Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Pop-ups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 02-27-2005, 07:09 PM   #1 (permalink)
Member
 
Join Date: Jan 2005
Location: Virginia
Posts: 23
OS: XP


Send a message via AIM to Dazed Hybrid
Pop-ups
Lately I've been getting more pop ups and I tried running Clean Up, Ad-Aware and Spybore S&D but I'm still getting them. I just ran them and here is my HijackThis log:

===========================================================================================================================
Log was analyzed using HijackThis Analyzer - Updated on 12/17/04
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 10:03:17 PM, on 2/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\program files\windows media player\qttask.exe
C:\Documents and Settings\Obscured Despair\My Documents\RandomPrograms\AIM\aim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;dav.calendar.msn.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\windows media player\qttask.exe" -atboottime
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: customize__IE.lnk = C:\hp\REGION\customizeIe.wsf
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: MsnFixer.lnk = ?
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Obscured Despair\My Documents\RandomPrograms\AIM\aim.exe
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Obscured Despair\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microso.../TLIEFlash.CAB
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zonelabs.com/bin/pro...tor/WebSWK.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


End of HijackThis Analyzer Log.
===========================================================================================================================

Thank you guys in advance. =)
Dazed Hybrid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 02-27-2005, 07:38 PM   #2 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,327
OS: Windows 98 & Windows XP Home/Pro

My System

Any idea what these are for:

O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta

Did you put QuickTime into the Windows Media Player folder? Check to see if it is QuickTime in that folder:

O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\windows media player\qttask.exe" -atboottime

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-27-2005, 07:56 PM   #3 (permalink)
Member
 
Join Date: Jan 2005
Location: Virginia
Posts: 23
OS: XP


Send a message via AIM to Dazed Hybrid
This is a wallpaper added to Internet Explorer at the top where all the buttons are. If you think I should delete it, I will since I don't use IE that much anyways. [I use Firefox]

O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta



I don't remember putting the Quicktime files into the Windows Media Player folder. My brother may have done that, but I'm not sure. There is a Quicktime folder already with the files. Though the icons are different. Should I delete the one in the Windows Media Player folder?



Here is the log:
StartDreck (build 2.1.7 public stable) - 2005-02-27 @ 22:47:03 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Obscured Despair at YOUR-US67PI6LUV

»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
»RunOnce
»Default User
»Run
*Yahoo! Pager=C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
*hpsysdrv=c:\windows\system\hpsysdrv.exe
*NvCplDaemon=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
*nwiz=nwiz.exe /install
*CamMonitor=C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
*KBD=C:\HP\KBD\KBD.EXE
*dla=C:\WINDOWS\system32\dla\tfswctrl.exe
*Recguard=C:\WINDOWS\SMINST\RECGUARD.EXE
*IgfxTray=C:\WINDOWS\System32\igfxtray.exe
*HotKeysCmds=C:\WINDOWS\System32\hkcmd.exe
*HPDJ Taskbar Utility=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
*checktime=c:\program files\HPSelect\Frontend\ct.exe
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
*mswspl=
*WinampAgent=C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
*AVG7_EMC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
*AlcxMonitor=ALCXMNTR.EXE
*tgcmd="C:\Program Files\support.com\bin\tgcmd.exe" /server
*QuickTime Task="C:\program files\windows media player\qttask.exe" -atboottime
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Documents and Settings\Obscured Despair\My Documents\SBSD-AA\Spybot - Search & Destroy\blindman.exe" %1
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Microsoft Web Publishing Wizard 1.52/{44BBA851-CC51-11CF-AAFA-00AA00B6015C}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
+Microsoft Internet Explorer 5 Toolbar Wallpaper/{c23dd370-cb79-11d2-898a-00c04f80a47f}
*StubPath=rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
*Google Toolbar Helper/{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=c:\program files\google\googletoolbar2.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.comcast.net/
*Window Title=Microsoft Internet Explorer provided by Comcast
+SearchUrl
*provider=
*=http://home.microsoft.com/access/autosearch.asp?p=%s
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.comcast.net/
*Window Title=Microsoft Internet Explorer provided by Comcast
*CustomizeSearch=
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\System32\Userinit.exe
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Obscured Despair\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\Obscured Despair\Start Menu\Programs\Startup\Webshots.lnk
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\customize__IE.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp center.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MsnFixer.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\wininit.ini
`[rename]
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\Temp\winlnet.dll.IE5\index.dat
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\TEMPOR~1\Content.IE5\KXYBSHQZ\AI7666~1.HTM
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\TEMPOR~1\Content.IE5\KXYBSHQZ\AI7A66~1.HTM
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\TEMPOR~1\Content.IE5\KXYBSHQZ\AOL_15~1.HTM
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\TEMPOR~1\Content.IE5\R4YUMH61\AI3458~1.HTM
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\TEMPOR~1\Content.IE5\R4YUMH61\AIM_UA~1.HTM
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\TEMPOR~1\Content.IE5\R4YUMH61\AOL_11~1.HTM
`NUL=C:\DOCUME~1\OBSCUR~1\LOCALS~1\TEMPOR~1\Content.IE5\R4YUMH61\AOL_12~1.HTM
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
`127.0.0.1 desktop.kazaa.com
`127.0.0.1 www.altnetp2p.com
`127.0.0.1 alpha.kazaa.com
`127.0.0.1 shop.kazaa.com
`127.0.0.1 www.bonzi.com
`127.0.0.1 www.brilliantdigital.com
`127.0.0.1 www.b3d.com
`127.0.0.1 media.altnet.com
`127.0.0.1 www.altnet.com
`127.0.0.1 dev.bde.com.au
`127.0.0.1 update.kazaa.com
`127.0.0.1 bravo.kazaa.com
`216.239.37.101 www.kazaagold.com
`216.239.37.101 kazaagold.com
`216.239.37.101 www.k-lite.com
`216.239.37.101 www.kazaa-download.de
`216.239.37.101 www.mp3downloadhq.com
`216.239.37.101 www.easymusicdownload.com
`216.239.37.101 easymusicdownload.com
`216.239.37.101 www.mp3madeeasy.com
`216.239.37.101 www.monstershare.com
`216.239.37.101 www.kazaa-plus.net
`216.239.37.101 kazaa-plus.net
`216.239.37.101 www.kazaa-plus.com
`216.239.37.101 www.edonkey.com
`216.239.37.101 www.kazaa-file-sharing-downloads.com
`216.239.37.101 www.kazaaplatinum.com
`216.239.37.101 www.madeformusic.com
`216.239.37.101 ikazaa.net
`216.239.37.101 www.mp3u.com
`216.239.37.101 www.mp3specialty.com
`216.239.37.101 music-download-world.com
`216.239.37.101 song-download-world.com
`216.239.37.101 www.flixs.net
`216.239.37.101 www.ishareit.net
`216.239.37.101 www.ishareit.com
`216.239.37.101 www.download-doctor.com
`127.0.0.1 123banners.com
`127.0.0.1 ad.adsmart.net
`127.0.0.1 ad.de.doubleclick.net
`127.0.0.1 ad.doubleclick.net
`127.0.0.1 ad.es.doubleclick.net
`127.0.0.1 ad.fr.doubleclick.net
`127.0.0.1 ad.free6.com
`127.0.0.1 ad.it.doubleclick.net
`127.0.0.1 ad.iwin.com
`127.0.0.1 ad.jp.doubleclick.net
`127.0.0.1 ad.kr.doubleclick.net
`127.0.0.1 ad.linkexchange.com
`127.0.0.1 ad.linksynergy.com
`127.0.0.1 ad.nl.doubleclick.net
`127.0.0.1 ad.no.doubleclick.net
`127.0.0.1 ad.preferences.com
`127.0.0.1 ad.se.doubleclick.net
`127.0.0.1 ad.sma.punto.net
`127.0.0.1 ad.trafficmp.com
`127.0.0.1 ad.webprovider.com
`127.0.0.1 ad08.focalink.com
`127.0.0.1 ad1.adcept.net
`127.0.0.1 ad1.icorp.net
`127.0.0.1 ad1.looksmart.com
`127.0.0.1 ad1.peel.com
`127.0.0.1 ad2.adcept.net
`127.0.0.1 ad2.looksmart.com
`127.0.0.1 ad2.peel.com
`127.0.0.1 ad3.adcept.net
`127.0.0.1 ad3.peel.com
`127.0.0.1 ad4.peel.com
`127.0.0.1 ad-adex3.flycast.com
`127.0.0.1 adcontroller.unicast.com
`127.0.0.1 adcreatives.imaginemedia.com
`127.0.0.1 addb.looksmart.com
`127.0.0.1 adevents.msn.com
`127.0.0.1 adex3.flycast.com
`127.0.0.1 adfarm.mediaplex.com
`127.0.0.1 adforce.ads.imgis.com
`127.0.0.1 adforce.imgis.com
`127.0.0.1 adfu.blockstackers.com
`127.0.0.1 adimage.blm.net
`127.0.0.1 adimages.earthweb.com
`127.0.0.1 adimages.go.com
`127.0.0.1 adimages.imaginemedia.com
`127.0.0.1 adimg.egroups.com
`127.0.0.1 admedia.xoom.com
`127.0.0.1 admonitor.net
`127.0.0.1 adpick.switchboard.com
`127.0.0.1 adproject.net
`127.0.0.1 adremote.pathfinder.com
`127.0.0.1 adres.internet.com
`127.0.0.1 ads.adflight.com
`127.0.0.1 ads.ad-flow.com
`127.0.0.1 ads.admaximize.com
`127.0.0.1 ads.admonitor.net
`127.0.0.1 ads.adroar.com
`127.0.0.1 ads.astalavista.us
`127.0.0.1 ads.bfast.com
`127.0.0.1 ads.box.sk
`127.0.0.1 ads.burstnet.com
`127.0.0.1 ads.cdfreaks.com
`127.0.0.1 ads.chrbanner.com
`127.0.0.1 ads.clickagents.com
`127.0.0.1 ads.clickhouse.com
`127.0.0.1 ads.dai.net
`127.0.0.1 ads.datais.com
`127.0.0.1 ads.enliven.com
`127.0.0.1 ads.eu.msn.com
`127.0.0.1 ads.fairfax.com.au
`127.0.0.1 ads.fool.com
`127.0.0.1 ads.fortunecity.fr
`127.0.0.1 ads.freeze.com
`127.0.0.1 ads.freshmeat.net
`127.0.0.1 ads.god.co.uk
`127.0.0.1 ads.guardianunlimited.co.uk
`127.0.0.1 ads.hitcents.com
`127.0.0.1 ads.hollywood.com
`127.0.0.1 ads.i12.de
`127.0.0.1 ads.i33.com
`127.0.0.1 ads.ign.com
`127.0.0.1 ads.imaginemedia.com
`127.0.0.1 ads.indya.com
`127.0.0.1 ads.infi.net
`127.0.0.1 ads.irover.com
`127.0.0.1 ads.ixo.com
`127.0.0.1 ads.jpost.com
`127.0.0.1 ads.jwtt3.com
`127.0.0.1 ads.killerapp.com
`127.0.0.1 ads.link4ads.com
`127.0.0.1 ads.linksponsor.com
`127.0.0.1 ads.looksmart.com
`127.0.0.1 ads.lycos.com
`127.0.0.1 ads.lycos.de
`127.0.0.1 ads.madison.com
`127.0.0.1 ads.mediaodyssey.com
`127.0.0.1 ads.mediaturf.net
`127.0.0.1 ads.msn.com
`127.0.0.1 ads.musiccity.com
`127.0.0.1 ads.netomia.com
`127.0.0.1 ads.netpumper.com
`127.0.0.1 ads.newcity.com
`127.0.0.1 ads.newcitynet.com
`127.0.0.1 ads.ninemsn.com.au
`127.0.0.1 ads.rediff.com
`127.0.0.1 ads.satyamonline.com
`127.0.0.1 ads.seattletimes.com
`127.0.0.1 ads.smartclicks.com
`127.0.0.1 ads.smartclicks.net
`127.0.0.1 ads.sptimes.com
`127.0.0.1 ads.startpath.com
`127.0.0.1 ads.station.sony.com
`127.0.0.1 ads.tiscali.fr
`127.0.0.1 ads.tripod.com
`127.0.0.1 ads.tucows.com
`127.0.0.1 ads.vcommunities.com
`127.0.0.1 ads.web.aol.com
`127.0.0.1 ads.xtra.co.nz
`127.0.0.1 ads.zdnet.com
`127.0.0.1 ads01.focalink.com
`127.0.0.1 ads02.focalink.com
`127.0.0.1 ads03.focalink.com
`127.0.0.1 ads04.focalink.com
`127.0.0.1 ads05.focalink.com
`127.0.0.1 ads06.focalink.com
`127.0.0.1 ads07.focalink.com
`127.0.0.1 ads08.focalink.com
`127.0.0.1 ads09.focalink.com
`127.0.0.1 ads1.activeagent.at
`127.0.0.1 ads1.ad-flow.com
`127.0.0.1 ads1.speedbit.com
`127.0.0.1 ads10.focalink.com
`127.0.0.1 ads11.focalink.com
`127.0.0.1 ads12.focalink.com
`127.0.0.1 ads13.focalink.com
`127.0.0.1 ads14.focalink.com
`127.0.0.1 ads15.focalink.com
`127.0.0.1 ads16.focalink.com
`127.0.0.1 ads17.focalink.com
`127.0.0.1 ads18.focalink.com
`127.0.0.1 ads19.focalink.com
`127.0.0.1 ads2.speedbit.com
`127.0.0.1 ads2.zdnet.com
`127.0.0.1 ads20.focalink.com
`127.0.0.1 ads21.focalink.com
`127.0.0.1 ads22.focalink.com
`127.0.0.1 ads23.focalink.com
`127.0.0.1 ads24.focalink.com
`127.0.0.1 ads25.focalink.com
`127.0.0.1 ads3.speedbit.com
`127.0.0.1 ads3.zdnet.com
`127.0.0.1 ads4.speedbit.com
`127.0.0.1 ads5.gamecity.net
`127.0.0.1 ads5.speedbit.com
`127.0.0.1 ads6.speedbit.com
`127.0.0.1 ads7.speedbit.com
`127.0.0.1 ads8.speedbit.com
`127.0.0.1 adserv.bravenet.com
`127.0.0.1 adserv.bravenet.com
`127.0.0.1 adserv.iafrica.com
`127.0.0.1 adserv.quality-channel.de
`127.0.0.1 adserver.adtech.de
`127.0.0.1 adserver.affiliation.com
`127.0.0.1 adserver.akqa.net
`127.0.0.1 adserver.dbusiness.com
`127.0.0.1 adserver.directforce.net
`127.0.0.1 adserver.garden.com
`127.0.0.1 adserver.gorillanation.com
`127.0.0.1 adserver.humanux.com
`127.0.0.1 adserver.imaginemedia.com
`127.0.0.1 adserver.isonews.com
`127.0.0.1 adserver.janes.com
`127.0.0.1 adserver.lunarpages.com
`127.0.0.1 adserver.merc.com
`127.0.0.1 adserver.monster.com
`127.0.0.1 adserver.track-star.com
`127.0.0.1 adserver.tweakers.net
`127.0.0.1 adserver.ugo.com
`127.0.0.1 adserver.webads.nl
`127.0.0.1 adserver1.ogilvy-interactive.de
`127.0.0.1 adserver2.imaginemedia.com
`127.0.0.1 adsubstract
`127.0.0.1 adsubstract
`127.0.0.1 ads-ussj1.focalink.com
`127.0.0.1 adtegrity.spinbox.net
`127.0.0.1 adulttds.com
`127.0.0.1 aglink.mircx.com
`127.0.0.1 antfarm-ad.flycast.com
`127.0.0.1 asm3.z1.adserver.com
`127.0.0.1 au.ads.link4ads.com
`127.0.0.1 bach.aureate.com
`127.0.0.1 badservant.guj.de
`127.0.0.1 banner.50megs.com
`127.0.0.1 banner.adverity.com
`127.0.0.1 banner.commissionpartner.com
`127.0.0.1 banner.de
`127.0.0.1 banner.easyspace.com
`127.0.0.1 banner.free6.com
`127.0.0.1 banner.i-3.de
`127.0.0.1 banner.media-system.de
`127.0.0.1 banner.orb.net
`127.0.0.1 banner.relcom.ru
`127.0.0.1 bannerad.ipgnet.com
`127.0.0.1 bannerads.de
`127.0.0.1 bannerfarm.ace.advertising.com
`127.0.0.1 bannerimages.0catch.com
`127.0.0.1 bannermaster.geektech.com
`127.0.0.1 banner-net.com
`127.0.0.1 bannerpower.com
`127.0.0.1 banners.adultfriendfinder.com
`127.0.0.1 banners.easydns.com
`127.0.0.1 banners.free6.com
`127.0.0.1 banners.hotlinks.net
`127.0.0.1 banners.looksmart.com
`127.0.0.1 banners.nextcard.com
`127.0.0.1 banners.pennyweb.com
`127.0.0.1 banners.webmasterplan.com
`127.0.0.1 banners.wunderground.com
`127.0.0.1 bannervip.webjump.com
`127.0.0.1 banzai.moodlogic.com
`127.0.0.1 barnesandnoble.bfast.com
`127.0.0.1 beseen.com
`127.0.0.1 beseen.looksmart.com
`127.0.0.1 beseen5.looksmart.com
`127.0.0.1 beseenad.looksmart.com
`127.0.0.1 beseenad1.looksmart.com
`127.0.0.1 beseenad2.looksmart.com
`127.0.0.1 beseenad3.looksmart.com
`127.0.0.1 beseenadx.looksmart.com
`127.0.0.1 bfast.com
`127.0.0.1 bizad.nikkeibp.co.jp
`127.0.0.1 bn.bfast.com
`127.0.0.1 botw.topbucks.com
`127.0.0.1 bsads.looksmart.com
`127.0.0.1 by.advertising.com
`127.0.0.1 c1.thecounter.com
`127.0.0.1 c2.thecounter.com
`127.0.0.1 c3.xxxcounter.com
`127.0.0.1 califia.imaginemedia.com
`127.0.0.1 cash4banner.com
`127.0.0.1 cash4banner.de
`127.0.0.1 cds.mediaplex.com
`127.0.0.1 cgi.sexlist.com
`127.0.0.1 click.avenuea.com
`127.0.0.1 click.go2net.com
`127.0.0.1 click.linksynergy.com
`127.0.0.1 clickagents.com
`127.0.0.1 clicks.about.com
`127.0.0.1 clicks.nastydollars.com
`127.0.0.1 clicks.oxcash.com
`127.0.0.1 clit5.sextracker.com
`127.0.0.1 code02.pbtech.net
`127.0.0.1 commonwealth.riddler.com
`127.0.0.1 cookies.cmpnet.com
`127.0.0.1 cornflakes.pathfinder.com
`127.0.0.1 counter.hitbox.com
`127.0.0.1 counter1.sextracker.com
`127.0.0.1 counter10.sextracker.com
`127.0.0.1 counter11.sextracker.com
`127.0.0.1 counter12.sextracker.com
`127.0.0.1 counter13.sextracker.com
`127.0.0.1 counter14.sextracker.com
`127.0.0.1 counter15.sextracker.com
`127.0.0.1 counter16.sextracker.com
`127.0.0.1 counter2.sextracker.com
`127.0.0.1 counter3.sextracker.com
`127.0.0.1 counter4.sextracker.com
`127.0.0.1 counter5.sextracker.com
`127.0.0.1 counter6.sextracker.com
`127.0.0.1 counter7.sextracker.com
`127.0.0.1 counter8.sextracker.com
`127.0.0.1 counter9.sextracker.com
`127.0.0.1 crs.akamai.com
`127.0.0.1 crux.songline.com
`127.0.0.1 ct.iac-online.de
`127.0.0.1 ctc.amateurpages.com
`127.0.0.1 de.netstatpro.net
`127.0.0.1 desktop.grokster.com
`127.0.0.1 dialer.offshoreclicks.com
`127.0.0.1 doubleclick.net
`127.0.0.1 download1.libereco.net
`127.0.0.1 econnect.libereco.net
`127.0.0.1 ehg.hitbox.com
`127.0.0.1 ehg-commjun.hitbox.com
`127.0.0.1 erie.smartage.com
`127.0.0.1 etad.telegraph.co.uk
`127.0.0.1 everyone.net
`127.0.0.1 exchange-it.com
`127.0.0.1 exitfuel.com
`127.0.0.1 exitmoney.com
`127.0.0.1 fast.mediacharger.com
`127.0.0.1 focalink.com
`127.0.0.1 fp.valueclick.com
`127.0.0.1 fragmentserv.iac-online.de
`127.0.0.1 free.****-portal.com
`127.0.0.1 freeadultlottery.com
`127.0.0.1 freeasiahardcore.com
`127.0.0.1 freebieclub.com
`127.0.0.1 freebigcocks.net
`127.0.0.1 freecelebnudity.com
`127.0.0.1 freefarmpics.com
`127.0.0.1 freegaybears.net
`127.0.0.1 freegaylottery.com
`127.0.0.1 freenaughtyteens.com
`127.0.0.1 freepass.elitecities.com
`127.0.0.1 fs.dai.net
`127.0.0.1 gadgeteer.pdamart.com
`127.0.0.1 global.msads.net
`127.0.0.1 gm.preferences.com
`127.0.0.1 go.ezgreen.com
`127.0.0.1 got2goshop.com
`127.0.0.1 goto.trafficmultiplier.com
`127.0.0.1 gp.dejanews.com
`127.0.0.1 hacker-spider.de
`127.0.0.1 hc2.humanclick.com
`127.0.0.1 hg1.hitbox.com
`127.0.0.1 hit.hotlog.ru
`127.0.0.1 hitbox.com
`127.0.0.1 hitmatic.com
`127.0.0.1 hitsfrom.popuprush.com
`127.0.0.1 hotfreewebcams.com
`127.0.0.1 hypercount.com
`127.0.0.1 ifcol.exitfuel.com
`127.0.0.1 image.click2net.com
`127.0.0.1 image.eimg.com
`127.0.0.1 images.sexlist.com
`127.0.0.1 images2.nytimes.com
`127.0.0.1 imageserv.adtech.de
`127.0.0.1 impnl.tradedoubler.com
`127.0.0.1 internetfuel.com
`127.0.0.1 itn.adbureau.net
`127.0.0.1 jcms.cydoor.com
`127.0.0.1 jeeves.flycast.com
`127.0.0.1 jobkeys.ngadcenter.net
`127.0.0.1 kansas.valueclick.com
`127.0.0.1 linkbuddies.com
`127.0.0.1 liquidad.narrowcastmedia.com
`127.0.0.1 liveadvert.com
`127.0.0.1 looksmartclicks.com
`127.0.0.1 lsads.looksmart.com.au
`127.0.0.1 macaddictads.snv.futurenet.com
`127.0.0.1 marketing-internet.com
`127.0.0.1 maxexp.com
`127.0.0.1 maximumcash.com
`127.0.0.1 maximumpcads.imaginemedia.com
`127.0.0.1 media.carpediem.fr
`127.0.0.1 media.expedia.com
`127.0.0.1 media.preferences.com
`127.0.0.1 media20.fastclick.net
`127.0.0.1 mediacharger.com
`127.0.0.1 mediamgr.ugo.com
`127.0.0.1 mediaplex.com
`127.0.0.1 megacash.de
`127.0.0.1 megawebcams.tv
`127.0.0.1 mercury.rmuk.co.uk
`127.0.0.1 millenium-hitz.com
`127.0.0.1 mjxads.internet.com
`127.0.0.1 mojofarm.sjc.mediaplex.com
`127.0.0.1 monitor.looksmart.com
`127.0.0.1 monsterhitz.to
`127.0.0.1 musiccity.streamcastnetwork.com
`127.0.0.1 n24.de
`127.0.0.1 nbc.adbureau.net
`127.0.0.1 network.realmedia.com
`127.0.0.1 newads.cmpnet.com
`127.0.0.1 newsticker.shortnews.de
`127.0.0.1 ng3.ads.warnerbros.com
`127.0.0.1 ngads.smartage.com
`127.0.0.1 nitrous.exitfuel.com
`127.0.0.1 nsads.hotwired.com
`127.0.0.1 ntbanner.digitalriver.com
`127.0.0.1 oad.realmedia.com
`127.0.0.1 oas.benchmark.fr
`127.0.0.1 onresponse.com
`127.0.0.1 onresponse.com
`127.0.0.1 oz.valueclick.com
`127.0.0.1 p.wtlive.com
`127.0.0.1 paycounter.com
`127.0.0.1 ph-ad04.focalink.com
`127.0.0.1 ph-ad05.focalink.com
`127.0.0.1 ph-ad07.focalink.com
`127.0.0.1 ph-ad16.focalink.com
`127.0.0.1 ph-ad17.focalink.com
`127.0.0.1 ph-ad18.focalink.com
`127.0.0.1 php.offshoreclicks.com
