1 meta.3721.com
127.0.0.1 msearch.3721.com
127.0.0.1 sbox.3721.com
127.0.0.1 shanghai.3721.com
127.0.0.1 sina.3721.com
127.0.0.1 user.3721.com
127.0.0.1 wap.3721.com
127.0.0.1 www.3721.com #[Adware.Chinet][ADW_CNSMIN.A]
127.0.0.1 yahoo.3721.com
127.0.0.1 3721.com
127.0.0.1 download.feiyang.com
# [411 Web Directory]
127.0.0.1 ad.411web.com
127.0.0.1 adtracker.411web.com
127.0.0.1 hits.411web.com
127.0.0.1 overture.411web.com
127.0.0.1 static.411web.com
127.0.0.1 xml.411web.com
127.0.0.1 search.letssearch.com
127.0.0.1 www.letssearch.com #[BrowserAid.LetsSearch]
127.0.0.1 sidebysidesearch.com
127.0.0.1 go.sidebysidesearch.com
127.0.0.1 www.sidebysidesearch.com #[Adware.SideBySide]
# [7Search.com Networks][EMERgency 24, Inc]
127.0.0.1 7search.com #[Parasite.7FaSSt Search]
127.0.0.1 fstrack.7search.com
127.0.0.1 ia1.7search.com
127.0.0.1 mainws2.7search.com
127.0.0.1 meta.7search.com
127.0.0.1 impression.7search.com
127.0.0.1 www.7search.com #[Spyware.SevenSearch]
127.0.0.1 img.7meta.com
127.0.0.1 www.7metasearch.com
127.0.0.1 www.a1fax.com
127.0.0.1 adtactics.com #[IE-SpyAd]
127.0.0.1 bannerx.adtactics.com
127.0.0.1 www.adtactics.com
127.0.0.1 advertisingagent.com
127.0.0.1 ajokeaday.com #[IE-SpyAd]
  • 0

#13
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmm,seems Winhelp recently updated the Hosts File so those very well may be legit entries.

We wont worry about it for now because those logs all look correct.

Use the PC normally for a day or 2 and post back after that and let me know how things are running?
  • 0

#14
guitarguy99

guitarguy99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi CRETEMONSTER;
No more WINFIXER :tazz:
No more problem popups. thanks for your help. I am going to donate to your site-keep up the good work !
  • 0

#15
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thats great news,you have done an excellent job getting this PC cleaned up! :tazz:


Go ahead and Renable System Restore and restart the PC,this will clear out all old nasty restore points and create a nice new fresh clean one for you to fall back on should you ever need it.


Read through those 3 little black links in my signature to get some extra ideas about how to avoid this in the future.


Make sure you keep your Windows Operating System up to date by visiting Windows Updates regularly to download and install any critical updates and service packs.


If you ever need us again,you know how to find us! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP