Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page What's causing this??? Hijack log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 03-03-2005, 02:47 PM   #1 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


What's causing this??? Hijack log
Hi there, Thanks for helping....

My PC is acting crazy, It has trouble shutting down and starting up. When I try to open up MY Computer folder I get that Internet Explorer encountered an error send/dont send thing. Also if I try to type an address in the address bar in IE I get the same message????

I ran adaware and followed all your guidelines within settings, found your regular tracking cookies, Ran Spybot, nothing there, Ran AVG Virus, nothing there, Then ran and online scan (Active Scan) and found some buggers!!!

So here is my Hijackthis log and also what Active scan found

Again I appreciate your help....

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


And ACTIVESCAN (I tried to go into these folders to delete these guys but I keep getting those error messages) I also cant do a system restore because I get an error message saying that shutdown is not working properly???




Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\exclean.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\180ax_gdf.dat
Adware:Adware/Lop No disinfected C:\Documents and Settings\Jesse Herb\Desktop\Internet.lnk
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\unstall.exe
Spyware:Spyware/Searchcentrix No disinfected Windows Registry
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/404Search No disinfected C:\WINDOWS\system32\K404SearchSetup*.exe
Adware:Adware/SuperSpider No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jesse Herb\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-63a143eb-3e17722c.class
Adware:Adware/nCase No disinfected C:\WINDOWS\bgdor.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\system32\BO2809040510.exe
Adware:Adware/404Search No disinfected C:\WINDOWS\system32\K404SearchSetup_MS2.exe
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[msbe.dll]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\mac80ex.idf[bargains.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\mqexdlm.srg
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exdl.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[mqexdlm.srg]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[exul.exe]
Adware:Adware/ExactSearch No disinfected C:\WINDOWS\system32\netut80ex.vxd[javexulm.vxd]
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\netut80ex.vxd[msexreg.exe]
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\SplWbr.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\vmss\vmss.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\wsxsvc\wsx.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\wsxsvc\wsx.ocx
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\wsxsvc\wsxsvc.exe
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 03-03-2005, 10:07 PM   #2 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

Welcome to TSF.

Whatever it is, it's not showing up in the HijackThis log. Let's do the following:

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 08:58 AM   #3 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


TDS3 LOG and StartDreck Log
Again thank you for your help!!!!

Ok I think I did all that you told me to do. Here's the logs

TDS3

09:14:41 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
09:14:41 [Init] Started 04-03-05 09:14:41 Eastern Standard Time (UTC: 5), Internet Time @635.20
09:14:41 [Init] Loading TDS-3 Systems ...
09:14:41 [Init] Token successfully adjusted.
09:14:41 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
09:14:41 [Init] • Plugins : OK. Loaded 13
09:14:41 [Init] • Exec Protection : Not Installed
09:14:41 [Init] WARNING: Your Radius.TD3 database needs to be updated!
09:14:41 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
09:14:41 [Init] Licensed users can use the Update facility from the TDS menu
09:14:41 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
09:14:50 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
09:14:50 [Init] • Systems Initialised [48508 references - 24053 primaries/12272 traces/12183 variants/other]
09:14:50 [Init] Radius Systems loaded. <Databases updated 04-03-2005>
09:14:50 [Init] TDS-3 Ready. <Jesse @192.168.2.8, 127.0.0.1 - United States>
09:14:50 [Tip Of The Day] Did you know? - You can use DiamondCS Port Explorer to see which ports are being used by which processes, and even packet-sniff processes and sockets! See http://www.diamondcs.com.au/portexplorer/
09:14:50 [TDS] Good morning
09:14:54 [Mutex Memory Scan] Started...
09:14:55 [Mutex Memory Scan] Finished (no trojan mutexes found).
09:14:55 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
09:19:02 [CRC32] Started - verifying 29 files ...
09:19:03 [CRC32] File doesn't exist: C:\autoexec.bat
09:19:18 [CRC32] Test finished.
09:20:56 [Memory Scan] Memory scan started, please wait a moment ...
09:20:56 [Memory Scan] Memory scan complete.
09:20:56 [Mutex Memory Scan] Started...
09:20:58 [Mutex Memory Scan] Finished (no trojan mutexes found).
09:20:58 [Trace Scan] Started...
09:21:04 [Trace Scan] Finished.
09:21:04 [ServiceScan] Scanning for services and drivers ...
09:21:09 [ServiceScan] Scanned 277 services and drivers.
09:21:09 [File Scan] Scanning in A:\ ...
09:21:10 [File Scan] Scanned 0 files: 0 alarms in 1.039063 seconds (Avg 1. files/sec)
09:21:10 [File Scan] Scanning in C:\ ...
09:57:44 [File Scan] Scanned 33199 files: 6 alarms in 2194.273 seconds (Avg 16.13 files/sec)
09:57:44 [File Scan] Scanning in D:\ ...
09:57:44 [File Scan] Scanned 0 files: 6 alarms in 0 seconds (Avg -1.#IND files/sec)
09:57:44 [File Scan] Scanning in E:\ ...
09:57:44 [File Scan] Scanned 0 files: 6 alarms in 0.03125 seconds (Avg 1. files/sec)
09:57:44 [Scan] Finished.

ALARMS

Scan Control Dumped @ 10:07:03 04-03-05
Positive identification: Adware.180Solutions.p
File: c:\windows\bgdor.exe

Positive identification <Adv>: Possible WebDownloader
File: c:\windows\ei25.exe

Positive identification (embedded in file): Adware.WebRebates.b Dropper
File: c:\windows\system32\splwbr.dll

Positive identification: Adware.DelphinMediaViewer.c
File: c:\windows\system32\vmss\vmss.exe

Positive identification (DLL): Adware.DelfinMediaViewer (dll)
File: c:\windows\system32\wsxsvc\wsx.ocx

Positive identification: Adware.DelphinMediaViewer.c1
File: c:\windows\system32\wsxsvc\wsxsvc.exe


STARTDRECK LOG

StartDreck (build 2.1.7 public stable) - 2005-03-04 @ 10:32:43 (GMT -05:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Jesse at JESSMONSTER1

»Registry
»Run Keys
»Current User
»Run
*SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*Evidence Eliminator=C:\Program Files\Evidence Eliminator\ee.exe /m
»RunOnce
»Default User
»Run
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
*SMSERIAL=sm56hlpr.exe
*nwiz=nwiz.exe /install
*NvMediaCenter=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*NeroCheck=C:\WINDOWS\system32\NeroCheck.exe
*InCD=C:\Program Files\ahead\InCD\InCD.exe
*AVG7_EMC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
*SunJavaUpdateSched=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
*WinampAgent="C:\Program Files\Winamp\winampa.exe"
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\System32\mshta.exe "%1" %*
+.htm
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.html
*htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
*{AA58ED58-01DD-4d91-8333-CF10577473F7}
`InprocServer32=
»Internet Explorer
»Current User
*Search Bar=http://www.google.com/ie
*Search Page=http://www.google.com
*Start Page=http://charter.msn.com/
+SearchUrl
*provider=gogl
*=http://www.google.com/keyword/%s
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://www.google.com/ie
+SearchUrl
*provider=infs
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\System32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\System32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Broadband Networking.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
`127.0.0.1 sitefinder.Verisign.com
`127.0.0.1 sitefinder-idn.Verisign.com
`127.0.0.1 06272002-dbase.hitcountz.net
`127.0.0.1 1ca.cqcounter.com
`127.0.0.1 2001-007.com
`127.0.0.1 ad-logics.com
`127.0.0.1 ad.trafficmp.com
`127.0.0.1 adclient.rottentomatoes.com
`127.0.0.1 adcodes.aim4media.com
`127.0.0.1 adcounter.globeandmail.com
`127.0.0.1 adcounter.theglobeandmail.com
`127.0.0.1 adlog.com.com
`127.0.0.1 admanmail.com
`127.0.0.1 ads.specificpop.com
`127.0.0.1 ads.tiscali.com
`127.0.0.1 ads.tiscali.it
`127.0.0.1 adtech.de
`127.0.0.1 anm.intelli-direct.com
`127.0.0.1 askmen.thruport.com
`127.0.0.1 banner.0catch.com
`127.0.0.1 best-search.cc
`127.0.0.1 bilbo.counted.com
`127.0.0.1 bluestreak.com
`127.0.0.1 c1.statcounter.com
`127.0.0.1 c1.thecounter.com
`127.0.0.1 c2.gostats.com
`127.0.0.1 c2.thecounter.com
`127.0.0.1 c3.gostats.com
`127.0.0.1 cashcounter.com
`127.0.0.1 cgi.hotstat.nl
`127.0.0.1 click.atdmt.com
`127.0.0.1 click.fivemtn.com
`127.0.0.1 click.payserve.com
`127.0.0.1 click.silvercash.com
`127.0.0.1 clickspring.net
`127.0.0.1 clk.aboxdeal.com
`127.0.0.1 cnn.entertainment.printthis.clickability.com
`127.0.0.1 collector.deepmetrix.com
`127.0.0.1 cookies.cmpnet.com
`127.0.0.1 count.paycounter.com
`127.0.0.1 counter.aaddzz.com
`127.0.0.1 counter.bloke.com
`127.0.0.1 counter.digits.com
`127.0.0.1 counter.hitslink.com
`127.0.0.1 counter.rambler.ru
`127.0.0.1 counter.yadro.ru
`127.0.0.1 counter10.bravenet.com
`127.0.0.1 counter16.bravenet.com
`127.0.0.1 counter17.bravenet.com
`127.0.0.1 counter19.bravenet.com
`127.0.0.1 counter2.freeware.de
`127.0.0.1 counter2.hitslink.com
`127.0.0.1 counter26.bravenet.com
`127.0.0.1 counter27.bravenet.com
`127.0.0.1 counter32.bravenet.com
`127.0.0.1 counter34.bravenet.com
`127.0.0.1 counter39.bravenet.com
`127.0.0.1 counter41.bravenet.com
`127.0.0.1 counter43.bravenet.com
`127.0.0.1 counter45.bravenet.com
`127.0.0.1 counter47.bravenet.com
`127.0.0.1 counter49.bravenet.com
`127.0.0.1 counter50.bravenet.com
`127.0.0.1 counter8.bravenet.com
`127.0.0.1 counters.honesty.com
`127.0.0.1 counters.xaraonline.com
`127.0.0.1 data.coremetrics.com
`127.0.0.1 data.webads.co.nz
`127.0.0.1 dclk.themarketer.com
`127.0.0.1 delivery.loopingclick.com
`127.0.0.1 dimeprice.com
`127.0.0.1 directads.mcafee.com
`127.0.0.1 dwclick.com
`127.0.0.1 ebay.doubleclick.net
`127.0.0.1 economisttestcollect.insightfirst.com
`127.0.0.1 ehg-amerix.hitbox.com
`127.0.0.1 ehg-ati.hitbox.com
`127.0.0.1 ehg-bestbuy.hitbox.com
`127.0.0.1 ehg-bskyb.hitbox.com
`127.0.0.1 ehg-cafepress.hitbox.com
`127.0.0.1 ehg-cbs.hitbox.com
`127.0.0.1 ehg-crain.hitbox.com
`127.0.0.1 ehg-dig.hitbox.com
`127.0.0.1 ehg-eckounlimited.hitbox.com
`127.0.0.1 ehg-espn.hitbox.com
`127.0.0.1 ehg-foundation.hitbox.com
`127.0.0.1 ehg-foxsports.hitbox.com
`127.0.0.1 ehg-groceryworks.hitbox.com
`127.0.0.1 ehg-idg.hitbox.com
`127.0.0.1 ehg-ignitemedia.hitbox.com
`127.0.0.1 ehg-liveperson.hitbox.com
`127.0.0.1 ehg-mindshare.hitbox.com
`127.0.0.1 ehg-mybc.hitbox.com
`127.0.0.1 ehg-oreilley.hitbox.com
`127.0.0.1 ehg-oreilly.hitbox.com
`127.0.0.1 ehg-sonybssc.hitbox.com
`127.0.0.1 ehg-sonyelec.hitbox.com
`127.0.0.1 ehg-sonyny.hitbox.com
`127.0.0.1 ehg-space.hitbox.com
`127.0.0.1 ehg-sportsline.hitbox.com
`127.0.0.1 ehg-techtarget.hitbox.com
`127.0.0.1 ehg-tigerdirect.hitbox.com
`127.0.0.1 ehg-uniontrib.hitbox.com
`127.0.0.1 ehg-viacom.hitbox.com
`127.0.0.1 ehg-wachovia.hitbox.com
`127.0.0.1 ehg.commjun.hitbox.com
`127.0.0.1 ehg.hitbox.com
`127.0.0.1 ehg.mindshare.hitbox.com
`127.0.0.1 fastclick.net
`127.0.0.1 fastcounter.bcentral.com
`127.0.0.1 fcstats.bcentral.com
`127.0.0.1 flycast.com
`127.0.0.1 g-wizzads.net
`127.0.0.1 gator.com
`127.0.0.1 gcrim.cincinnati.com
`127.0.0.1 gcrim.flatoday.com
`127.0.0.1 gcrim.idehostatesman.com
`127.0.0.1 gcrim.tennessean.com
`127.0.0.1 gcrim.thedailyjournal.com
`127.0.0.1 gcrim.thejournalnews.com
`127.0.0.1 gostats.com
`127.0.0.1 gtcc1.acecounter.com
`127.0.0.1 hc2.humanclick.com
`127.0.0.1 hit2.hotlog.ru
`127.0.0.1 hit37.chark.dk
`127.0.0.1 hit37.chart.dk
`127.0.0.1 hit39.chart.dk
`127.0.0.1 hit5.hotlog.ru
`127.0.0.1 hitbox.com
`127.0.0.1 hits.webstat.com
`127.0.0.1 http300.edge.ru4.com
`127.0.0.1 images.dailydiscounts.com
`127.0.0.1 imp.clickability.com
`127.0.0.1 impacts.alliancehub.com
`127.0.0.1 impit.tradedouble.com
`127.0.0.1 insightfirst.com
`127.0.0.1 int.sitestat.com
`127.0.0.1 jkearns.freestats.com
`127.0.0.1 kt4.kliptracker.com
`127.0.0.1 linktrack.bravenet.com
`127.0.0.1 log.btopenworld.com
`127.0.0.1 logs.comics.com
`127.0.0.1 logs.eresmas.com
`127.0.0.1 logv18.xiti.com
`127.0.0.1 logv32.xiti.com
`127.0.0.1 logv4.xiti.com
`127.0.0.1 m1.nedstatbasic.net
`127.0.0.1 mailcheckisp.biz
`127.0.0.1 media101.sitebrand.com
`127.0.0.1 mediatrack.revenue.net
`127.0.0.1 mt122.mtree.com
`127.0.0.1 multi1.rmuk.co.uk
`127.0.0.1 mvs.mediavantage.de
`127.0.0.1 nedstat.s0.nl
`127.0.0.1 nl.sitestat.com
`127.0.0.1 okcounter.com
`127.0.0.1 p.reuters.com
`127.0.0.1 partner.alerts.aol.com
`127.0.0.1 paxito.sitetracker.com
`127.0.0.1 perso.estat.com
`127.0.0.1 pmg.ad-logics.com
`127.0.0.1 postclick.adcentriconline.com
`127.0.0.1 prof.estat.com
`127.0.0.1 s10.sitemeter.com
`127.0.0.1 s11.sitemeter.com
`127.0.0.1 s12.sitemeter.com
`127.0.0.1 s13.sitemeter.com
`127.0.0.1 s14.sitemeter.com
`127.0.0.1 s15.sitemeter.com
`127.0.0.1 s16.sitemeter.com
`127.0.0.1 s17.sitemeter.com
`127.0.0.1 s18.sitemeter.com
`127.0.0.1 s2.statcounter.com
`127.0.0.1 scrooge.channelcincinnati.com
`127.0.0.1 scrooge.channeloklahoma.com
`127.0.0.1 scrooge.click10.com
`127.0.0.1 scrooge.clickondetroit.com
`127.0.0.1 scrooge.nbcsandiego.com
`127.0.0.1 scrooge.newsnet5.com
`127.0.0.1 scrooge.thebostonchannel.com
`127.0.0.1 scrooge.thedenverchannel.com
`127.0.0.1 scrooge.theindychannel.com
`127.0.0.1 scrooge.thekansascitychannel.com
`127.0.0.1 scrooge.theomahachannel.com
`127.0.0.1 scrooge.wesh.com
`127.0.0.1 scrooge.wftv.com
`127.0.0.1 scrooge.wsoctv.com
`127.0.0.1 scrooge.wtov9.com
`127.0.0.1 servedby.valuead.com
`127.0.0.1 sm1.sitemeter.com
`127.0.0.1 sm2.sitemeter.com
`127.0.0.1 sm3.sitemeter.com
`127.0.0.1 sm4.sitemeter.com
`127.0.0.1 sm5.sitemeter.com
`127.0.0.1 sm6.sitemeter.com
`127.0.0.1 sm7.sitemeter.com
`127.0.0.1 sm8.sitemeter.com
`127.0.0.1 sm9.sitemeter.com
`127.0.0.1 sovereign.sitetracker.com
`127.0.0.1 spinbox.maccentral.com
`127.0.0.1 ss.tiscali.com
`127.0.0.1 ss.tiscali.it
`127.0.0.1 st.sageanalyst.net
`127.0.0.1 stat.onestat.com
`127.0.0.1 stat.webmedia.pl
`127.0.0.1 stat.www.fi
`127.0.0.1 stat1.z-stat.com
`127.0.0.1 stat3.cybermonitor.com
`127.0.0.1 static.smni.com
`127.0.0.1 statik.topica.com
`127.0.0.1 stats.absol.co.za
`127.0.0.1 stats.clickability.com
`127.0.0.1 stats.groupninetyfour.com
`127.0.0.1 stats.idsoft.com
`127.0.0.1 stats.jippii.com
`127.0.0.1 stats.klsoft.com
`127.0.0.1 stats.revenue.net
`127.0.0.1 stats.surfaid.ihost.com
`127.0.0.1 stats.www.ibm.com
`127.0.0.1 stats1.clicktracks.com
`127.0.0.1 statse.webtrendslive.com
`127.0.0.1 superstats.com
`127.0.0.1 targetnet.com
`127.0.0.1 tates.freestats.com
`127.0.0.1 te.newsday.com
`127.0.0.1 te.suntimes.com
`127.0.0.1 te.thestar.ca
`127.0.0.1 te.thestar.com
`127.0.0.1 te.trb.com
`127.0.0.1 track.directleads.com
`127.0.0.1 track.domainsponsor.com
`127.0.0.1 track.ft.com
`127.0.0.1 track.homestead.com
`127.0.0.1 tracker.clicktrade.com
`127.0.0.1 tracker.tradedoubler.com
`127.0.0.1 tracking.iol.co.za
`127.0.0.1 truehits1.gits.net.th
`127.0.0.1 u3102.47.spylog.com
`127.0.0.1 u3608.20.spylog.com
`127.0.0.1 u4056.56.spylog.com
`127.0.0.1 u574.07.spylog.com
`127.0.0.1 u977.40.spylog.com
`127.0.0.1 valueclick.com
`127.0.0.1 valueclick.net
`127.0.0.1 visit.theglobeandmail.com
`127.0.0.1 vsii.spindox.net
`127.0.0.1 w104.hitbox.com
`127.0.0.1 w113.hitbox.com
`127.0.0.1 w128.hitbox.com
`127.0.0.1 w131.hitbox.com
`127.0.0.1 w25.hitbox.com
`127.0.0.1 web1.realtracker.com
`127.0.0.1 web2.realtracker.com
`127.0.0.1 web3.realtracker.com
`127.0.0.1 web4.realtracker.com
`127.0.0.1 webbug.seatreport.com
`127.0.0.1 webcounter.goweb.de
`127.0.0.1 webhit.aftenposten.no
`127.0.0.1 webhit.afterposten.no
`127.0.0.1 webmasterkai.sitetracker.com
`127.0.0.1 webpdp.gator.com
`127.0.0.1 www.2001-007.com
`127.0.0.1 www.247realmedia.com
`127.0.0.1 www.addfreestats.com
`127.0.0.1 www.bar.ry2002.02-ry014.snpr.hotmx.hair.zaam.net
`127.0.0.1 www.bigbadted.com
`127.0.0.1 www.bluestreak.com
`127.0.0.1 www.clickclick.com
`127.0.0.1 www.clickspring.net
`127.0.0.1 www.clixgalore.com
`127.0.0.1 www.directgrowthhormone.com
`127.0.0.1 www.dwclick.com
`127.0.0.1 www.emaildeals.biz
`127.0.0.1 www.estats4all.com
`127.0.0.1 www.fxcounters.com
`127.0.0.1 www.gator.com
`127.0.0.1 www.hitbox.com
`127.0.0.1 www.metareward.com
`127.0.0.1 www.naturalgrowthstore.biz
`127.0.0.1 www.nedstat.com
`127.0.0.1 www.originalicons.com
`127.0.0.1 www.popuptrafic.com
`127.0.0.1 www.premiumsmail.net
`127.0.0.1 www.rightstats.com
`127.0.0.1 www.specificclick.com
`127.0.0.1 www.specificpop.com
`127.0.0.1 www.statcount.com
`127.0.0.1 www.statcounter.com
`127.0.0.1 www.statsession.com
`127.0.0.1 www.trafficmagnet.net
`127.0.0.1 www.v61.com
`127.0.0.1 www.web-stat.com
`127.0.0.1 www1.addfreestats.com
`127.0.0.1 www101.coolsavings.com
`127.0.0.1 www2.addfreestats.com
`127.0.0.1 www2.pagecount.com
`127.0.0.1 www3.addfreestats.com
`127.0.0.1 www3.click-fr.com
`127.0.0.1 www6.click-fr.com
`127.0.0.1 www60.valueclick.com
`127.0.0.1 www7.counter.bloke.com
`127.0.0.1 ad.au.doubleclick.net
`127.0.0.1 ad.br.doubleclick.net