`127.0.0.1 pluto.beseen.com
`127.0.0.1 pop.mircx.com
`127.0.0.1 popup.found404.com
`127.0.0.1 porn-attack.com
`127.0.0.1 portal.hostultra.com
`127.0.0.1 proxy.ladot.com
`127.0.0.1 pub.epiknet.org
`127.0.0.1 pub.infiniland.com
`127.0.0.1 pub.ketix.com
`127.0.0.1 pub.telmedia.fr
`127.0.0.1 pub.weborama.fr
`127.0.0.1 publish.hometown.aol.co.uk
`127.0.0.1 realads.realmedia.com
`127.0.0.1 redherring.ngadcenter.net
`127.0.0.1 redirect.click2net.com
`127.0.0.1 redirect.iac-online.de
`127.0.0.1 regio.adlink.de
`127.0.0.1 responsemedia-ad.flycast.com
`127.0.0.1 retaildirect.realmedia.com
`127.0.0.1 rmads.eu.msn.com
`127.0.0.1 rs.webmasterplan.com
`127.0.0.1 s0.bluestreak.com
`127.0.0.1 s1.bluestreak.com
`127.0.0.1 s2.bluestreak.com
`127.0.0.1 s2.focalink.com
`127.0.0.1 s3.bluestreak.com
`127.0.0.1 s4.bluestreak.com
`127.0.0.1 s5.bluestreak.com
`127.0.0.1 s6.bluestreak.com
`127.0.0.1 s7.bluestreak.com
`127.0.0.1 s8.bluestreak.com
`127.0.0.1 sbee.com
`127.0.0.1 script.weborama.fr
`127.0.0.1 search.kazaa.com
`127.0.0.1 secserv.imgis.com
`127.0.0.1 servedby.advertising.com
`127.0.0.1 servedby.advertwizard.com
`127.0.0.1 server.hamster.com
`127.0.0.1 server-uk.imrworldwide.com
`127.0.0.1 sexpromote.com
`127.0.0.1 sexpromote.com
`127.0.0.1 sextracker.com
`127.0.0.1 sh4banner.de
`127.0.0.1 sh4sure-images.adbureau.net
`127.0.0.1 shop.freepush.com
`127.0.0.1 shortwin.de
`127.0.0.1 specialoffers.aol.com
`127.0.0.1 spezialreporte.de
`127.0.0.1 spin.spinbox.net
`127.0.0.1 sprinks-clicks.about.com
`127.0.0.1 spylog.com
`127.0.0.1 srv1.bannercommunity.de
`127.0.0.1 srv2.bannercommunity.de
`127.0.0.1 srv3.bannercommunity.de
`127.0.0.1 static.admaximize.com
`127.0.0.1 stats.superstats.com
`127.0.0.1 stats3.porntrack.com
`127.0.0.1 statse.webtrendslive.com
`127.0.0.1 suissa-ad.flycast.com
`127.0.0.1 survey.proactive.nl
`127.0.0.1 sview.avenuea.com
`127.0.0.1 t0.extreme-dm.com
`127.0.0.1 thinknyc.eu-adcenter.net
`127.0.0.1 tour01.bangbus.com
`127.0.0.1 tpl1.realtracker.com
`127.0.0.1 tracker.clicktrade.com
`127.0.0.1 tsms-ad.tsms.com
`127.0.0.1 tuerck.de.counted.com
`127.0.0.1 twistedhumor.com
`127.0.0.1 ugo.eu-adcenter.net
`127.0.0.1 ugo.eu-adcenter.net
`127.0.0.1 uk1.linksynergy.com
`127.0.0.1 uk2.linksynergy.com
`127.0.0.1 uk3.linksynergy.com
`127.0.0.1 uk4.linksynergy.com
`127.0.0.1 uk5.linksynergy.com
`127.0.0.1 us.adserver.yahoo.com
`127.0.0.1 v0.extreme-dm.com
`127.0.0.1 v1.extreme-dm.com
`127.0.0.1 valueclick.com
`127.0.0.1 van.ads.link4ads.com
`127.0.0.1 vant.guj.de
`127.0.0.1 venus.goclick.com
`127.0.0.1 view.accendo.com
`127.0.0.1 view.avenuea.com
`127.0.0.1 vis1.sexlist.com
`127.0.0.1 vis2.sexlist.com
`127.0.0.1 vis3.sexlist.com
`127.0.0.1 vis4.sexlist.com
`127.0.0.1 vis5.sexlist.com
`127.0.0.1 visit.referralware.com
`127.0.0.1 visite.weborama.fr
`127.0.0.1 vnu.eu-adcenter.net
`127.0.0.1 w0.extreme-dm.com
`127.0.0.1 w113.hitbox.com
`127.0.0.1 w117.hitbox.com
`127.0.0.1 w25.hitbox.com
`127.0.0.1 web2.deja.com
`127.0.0.1 webads.bizservers.com
`127.0.0.1 weblist.de
`127.0.0.1 webxprod.qualcomm.com
`127.0.0.1 www.12traffic.de
`127.0.0.1 www.1for1.com
`127.0.0.1 www.3turtles.com
`127.0.0.1 www.404errorpage.com
`127.0.0.1 www.7adpower.com
`127.0.0.1 www.7host.com
`127.0.0.1 www.activeannonce.com
`127.0.0.1 www.adbucks.com
`127.0.0.1 www.adexit.com
`127.0.0.1 www.adexit.de
`127.0.0.1 www.adforce.com
`127.0.0.1 www.admex.com
`127.0.0.1 www.adnetz.net
`127.0.0.1 www.adserver.com
`127.0.0.1 www.adserver.net
`127.0.0.1 www.adsmart.com
`127.0.0.1 www.adsmart.net
`127.0.0.1 www.adultbizvoice.com
`127.0.0.1 www.adultclicks.com
`127.0.0.1 www.ad-up.com
`127.0.0.1 www.adverity.com
`127.0.0.1 www.adverlead.com
`127.0.0.1 www.adverline.com
`127.0.0.1 www.adverline.fr
`127.0.0.1 www.advertising.com
`127.0.0.1 www.advertwizard.com
`127.0.0.1 www.adviews-sponsor.de
`127.0.0.1 www.alexchiu.com
`127.0.0.1 www.alladvantage.com
`127.0.0.1 www.allclicks.com
`127.0.0.1 www.amateur-galleries.com
`127.0.0.1 www.amazingpops.com
`127.0.0.1 www.at-nude-teens.net
`127.0.0.1 www.bannerads.de