`127.0.0.1 ad.ca.doubleclick.net
`127.0.0.1 ad.de.doubleclick.net
`127.0.0.1 ad.doubleclick.net
`127.0.0.1 ad.fi.doubleclick.net
`127.0.0.1 ad.fr.doubleclick.net
`127.0.0.1 ad.it.doubleclick.net
`127.0.0.1 ad.jp.doubleclick.net
`127.0.0.1 ad.nl.doubleclick.net
`127.0.0.1 ad.no.doubleclick.net
`127.0.0.1 ad.se.doubleclick.net
`127.0.0.1 ad.sg.doubleclick.net
`127.0.0.1 ad.uk.doubleclick.net
`127.0.0.1 ad.za.doubleclick.net
`127.0.0.1 ad2.doubleclick.net
`127.0.0.1 doubleclick.com
`127.0.0.1 doubleclick.net
`127.0.0.1 iv.doubleclick.net
`127.0.0.1 ln.doubleclick.net
`127.0.0.1 m.doubleclick.net
`127.0.0.1 m1.doubleclick.net
`127.0.0.1 m2.doubleclick.net
`127.0.0.1 m3.doubleclick.net
`127.0.0.1 m4.doubleclick.net
`127.0.0.1 m5.doubleclick.net
`127.0.0.1 m6.doubleclick.net
`127.0.0.1 m7.doubleclick.net
`127.0.0.1 m8.doubleclick.net
`127.0.0.1 m9.doubleclick.net
`127.0.0.1 rd.intl.doubleclick.net
`127.0.0.1 devfw.imrworldwide.com
`127.0.0.1 fe1-au.imrworldwide.com
`127.0.0.1 fe1-fi.imrworldwide.com
`127.0.0.1 fe1-it.imrworldwide.com
`127.0.0.1 fe2-au.imrworldwide.com
`127.0.0.1 fe3-au.imrworldwide.com
`127.0.0.1 fe3-gc.imrworldwide.com
`127.0.0.1 fe3-uk.imrworldwide.com
`127.0.0.1 fe4-uk.imrworldwide.com
`127.0.0.1 imrworldwide.com
`127.0.0.1 ninemsn.imrworldwide.com
`127.0.0.1 rc-au.imrworldwide.com
`127.0.0.1 redsheriff.com
`127.0.0.1 server-au.imrworldwide.com
`127.0.0.1 server-br.imrworldwide.com
`127.0.0.1 server-ca.imrworldwide.com
`127.0.0.1 server-de.imrworldwide.com
`127.0.0.1 server-dk.imrworldwide.com
`127.0.0.1 server-fi.imrworldwide.com
`127.0.0.1 server-fr.imrworldwide.com
`127.0.0.1 server-hk.imrworldwide.com
`127.0.0.1 server-it.imrworldwide.com
`127.0.0.1 server-jp.imrworldwide.com
`127.0.0.1 server-no.imrworldwide.com
`127.0.0.1 server-nz.imrworldwide.com
`127.0.0.1 server-se.imrworldwide.com
`127.0.0.1 server-sg.imrworldwide.com
`127.0.0.1 server-stockh.imrworldwide.com
`127.0.0.1 server-uk.imrworldwide.com
`127.0.0.1 server-us.imrworldwide.com
`127.0.0.1 telstra.imrworldwide.com
`127.0.0.1 www.imrworldwide.com
`127.0.0.1 www.imrworldwide.com.au
`127.0.0.1 www.redsheriff.com
`127.0.0.1 102.112.2o7.net
`127.0.0.1 192.168.112.2o7.net
`127.0.0.1 ancestrymsn.112.2o7.net
`127.0.0.1 angmar.112.2o7.net
`127.0.0.1 angts.112.2o7.net
`127.0.0.1 angvac.112.2o7.net
`127.0.0.1 canwest.112.2o7.net
`127.0.0.1 cbaol.112.2o7.net
`127.0.0.1 cbsncaasports.112.2o7.net
`127.0.0.1 cbspgatour.112.2o7.net
`127.0.0.1 cbsspln.112.2o7.net
`127.0.0.1 cfrfa.112.2o7.net
`127.0.0.1 classifiedscanada.112.2o7.net
`127.0.0.1 cnetnews.112.2o7.net
`127.0.0.1 denverpost.112.2o7.net
`127.0.0.1 dischannel.112.2o7.net
`127.0.0.1 execulink.112.2o7.net
`127.0.0.1 f2nsmh.112.2o7.net
`127.0.0.1 f2ntheage.112.2o7.net
`127.0.0.1 georgewbush.112.2o7.net
`127.0.0.1 georgewbushcom.112.2o7.net
`127.0.0.1 gpaper108.112.2o7.net
`127.0.0.1 gpaper109.112.2o7.net
`127.0.0.1 gpaper110.112.2o7.net
`127.0.0.1 gpaper111.112.2o7.net
`127.0.0.1 gpaper112.112.2o7.net
`127.0.0.1 gpaper113.112.2o7.net
`127.0.0.1 gpaper114.112.2o7.net
`127.0.0.1 gpaper115.112.2o7.net
`127.0.0.1 gpaper116.112.2o7.net
`127.0.0.1 gpaper117.112.2o7.net
`127.0.0.1 gpaper118.112.2o7.net
`127.0.0.1 gpaper119.112.2o7.net
`127.0.0.1 gpaper120.112.2o7.net
`127.0.0.1 gpaper121.112.2o7.net
`127.0.0.1 gpaper122.112.2o7.net
`127.0.0.1 gpaper123.112.2o7.net
`127.0.0.1 gpaper124.112.2o7.net
`127.0.0.1 gpaper125.112.2o7.net
`127.0.0.1 gpaper126.112.2o7.net
`127.0.0.1 gpaper127.112.2o7.net
`127.0.0.1 gpaper128.112.2o7.net
`127.0.0.1 gpaper129.112.2o7.net
`127.0.0.1 gpaper133.112.2o7.net
`127.0.0.1 gpaper138.112.2o7.net
`127.0.0.1 gpaper144.112.2o7.net
`127.0.0.1 gpaper147.112.2o7.net
`127.0.0.1 gpaper151.112.2o7.net
`127.0.0.1 gpaper154.112.2o7.net
`127.0.0.1 gpaper158.112.2o7.net
`127.0.0.1 gpaper164.112.2o7.net
`127.0.0.1 gpaper166.112.2o7.net
`127.0.0.1 gpaper176.112.2o7.net
`127.0.0.1 gpaper177.112.2o7.net
`127.0.0.1 gpaper180.112.2o7.net
`127.0.0.1 gpaper183.112.2o7.net
`127.0.0.1 gpaper202.112.2o7.net
`127.0.0.1 gpaper204.112.2o7.net
`127.0.0.1 hchrmain.112.2o7.net
`127.0.0.1 homesclick.112.2o7.net
`127.0.0.1 hpglobal.112.2o7.net
`127.0.0.1 hphqglobal.112.2o7.net
`127.0.0.1 intelglobal.112.2o7.net
`127.0.0.1 laxpsd.112.2o7.net
`127.0.0.1 mgtbo.112.2o7.net
`127.0.0.1 mlbglobal.112.2o7.net
`127.0.0.1 mngidmn.112.2o7.net
`127.0.0.1 mngislctrib.112.2o7.net
`127.0.0.1 mxmacromedia.112.2o7.net
`127.0.0.1 neber.112.2o7.net
`127.0.0.1 nmcommancomedia.112.2o7.net
`127.0.0.1 nmkawartha.112.2o7.net
`127.0.0.1 nmminneapolis.112.2o7.net
`127.0.0.1 nmsacramento.112.2o7.net
`127.0.0.1 novellcom.112.2o7.net
`127.0.0.1 nytbglobe.112.2o7.net
`127.0.0.1 nytglobe.112.2o7.net
`127.0.0.1 nythglobe.112.2o7.net
`127.0.0.1 nytimesglobal.112.2o7.net
`127.0.0.1 nytimesnonsampled.112.2o7.net
`127.0.0.1 nytimesnoonsampled.112.2o7.net
`127.0.0.1 nytrlakeland.112.2o7.net
`127.0.0.1 nytrsarasota.112.2o7.net
`127.0.0.1 pulpantagraph.112.2o7.net
`127.0.0.1 rckymtnnws.112.2o7.net
`127.0.0.1 thinkgeek.112.2o7.net
`127.0.0.1 verisonwildcard.112.2o7.net
`127.0.0.1 2.marketbanker.com
`127.0.0.1 207-87-18-203.wsmg.digex.net
`127.0.0.1 3ad.doubleclick.net
`127.0.0.1 a.as-eu.falkag.net
`127.0.0.1 a.as-us.falkag.net
`127.0.0.1 a.mktw.net
`127.0.0.1 a.websponsors.com
`127.0.0.1 a3.suntimes.com
`127.0.0.1 abcnews.footprint.net
`127.0.0.1 ac.rnm.ca
`127.0.0.1 actionflash.com
`127.0.0.1 actionsplash.com
`127.0.0.1 ad-adex3.flycast.com
`127.0.0.1 ad-souk.com