`127.0.0.1 www.beseen.com
`127.0.0.1 www.bfast.com
`127.0.0.1 www.boonsolutions.com
`127.0.0.1 www.brutalextreme.com
`127.0.0.1 www.burstnet.com
`127.0.0.1 www.cash1x1.de
`127.0.0.1 www.cash2002.de
`127.0.0.1 www.cash4banner.com
`127.0.0.1 www.cash4banner.de
`127.0.0.1 www.cashcount.com
`127.0.0.1 www.cashfiesta.com
`127.0.0.1 www.cashradio.com
`127.0.0.1 www.cashsurfers.com
`127.0.0.1 www.casinoglamour.com
`127.0.0.1 www.cellularphones.com
`127.0.0.1 www.cibleclick.com
`127.0.0.1 www.cj.com
`127.0.0.1 www.click2sexy.com
`127.0.0.1 www.click-fr.com
`127.0.0.1 www.clickxchange.com
`127.0.0.1 www.clictrafic.com
`127.0.0.1 www.coinpromo.com
`127.0.0.1 www.cometcursor.com
`127.0.0.1 www.cometsystems.net
`127.0.0.1 www.commission-junction.com
`127.0.0.1 www.cr4.com
`127.0.0.1 www.crazypopups.com
`127.0.0.1 www.crxwarez.net
`127.0.0.1 www.cydoor.com
`127.0.0.1 www.daz.com
`127.0.0.1 www.dgm2.com
`127.0.0.1 www.directvalue.nl
`127.0.0.1 www.drawnsex.com
`127.0.0.1 www.eads.com
`127.0.0.1 www.e-bannerx.com
`127.0.0.1 www.eclic.net
`127.0.0.1 www.fastclick.net
`127.0.0.1 www.fastmetasearch.com
`127.0.0.1 www.flycast.co.uk
`127.0.0.1 www.flycast.com
`127.0.0.1 www.found404.com
`127.0.0.1 www.fpctraffic.com
`127.0.0.1 www.freeadultlottery.com
`127.0.0.1 www.freeasiahardcore.com
`127.0.0.1 www.free-banners.com
`127.0.0.1 www.freebigcocks.net
`127.0.0.1 www.freecelebnudity.com
`127.0.0.1 www.freefarmpics.com
`127.0.0.1 www.freegaybears.net
`127.0.0.1 www.freegaylottery.com
`127.0.0.1 www.freenaughtyteens.com
`127.0.0.1 www.freestats.com
`127.0.0.1 www.frontpagecash.com
`127.0.0.1 www.****-portal.com
`127.0.0.1 www.gamingclub.com
`127.0.0.1 www.gator.co.uk
`127.0.0.1 www.gator.net
`127.0.0.1 www.genhit.com
`127.0.0.1 www.getsearches.com
`127.0.0.1 www.gopopup.com
`127.0.0.1 www.greetingwishes.com
`127.0.0.1 www.grokster.com
`127.0.0.1 www.hardcorepornos.org
`127.0.0.1 www.hightrafficads.com
`127.0.0.1 www.hit-parade.com
`127.0.0.1 www.hitsme.com
`127.0.0.1 www.hotfreewebcams.com
`127.0.0.1 www.imaginemedia.com
`127.0.0.1 www.lastconsole.com
`127.0.0.1 www.linkshare.com
`127.0.0.1 www.liveadvert.com
`127.0.0.1 www.lo-litas.com
`127.0.0.1 www.looksmartclicks.com
`127.0.0.1 www.lottoforever.com
`127.0.0.1 www.mediaplex.com
`127.0.0.1 www.megacash.de
`127.0.0.1 www.megawebcams.tv
`127.0.0.1 www.milfhunter.com
`127.0.0.1 www.modchip.com
`127.0.0.1 www.mod-chip.com
`127.0.0.1 www.money4exit.de
`127.0.0.1 www.my-stats.com
`127.0.0.1 www.netbroadcaster.com
`127.0.0.1 www.netdirect.nl
`127.0.0.1 www.netflip.com
`127.0.0.1 www.netgravity.com
`127.0.0.1 www.newtopsites.com
`127.0.0.1 www.nic.co.il
`127.0.0.1 www.nudelinkz.com
`127.0.0.1 www.oneandonlynetwork.com
`127.0.0.1 www.onresponse.com
`127.0.0.1 www.paidpopup.de
`127.0.0.1 www.paypopup.com
`127.0.0.1 www.piratos.de
`127.0.0.1 www.popdown.de
`127.0.0.1 www.popupad.net
`127.0.0.1 www.postmasterbannernet.com
`127.0.0.1 www.prepaidliving.com
`127.0.0.1 www.qksrv.net
`127.0.0.1 www.qualityhitz.com
`127.0.0.1 www.qualypromos.com
`127.0.0.1 www.radiate.com
`127.0.0.1 www.radiofreecash.com
`127.0.0.1 www.rankyou.com
`127.0.0.1 www.reference-sexe.com
`127.0.0.1 www.sbee.com
`127.0.0.1 www.searchtraffic.com
`127.0.0.1 www.service-url.de
`127.0.0.1 www.sexfranco.com
`127.0.0.1 www.sexfreelist.com
`127.0.0.1 www.sexlist.com
`127.0.0.1 www.sexpromote.com
`127.0.0.1 www.sexpromote.com
`127.0.0.1 www.sexspy.com
`127.0.0.1 www.sexstudio24.de
`127.0.0.1 www.sextracker.com
`127.0.0.1 www.sextraffic.org
`127.0.0.1 www.sexyfreehost.com
`127.0.0.1 www.sexyplugin.com
`127.0.0.1 www.simplecounter.net
`127.0.0.1 www.slutzoo.com
`127.0.0.1 www.sonixwarez.com
`127.0.0.1 www.sponsor2002.de
`127.0.0.1 www.targetshop.com
`127.0.0.1 www.techiwarehouse.com
`127.0.0.1 www.teknosurf.com
`127.0.0.1 www.teknosurf2.com
`127.0.0.1 www.teknosurf3.com
`127.0.0.1 www.theadultwire.com
`127.0.0.1 www.topwarez-fr.com
`127.0.0.1 www.toys-galleries.com
`127.0.0.1 www.trafficbox.net
`127.0.0.1 www.trafficmonetizer.com
`127.0.0.1 www.unionwarez.com