`127.0.0.1 ad.3au.doubleclick.net
`127.0.0.1 ad.71i.de
`127.0.0.1 ad.abcnews.com
`127.0.0.1 ad.aboutwebservices.com
`127.0.0.1 ad.adex3.flycast.com
`127.0.0.1 ad.adition.de
`127.0.0.1 ad.adition.net
`127.0.0.1 ad.adsmart.net
`127.0.0.1 ad.aftonbladet.se
`127.0.0.1 ad.asv.de
`127.0.0.1 ad.deviantart.com
`127.0.0.1 ad.es.doubleclick.net
`127.0.0.1 ad.espn.starwave.com
`127.0.0.1 ad.eurosport.com
`127.0.0.1 ad.horvitznewspapers.net
`127.0.0.1 ad.howstuffworks.com
`127.0.0.1 ad.iwin.com
`127.0.0.1 ad.leadcrunch.com
`127.0.0.1 ad.linkexchange.com
`127.0.0.1 ad.linksynergy.com
`127.0.0.1 ad.moscowtimes.ru
`127.0.0.1 ad.nate.com
`127.0.0.1 ad.network60.com
`127.0.0.1 ad.preferences.com
`127.0.0.1 ad.pro-advertising.com
`127.0.0.1 ad.repubblica.it
`127.0.0.1 ad.showbizz.net
`127.0.0.1 ad.sma.punto.net
`127.0.0.1 ad.smni.com
`127.0.0.1 ad.suprnova.org
`127.0.0.1 ad.tbn.ru
`127.0.0.1 ad.tv2.no
`127.0.0.1 ad.uk.tangozebra.com
`127.0.0.1 ad.usatoday.com
`127.0.0.1 ad.ve.doubleclick.net
`127.0.0.1 ad.webprovider.com
`127.0.0.1 ad01.focalink.com
`127.0.0.1 ad01.mediacorpsingapore.com
`127.0.0.1 ad02.focalink.com
`127.0.0.1 ad03.focalink.com
`127.0.0.1 ad04.focalink.com
`127.0.0.1 ad05.focalink.com
`127.0.0.1 ad06.focalink.com
`127.0.0.1 ad07.focalink.com
`127.0.0.1 ad08.focalink.com
`127.0.0.1 ad09.focalink.com
`127.0.0.1 ad1.hotel.com
`127.0.0.1 ad1.lbn.ru
`127.0.0.1 ad1.peel.com
`127.0.0.1 ad10.focalink.com
`127.0.0.1 ad11.focalink.com
`127.0.0.1 ad12.focalink.com
`127.0.0.1 ad13.focalink.com
`127.0.0.1 ad14.focalink.com
`127.0.0.1 ad15.focalink.com
`127.0.0.1 ad16.focalink.com
`127.0.0.1 ad17.focalink.com
`127.0.0.1 ad18.focalink.com
`127.0.0.1 ad19.focalink.com
`127.0.0.1 ad2.hotel.com
`127.0.0.1 ad2.lbn.ru
`127.0.0.1 ad2.pamedia.com
`127.0.0.1 ad2.peel.com
`127.0.0.1 ad2.smni.com
`127.0.0.1 ad3.lbn.ru
`127.0.0.1 ad4.lbn.ru
`127.0.0.1 ad5.lbn.ru
`127.0.0.1 adbot.theonion.com
`127.0.0.1 adcentric.randomseed.com
`127.0.0.1 adcentriconline.com
`127.0.0.1 adcontent.gamespy.com
`127.0.0.1 adcontroller.unicast.com
`127.0.0.1 adcreative.tribuneinteractive.com
`127.0.0.1 adcycle.icpeurope.net
`127.0.0.1 adex1.flycast.com
`127.0.0.1 adex2.flycast.com
`127.0.0.1 adex3.flycast.com
`127.0.0.1 adfarm.mediaplex.com
`127.0.0.1 adforce.ads.imgis.com
`127.0.0.1 adforce.adtech.de
`127.0.0.1 adforce.imgis.com
`127.0.0.1 adfu.blockstackers.com
`127.0.0.1 adgraphics.theonion.com
`127.0.0.1 adgroup.naver.com
`127.0.0.1 adi.mainichi.co.jp
`127.0.0.1 adimage.asia1.com.sg
`127.0.0.1 adimage.asiaone.com
`127.0.0.1 adimage.asiaone.com.sg
`127.0.0.1 adimage.blm.net
`127.0.0.1 adimages.earthweb.com
`127.0.0.1 adimages.go.com
`127.0.0.1 adimages.mp3.com
`127.0.0.1 adincl.gopher.com
`127.0.0.1 adj1.thruport.com
`127.0.0.1 adj10.thruport.com
`127.0.0.1 adj11.thruport.com
`127.0.0.1 adj12.thruport.com
`127.0.0.1 adj13.thruport.com
`127.0.0.1 adj14.thruport.com
`127.0.0.1 adj15.thruport.com
`127.0.0.1 adj16.thruport.com
`127.0.0.1 adj16r1.thruport.com
`127.0.0.1 adj17.thruport.com
`127.0.0.1 adj18.thruport.com
`127.0.0.1 adj2.thruport.com
`127.0.0.1 adj3.thruport.com
`127.0.0.1 adj4.thruport.com
`127.0.0.1 adj5.thruport.com
`127.0.0.1 adj6.thruport.com
`127.0.0.1 adj7.thruport.com
`127.0.0.1 adj8.thruport.com
`127.0.0.1 adj9.thruport.com
`127.0.0.1 adjuggler.yourdictionary.com
`127.0.0.1 adman.freeze.com
`127.0.0.1 admanager.btopenworld.com
`127.0.0.1 admedia.xoom.com
`127.0.0.1 admin.digitalacre.com
`127.0.0.1 adnet.chicago.tribune.com
`127.0.0.1 adnetwork.nextgen.net
`127.0.0.1 adng.ascii24.com
`127.0.0.1 adpepper.dk
`127.0.0.1 adpick.switchboard.com
`127.0.0.1 adpulse.ads.targetnet.com
`127.0.0.1 adpush.dreamscape.com
`127.0.0.1 adremote.pathfinder.com
`127.0.0.1 adremote.timeinc.net
`127.0.0.1 ads-direct.prodigy.net
`127.0.0.1 ads.accelerator-media.com
`127.0.0.1 ads.active.com
`127.0.0.1 ads.ad-flow.com
`127.0.0.1 ads.adcorps.com
`127.0.0.1 ads.addesktop.com
`127.0.0.1 ads.addynamix.com
`127.0.0.1 ads.admaximize.com
`127.0.0.1 ads.admonitor.net
`127.0.0.1 ads.adsag.com
`127.0.0.1 ads.adtegrity.net
`127.0.0.1 ads.adviva.net
`127.0.0.1 ads.adworldnetwork.com
`127.0.0.1 ads.ah-ha.com
`127.0.0.1 ads.allsites.com
`127.0.0.1 ads.amazingmedia.com
`127.0.0.1 ads.anm.co.uk
`127.0.0.1 ads.as4x.tmcs.net
`127.0.0.1 ads.as4x.tmcs.ticketmaster.ca
`127.0.0.1 ads.asia1.com
`127.0.0.1 ads.asia1.com.sg
`127.0.0.1 ads.astalavista.us
`127.0.0.1 ads.auctioncity.co.nz
`127.0.0.1 ads.banner.t-online.de
`127.0.0.1 ads.beliefnet.com
`127.0.0.1 ads.belointeractive.com
`127.0.0.1 ads.bfast.com
`127.0.0.1 ads.bigcitytools.com
`127.0.0.1 ads.bloomberg.com
`127.0.0.1 ads.bluemountain.com
`127.0.0.1 ads.bonnint.net
`127.0.0.1 ads.box.sk
`127.0.0.1 ads.businessweek.com
`127.0.0.1 ads.camrecord.com
`127.0.0.1 ads.canoe.ca
`127.0.0.1 ads.cbc.ca
`127.0.0.1 ads.champs-elysees.com
`127.0.0.1 ads.channel4.com
`127.0.0.1 ads.checkm8.co.za
`127.0.0.1 ads.chumcity.com
`127.0.0.1 ads.clickability.com
`127.0.0.1 ads.clickad.com.pl
`127.0.0.1 ads.clickagents.com
`127.0.0.1 ads.clickhouse.com
`127.0.0.1 ads.clickthru.net
`127.0.0.1 ads.collegemix.com
`127.0.0.1 ads.coopson.com
`127.0.0.1 ads.courierpostonline.com
`127.0.0.1 ads.cpsgsoftware.com
`127.0.0.1 ads.democratandchronicle.com
`127.0.0.1 ads.dennisnet.co.uk
`127.0.0.1 ads.desmoinesregister.com
`127.0.0.1 ads.developershed.com
`127.0.0.1 ads.deviantart.com
`127.0.0.1 ads.digital-digest.com
`127.0.0.1 ads.digitalacre.com
`127.0.0.1 ads.digitalhealthcare.com
`127.0.0.1 ads.digitalmedianet.com
`127.0.0.1 ads.discovery.com
`127.0.0.1 ads.drf.com
`127.0.0.1 ads.economist.com
`127.0.0.1 ads.enliven.com
`127.0.0.1 ads.euniverseads.com
`127.0.0.1 ads.examiner.net
`127.0.0.1 ads.exhedra.com
`127.0.0.1 ads.fairfax.com.au
`127.0.0.1 ads.flabber.nl
`127.0.0.1 ads.fool.com
`127.0.0.1 ads.forbes.com
`127.0.0.1 ads.fortunecity.com
`127.0.0.1 ads.fredericksburg.com
`127.0.0.1 ads.freshmeat.net
`127.0.0.1 ads.ft.com
`127.0.0.1 ads.gamespy.com
`127.0.0.1 ads.gamespyid.com
`127.0.0.1 ads.gateway.com
`127.0.0.1 ads.globeandmail.com
`127.0.0.1 ads.granadamedia.com
`127.0.0.1 ads.greenvilleonline.com
`127.0.0.1 ads.guardian.co.uk
`127.0.0.1 ads.guardianunlimited.co.uk
`127.0.0.1 ads.hamptonroads.com
`127.0.0.1 ads.hamtonroads.com
`127.0.0.1 ads.hardwarezone.com
`127.0.0.1 ads.heraldsun.com
`127.0.0.1 ads.hitcents.com
`127.0.0.1 ads.hollywood.com
`127.0.0.1 ads.i33.com
`127.0.0.1 ads.icq.com
`127.0.0.1 ads.ign.com
`127.0.0.1 ads.illuminatednation.com
`127.0.0.1 ads.indiatimes.com
`127.0.0.1 ads.indystar.com
`127.0.0.1 ads.inetdirectories.com
`127.0.0.1 ads.infi.net
`127.0.0.1 ads.injersey.com
`127.0.0.1 ads.iol.co.il
`127.0.0.1 ads.isat-tech.com
`127.0.0.1 ads.isoftmarketing.com
`127.0.0.1 ads.jacksonville.com
`127.0.0.1 ads.jeneauempire.com
`127.0.0.1 ads.jpost.com
`127.0.0.1 ads.jwtt3.com
`127.0.0.1 ads.kleinman.com
`127.0.0.1 ads.ksl.com
`127.0.0.1 ads.link4ads.com
`127.0.0.1 ads.linksponsor.com
`127.0.0.1 ads.linktracking.net
`127.0.0.1 ads.list-universe.com
`127.0.0.1 ads.lycos.com
`127.0.0.1 ads.madison.com
`127.0.0.1 ads.mcafee.com
`127.0.0.1 ads.mdchoice.com
`127.0.0.1 ads.mediaodyssey.com
`127.0.0.1 ads.mediaturf.net
`127.0.0.1 ads.mgnetwork.com
`127.0.0.1 ads.mindsetnetwork.com
`127.0.0.1 ads.mircx.com
`127.0.0.1 ads.mm.ap.org
`127.0.0.1 ads.mouseplanet.com
`127.0.0.1 ads.mustangworks.com
`127.0.0.1 ads.mytelus.com
`127.0.0.1 ads.nandomedia.com
`127.0.0.1 ads.nationalreview.com
`127.0.0.1 ads.nerve.com
`127.0.0.1 ads.newcity.com
`127.0.0.1 ads.newsint.co.uk
`127.0.0.1 ads.newsquest.co.uk
`127.0.0.1 ads.newtimes.com
`127.0.0.1 ads.northjersey.com
`127.0.0.1 ads.ntadvice.com
`127.0.0.1 ads.nwsource.com
`127.0.0.1 ads.nyjournalnews.com
`127.0.0.1 ads.nypost.com
`127.0.0.1 ads.nytimes.com
`127.0.0.1 ads.omaha.com
`127.0.0.1 ads.orsm.net
`127.0.0.1 ads.osdn.com
`127.0.0.1 ads.parrysound.com
`127.0.0.1 ads.peel.com
`127.0.0.1 ads.pennyweb.com
`127.0.0.1 ads.pg.valueclick.net
`127.0.0.1 ads.pilotonline.com
`127.0.0.1 ads.pointroll.com
`127.0.0.1 ads.premiumnetwork.com
`127.0.0.1 ads.pressdemo.com
`127.0.0.1 ads.prisacom.com
`127.0.0.1 ads.pro-market.net
`127.0.0.1 ads.queendom.com
`127.0.0.1 ads.quicken.com
`127.0.0.1 ads.rackshack.net
`127.0.0.1 ads.realcities.com
`127.0.0.1 ads.rediff.com
`127.0.0.1 ads.register.com
`127.0.0.1 ads.revenue.net
`127.0.0.1 ads.roanoke.com
`127.0.0.1 ads.rodale.com
`127.0.0.1 ads.rondomondo.com
`127.0.0.1 ads.savannahnow.com
`127.0.0.1 ads.scabee.com
`127.0.0.1 ads.schwabtrader.com
`127.0.0.1 ads.seattletimes.com
`127.0.0.1 ads.simtel.com
`127.0.0.1 ads.sitemeter.com
`127.0.0.1 ads.smartclicks.com
`127.0.0.1 ads.smartclicks.net
`127.0.0.1 ads.snowball.com
`127.0.0.1 ads.sohh.com
`127.0.0.1 ads.space.com
`127.0.0.1 ads.specificclick.com
`127.0.0.1 ads.sptimes.com
`127.0.0.1 ads.spymac.net
`127.0.0.1 ads.starbanner.com
`127.0.0.1 ads.stephensmedia.com
`127.0.0.1 ads.stileproject.com
`127.0.0.1 ads.stupid.com
`127.0.0.1 ads.switchboard.com
`127.0.0.1 ads.techtv.com
`127.0.0.1 ads.telegraph.co.uk
`127.0.0.1 ads.the15thinternet.com
`127.0.0.1 ads.theglobeandmail.com
`127.0.0.1 ads.theolympian.com
`127.0.0.1 ads.thestar.com
`127.0.0.1 ads.thewebfreaks.com
`127.0.0.1 ads.timesunion.com
`127.0.0.1 ads.top500.org
`127.0.0.1 ads.toronto.com
`127.0.0.1 ads.townhall.com
`127.0.0.1 ads.track.net
`127.0.0.1 ads.traderonline.com
`127.0.0.1 ads.tricityherald.com
`127.0.0.1 ads.tripod.com
`127.0.0.1 ads.tromaville.com
`127.0.0.1 ads.tucows.com
`127.0.0.1 ads.ucomics.com
`127.0.0.1 ads.valuead.com
`127.0.0.1 ads.vegas.com
`127.0.0.1 ads.veloxia.com
`127.0.0.1 ads.vnuemedia.com
`127.0.0.1 ads.weather.com
`127.0.0.1 ads.web.aol.com
`127.0.0.1 ads.web.compuserve.com
`127.0.0.1 ads.webcoretech.com
`127.0.0.1 ads.webmd.com
`127.0.0.1 ads.websponsors.com
`127.0.0.1 ads.whi.co.nz
`127.0.0.1 ads.x10.com
`127.0.0.1 ads.xtra.co.nz
`127.0.0.1 ads.zap2it.com
`127.0.0.1 ads.zdnet.com
`127.0.0.1 ads01.focalink.com
`127.0.0.1 ads01.hyperbanner.net
`127.0.0.1 ads02.focalink.com
`127.0.0.1 ads02.hyperbanner.net
`127.0.0.1 ads03.focalink.com
`127.0.0.1 ads03.hyperbanner.net
`127.0.0.1 ads04.focalink.com
`127.0.0.1 ads04.hyperbanner.net
`127.0.0.1 ads05.focalink.com
`127.0.0.1 ads05.hyperbanner.net
`127.0.0.1 ads06.focalink.com
`127.0.0.1 ads06.hyperbanner.net
`127.0.0.1 ads07.focalink.com
`127.0.0.1 ads07.hyperbanner.net
`127.0.0.1 ads08.focalink.com
`127.0.0.1 ads08.hyperbanner.net
`127.0.0.1 ads09.focalink.com
`127.0.0.1 ads09.hyperbanner.net
`127.0.0.1 ads1.activeagent.at
`127.0.0.1 ads1.ad-flow.com
`127.0.0.1 ads1.advance.net
`127.0.0.1 ads1.advertwizard.com
`127.0.0.1 ads1.ami-admin.com
`127.0.0.1 ads1.canoe.ca
`127.0.0.1 ads1.globeandmail.com
`127.0.0.1 ads1.jev.co.za
`127.0.0.1 ads1.realcities.com
`127.0.0.1 ads1.revenue.net
`127.0.0.1 ads1.sptimes.com
`127.0.0.1 ads1.theglobeandmail.com
`127.0.0.1 ads1.ucomics.com
`127.0.0.1 ads1.udc.advance.net
`127.0.0.1 ads1.updated.com
`127.0.0.1 ads1.virtumundo.com
`127.0.0.1 ads1.zdnet.com