`127.0.0.1 www.valueclick.com
`127.0.0.1 www.valuesponsor.com
`127.0.0.1 www.warez33.com
`127.0.0.1 www.warezfield.com
`127.0.0.1 www.web3000.co.uk
`127.0.0.1 www.web3000.com
`127.0.0.1 www.webads.nl
`127.0.0.1 www.webferret.com
`127.0.0.1 www.webhancer.com
`127.0.0.1 www.webhancer.net
`127.0.0.1 www.weblist.de
`127.0.0.1 www.websitefinancing.com
`127.0.0.1 www.wedoo.com
`127.0.0.1 www.win24.de
`127.0.0.1 www.wingowin.com
`127.0.0.1 www.wtlive.com
`127.0.0.1 www.xiti.com
`127.0.0.1 www.xpostx.com
`127.0.0.1 www.xxxdisplay.com
`127.0.0.1 www.xxxfreeamateurs.com
`127.0.0.1 www.xxxteenclub.de
`127.0.0.1 www.youmakemoney.com
`127.0.0.1 www.zeloop.net
`127.0.0.1 www2.burstnet.com
`127.0.0.1 www2.consumercreditusa.com
`127.0.0.1 www3.netgravity.com
`127.0.0.1 www4.netgravity.com
`127.0.0.1 www4.trix.net
`127.0.0.1 www80.valueclick.com
`127.0.0.1 xads.infospace.com
`127.0.0.1 xads.zedo.com
`127.0.0.1 xxxfreeamateurs.com
`127.0.0.1 z.extreme-dm.com
`127.0.0.1 z0.extreme-dm.com
`127.0.0.1 z1.extreme-dm.com
`127.0.0.1 zac.netgravity.com
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+356=\SystemRoot\System32\smss.exe
+404=\??\C:\WINDOWS\system32\csrss.exe
+428=\??\C:\WINDOWS\system32\winlogon.exe
+472=C:\WINDOWS\system32\services.exe
+484=C:\WINDOWS\system32\lsass.exe
+652=C:\WINDOWS\system32\svchost.exe
+716=C:\WINDOWS\system32\svchost.exe
+752=C:\WINDOWS\System32\svchost.exe
+800=C:\WINDOWS\System32\svchost.exe
+900=C:\WINDOWS\System32\svchost.exe
+976=C:\WINDOWS\system32\spoolsv.exe
+1096=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
+1112=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
+1292=C:\WINDOWS\System32\svchost.exe
+1324=C:\WINDOWS\system32\wdfmgr.exe
+1352=C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+1864=C:\WINDOWS\System32\alg.exe
+1216=C:\WINDOWS\Explorer.EXE
+1656=C:\windows\system\hpsysdrv.exe
+1780=C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
+476=C:\HP\KBD\KBD.EXE
+1288=C:\WINDOWS\System32\igfxtray.exe
+1952=C:\WINDOWS\System32\hkcmd.exe
+128=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
+160=C:\Documents and Settings\Owner\My Documents\Winamp\winampa.exe
+184=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
+1572=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
+712=C:\Program Files\support.com\bin\tgcmd.exe
+1380=C:\program files\windows media player\qttask.exe
+1464=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
+580=C:\Program Files\MSN Messenger\msnmsgr.exe
+3688=C:\Documents and Settings\Obscured Despair\My Documents\RandomPrograms\AIM\aim.exe
+3472=C:\Program Files\Messenger\msmsgs.exe
+1992=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
+2896=C:\Program Files\Mozilla Firefox\firefox.exe
+3948=C:\Program Files\Windows Media Player\wmplayer.exe
+2772=C:\Documents and Settings\Obscured Despair\My Documents\New Folder\StartDreck\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
Dazed Hybrid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-27-2005, 08:24 PM   #4 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,327
OS: Windows 98 & Windows XP Home/Pro

My System

You may keep the wallpaper program since you know what it's for.

For the QuickTime program, right click on it and go to Properties->Version tab. Does it say anything about Apple or QuickTime in there? If not and it's not a QuickTime icon (the Q icon), delete it in the Media player folder.

Go to C:\WINDOWS\ and double click on wininit.ini to open it. Delete all the lines in that file. Save it and close it.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link don't work) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Restart. Do you still get popups now?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 02-28-2005, 07:53 PM   #5 (permalink)
Member
 
Join Date: Jan 2005
Location: Virginia
Posts: 23
OS: XP


Send a message via AIM to Dazed Hybrid
Nope. Thanks a lot!
Dazed Hybrid is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:02 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84