`127.0.0.1 ads10.focalink.com
`127.0.0.1 ads10.hyperbanner.net
`127.0.0.1 ads11.focalink.com
`127.0.0.1 ads11.hyperbanner.net
`127.0.0.1 ads12.focalink.com
`127.0.0.1 ads12.hyperbanner.net
`127.0.0.1 ads13.focalink.com
`127.0.0.1 ads13.hyperbanner.net
`127.0.0.1 ads14.bpath.com
`127.0.0.1 ads14.focalink.com
`127.0.0.1 ads14.hyperbanner.net
`127.0.0.1 ads15.focalink.com
`127.0.0.1 ads15.hyperbanner.net
`127.0.0.1 ads16.focalink.com
`127.0.0.1 ads16.hyperbanner.net
`127.0.0.1 ads17.focalink.com
`127.0.0.1 ads17.hyperbanner.net
`127.0.0.1 ads18.focalink.com
`127.0.0.1 ads18.hyperbanner.net
`127.0.0.1 ads19.focalink.com
`127.0.0.1 ads2.ad-flow.com
`127.0.0.1 ads2.advance.net
`127.0.0.1 ads2.advertwizard.com
`127.0.0.1 ads2.canoe.ca
`127.0.0.1 ads2.clickad.com
`127.0.0.1 ads2.newtimes.com
`127.0.0.1 ads2.osdn.com
`127.0.0.1 ads2.realcities.com
`127.0.0.1 ads2.udc.advance.net
`127.0.0.1 ads2.virtumundo.com
`127.0.0.1 ads2.zdnet.com
`127.0.0.1 ads20.focalink.com
`127.0.0.1 ads21.focalink.com
`127.0.0.1 ads22.focalink.com
`127.0.0.1 ads23.focalink.com
`127.0.0.1 ads24.focalink.com
`127.0.0.1 ads25.focalink.com
`127.0.0.1 ads3.ad-flow.com
`127.0.0.1 ads3.advance.net
`127.0.0.1 ads3.advertwizard.com
`127.0.0.1 ads3.canoe.ca
`127.0.0.1 ads3.freebannertrade.com
`127.0.0.1 ads3.realcities.com
`127.0.0.1 ads3.virtumundo.com
`127.0.0.1 ads3.zdnet.com
`127.0.0.1 ads36.hyperbanner.net
`127.0.0.1 ads4.ad-flow.com
`127.0.0.1 ads4.advance.net
`127.0.0.1 ads4.advertwizard.com
`127.0.0.1 ads4.canoe.ca
`127.0.0.1 ads4.clearchannel.com
`127.0.0.1 ads4.realcities.com
`127.0.0.1 ads4.virtumundo.com
`127.0.0.1 ads5.ad-flow.com
`127.0.0.1 ads5.advance.net
`127.0.0.1 ads5.advertwizard.com
`127.0.0.1 ads5.canoe.ca
`127.0.0.1 ads5.udc.advance.net
`127.0.0.1 ads5.virtumundo.com
`127.0.0.1 ads6.ad-flow.com
`127.0.0.1 ads6.advertwizard.com
`127.0.0.1 ads7.ad-flow.com
`127.0.0.1 ads7.advance.net
`127.0.0.1 ads7.advertwizard.com
`127.0.0.1 ads8.ad-flow.com
`127.0.0.1 ads8.advertwizard.com
`127.0.0.1 ads9.ad-flow.com
`127.0.0.1 ads9.advertwizard.com
`127.0.0.1 adsatt.abcnews.starwave.com
`127.0.0.1 adsatt.espn.starwave.com
`127.0.0.1 adserv.aip.org
`127.0.0.1 adserv.bravenet.com
`127.0.0.1 adserv.iafrica.com
`127.0.0.1 adserv.internetfuel.com
`127.0.0.1 adserv.quality-channel.de
`127.0.0.1 adserv2.bravenet.com
`127.0.0.1 adserve.viaarena.com
`127.0.0.1 adserver.71i.de
`127.0.0.1 adserver.adtech.de
`127.0.0.1 adserver.aim4media.com
`127.0.0.1 adserver.airmiles.ca
`127.0.0.1 adserver.ancestry.com
`127.0.0.1 adserver.anm.co.uk
`127.0.0.1 adserver.dbusiness.com
`127.0.0.1 adserver.digitalpartners.com
`127.0.0.1 adserver.dnps.com
`127.0.0.1 adserver.eham.net
`127.0.0.1 adserver.eva2000.com
`127.0.0.1 adserver.freenet.de
`127.0.0.1 adserver.friendfinder.com
`127.0.0.1 adserver.gamesquad.net
`127.0.0.1 adserver.garden.com
`127.0.0.1 adserver.gorillanation.com
`127.0.0.1 adserver.hardwareanalysis.com
`127.0.0.1 adserver.harktheherald.com
`127.0.0.1 adserver.hellasnet.gr
`127.0.0.1 adserver.hg-computer.de
`127.0.0.1 adserver.humanux.com
`127.0.0.1 adserver.ign.com
`127.0.0.1 adserver.ixm.co.uk
`127.0.0.1 adserver.janes.com
`127.0.0.1 adserver.journalinteractive.com
`127.0.0.1 adserver.linktrader.co.uk
`127.0.0.1 adserver.lunarpages.com
`127.0.0.1 adserver.m2kcore.com
`127.0.0.1 adserver.matchcraft.com
`127.0.0.1 adserver.merc.com
`127.0.0.1 adserver.monster.com
`127.0.0.1 adserver.news.com.au
`127.0.0.1 adserver.newtimes.com
`127.0.0.1 adserver.nydailynews.com
`127.0.0.1 adserver.nzoom.com
`127.0.0.1 adserver.phillyburbs.com
`127.0.0.1 adserver.securityfocus.com
`127.0.0.1 adserver.terra.com.br
`127.0.0.1 adserver.thisislondon.co.uk
`127.0.0.1 adserver.tilted.net
`127.0.0.1 adserver.track-star.com
`127.0.0.1 adserver.trader.ca
`127.0.0.1 adserver.trb.com
`127.0.0.1 adserver.tribuneinteractive.com
`127.0.0.1 adserver.ugo.com
`127.0.0.1 adserver.yahoo.com
`127.0.0.1 adserver01.ancestry.com
`127.0.0.1 adserver1.backbeatmedia.com
`127.0.0.1 adserver1.ogilvy-interactive.de
`127.0.0.1 adserver2.creative.com
`127.0.0.1 adsfac.net
`127.0.0.1 adsintl.starwave.com
`127.0.0.1 adsnew.userfriendly.org
`127.0.0.1 adsr3pg.com.br
`127.0.0.1 adsrc.bankrate.com
`127.0.0.1 adsremote.scripps.com
`127.0.0.1 adsrv.heraldtribune.com
`127.0.0.1 adsrv.hpg.com.br
`127.0.0.1 adsrv.iol.co.za
`127.0.0.1 adsrv.news.com.au
`127.0.0.1 adsrv.tuscaloosanews.com
`127.0.0.1 adtag.sympatico.ca
`127.0.0.1 adtegrity.spinbox.net
`127.0.0.1 adtracking.vinden.nlfrm
`127.0.0.1 adv.bannercity.ru
`127.0.0.1 adv.bbanner.it
`127.0.0.1 adv.surinter.net
`127.0.0.1 adv.wp.pl
`127.0.0.1 adveng.hiasys.com
`127.0.0.1 advert.bayarea.com
`127.0.0.1 advertising.gfxartist.com
`127.0.0.1 advertising.hiasys.com
`127.0.0.1 adverts.ecn.co.uk
`127.0.0.1 adviva.net
`127.0.0.1 adx.adrenalinesk.sk
`127.0.0.1 affiliate.aol.com
`127.0.0.1 affiliate.cfdebt.com
`127.0.0.1 ajcclassifieds.com
`127.0.0.1 ak.imgfarm.com
`127.0.0.1 akaads-espn.starwave.com
`127.0.0.1 alliance.adbureau.net
`127.0.0.1 altfarm.mediaplex.com
`127.0.0.1 amch.questionmarket.com
`127.0.0.1 americansingles.click-url.com
`127.0.0.1 antfarm-ad.flycast.com
`127.0.0.1 apps5.oingo.com
`127.0.0.1 arsconsole.global-intermedia.com
`127.0.0.1 as1.falkag.de
`127.0.0.1 au.ads.link4ads.com
`127.0.0.1 au.adserver.yahoo.com
`127.0.0.1 aureate.com
`127.0.0.1 banner.coza.com
`127.0.0.1 banner.easyspace.com
`127.0.0.1 banner.media-system.de
`127.0.0.1 banner.northsky.com
`127.0.0.1 banner.oddcast.com
`127.0.0.1 banner.orb.net
`127.0.0.1 banner.relcom.ru
`127.0.0.1 banner2.inet-traffic.com
`127.0.0.1 bannerads.anytimenews.com
`127.0.0.1 bannerads.zwire.com
`127.0.0.1 bannerimages.0catch.com
`127.0.0.1 bannerpower.com
`127.0.0.1 banners.affiliatefuel.com
`127.0.0.1 banners.affiliatefuture.com
`127.0.0.1 banners.bol.se
`127.0.0.1 banners.directnic.com
`127.0.0.1 banners.dnastudio.com
`127.0.0.1 banners.easydns.com
`127.0.0.1 banners.expressindia.com
`127.0.0.1 banners.img.uol.com.br
`127.0.0.1 banners.ksl.com
`127.0.0.1 banners.linkbuddies.com
`127.0.0.1 banners.looksmart.com
`127.0.0.1 banners.netcraft.com
`127.0.0.1 banners.nextcard.com
`127.0.0.1 banners.pennyweb.com
`127.0.0.1 banners.tucson.com
`127.0.0.1 banners.valuead.com
`127.0.0.1 banners.webmasterplan.com
`127.0.0.1 banners.wunderground.com
`127.0.0.1 banners1.linkbuddies.com
`127.0.0.1 banners2.castles.org
`127.0.0.1 barnesandnoble.bfast.com
`127.0.0.1 bell.adcentriconline.com
`127.0.0.1 beseenad.looksmart.com
`127.0.0.1 betterperformance.goldenopps.info
`127.0.0.1 bfast.com
`127.0.0.1 bidclix.net
`127.0.0.1 bild.ivwbox.de
`127.0.0.1 bizad.nikkeibp.co.jp
`127.0.0.1 bn.bfast.com
`127.0.0.1 c1.zedo.com
`127.0.0.1 c2.zedo.com
`127.0.0.1 c3.zedo.com
`127.0.0.1 c4.maxserving.com
`127.0.0.1 c4.zedo.com
`127.0.0.1 c5.zedo.com
`127.0.0.1 c6.zedo.com
`127.0.0.1 c7.zedo.com
`127.0.0.1 cache.unicast.com
`127.0.0.1 califia.imaginemedia.com
`127.0.0.1 campaigns.f2.com.au
`127.0.0.1 cashflowmarketing.com
`127.0.0.1 cdn2.adsdk.com
`127.0.0.1 click.avenuea.com
`127.0.0.1 click.go2net.com
`127.0.0.1 click.linksynergy.com
`127.0.0.1 clickcash.webpower.com
`127.0.0.1 clickit.go2net.com
`127.0.0.1 clicks.adultplex.com
`127.0.0.1 clipserv.adclip.com
`127.0.0.1 clk.cloudyisland.com
`127.0.0.1 cmhtml.overture.com
`127.0.0.1 cmn1lsm2.beliefnet.com
`127.0.0.1 commerce.www.ibm.com
`127.0.0.1 connect.247media.ads.link4ads.com
`127.0.0.1 content.ad-flow.com
`127.0.0.1 coreg.flashtrack.net
`127.0.0.1 cornflakes.pathfinder.com
`127.0.0.1 count.casino-trade.com
`127.0.0.1 counter.hitbox.com
`127.0.0.1 crux.songline.com
`127.0.0.1 dart.chron.com
`127.0.0.1 db4.net-filter.com
`127.0.0.1 dev.adforum.com
`127.0.0.1 djbanners.deadjournal.com
`127.0.0.1 dl.ncbuy.com
`127.0.0.1 dnads.directnic.com
`127.0.0.1 ehg-acdsystems.hitbox.com
`127.0.0.1 ehg-legonewyorkinc.hitbox.com
`127.0.0.1 engage.everyone.net
`127.0.0.1 engage.speedera.net
`127.0.0.1 erie.smartage.com
`127.0.0.1 espn.footprint.net
`127.0.0.1 etad.telegraph.co.uk
`127.0.0.1 etype.adbureau.net
`127.0.0.1 euniverseads.com
`127.0.0.1 exits1.webquest.net
`127.0.0.1 exits2.webquest.net
`127.0.0.1 ezboard.bigbangmedia.com
`127.0.0.1 faz.ivwbox.de
`127.0.0.1 focusin.ads.targetnet.com
`127.0.0.1 fp.valueclick.com
`127.0.0.1 gadgeteer.pdamart.com
`127.0.0.1 gavzad.keenspot.com
`127.0.0.1 gcirm.burlingtonfreepress.com
`127.0.0.1 gcirm.citizen-times.com
`127.0.0.1 gcirm.dmregister.com
`127.0.0.1 gcirm.gannett-tv.com
`127.0.0.1 gcirm.lsj.com
`127.0.0.1 gcirm.tennessean.com
`127.0.0.1 gcrim.democratandchronicle.com
`127.0.0.1 gcrim.theolympian.com
`127.0.0.1 gm.preferences.com
`127.0.0.1 got2goshop.com
`127.0.0.1 goto.trafficmultiplier.com
`127.0.0.1 gravitron.chron.com
`127.0.0.1 grfx.mp3.com
`127.0.0.1 gs1.idsales.co.uk
`127.0.0.1 guptamedianetwork.com
`127.0.0.1 hg1.hitbox.com
`127.0.0.1 http300.content.ru4.com
`127.0.0.1 ieee.adbureau.net
`127.0.0.1 if.bbanner.it
`127.0.0.1 image.i1img.com
`127.0.0.1 image.linkexchange.com
`127.0.0.1 imageads.canoe.ca
`127.0.0.1 images.ads.fairfax.com.au
`127.0.0.1 images.clickfinders.com
`127.0.0.1 images.cybereps.com
`127.0.0.1 images.emapadserver.com
`127.0.0.1 imageserv.adtech.de
`127.0.0.1 imgserv.adbutler.com
`127.0.0.1 imp.partner2profit.com
`127.0.0.1 impact.cossette-webpact.com
`127.0.0.1 impes.tradedoubler.com
`127.0.0.1 impse.tradedoubler.com
`127.0.0.1 inl.adbureau.net
`127.0.0.1 itxt.vibrantmedia.com
`127.0.0.1 ivwbox.de
`127.0.0.1 jl29jd25sm24mc29.com
`127.0.0.1 kansas.valueclick.com
`127.0.0.1 kicker.ivwbox.de
`127.0.0.1 klipmart.dvlabs.com
`127.0.0.1 klipmart.forbes.com
`127.0.0.1 knight.economist.com
`127.0.0.1 lanzar.publicidadweb.com
`127.0.0.1 leader.linkexchange.com
`127.0.0.1 links.dot.tk
`127.0.0.1 linktracker.angelfire.com
`127.0.0.1 liquidad.narrowcastmedia.com
`127.0.0.1 lnads.osdn.com
`127.0.0.1 load.focalex.com
`127.0.0.1 lt.angelfire.com
`127.0.0.1 m.tribalfusion.com
`127.0.0.1 macaddictads.snv.futurenet.com
`127.0.0.1 manuel.theonion.com
`127.0.0.1 matrix.mediavantage.de
`127.0.0.1 maximumpcads.imaginemedia.com
`127.0.0.1 mds.centrport.net
`127.0.0.1 media.adcentriconline.com
`127.0.0.1 media.bonnint.net
`127.0.0.1 media.fastclick.net
`127.0.0.1 media.popuptraffic.com
`127.0.0.1 media1.fastclick.net
`127.0.0.1 media10.fastclick.net
`127.0.0.1 media11.fastclick.net
`127.0.0.1 media12.fastclick.net
`127.0.0.1 media13.fastclick.net
`127.0.0.1 media2.fastclick.net
`127.0.0.1 media2.travelzoo.com
`127.0.0.1 media3.fastclick.net
`127.0.0.1 media4.fastclick.net
`127.0.0.1 media5.fastclick.net
`127.0.0.1 media6.fastclick.net
`127.0.0.1 media7.fastclick.net
`127.0.0.1 media8.fastclick.net
`127.0.0.1 media9.fastclick.net
`127.0.0.1 mediacharger.com
`127.0.0.1 messagia.adcentric.proximi-t.com
`127.0.0.1 mii-image.adjuggler.com
`127.0.0.1 mjx.ads.nwsource.com
`127.0.0.1 mjxads.internet.com
`127.0.0.1 mojofarm.mediaplex.com
`127.0.0.1 mt58.mtree.com
`127.0.0.1 nb.netbreak.com.au
`127.0.0.1 nbc.adbureau.net
`127.0.0.1 netcomm.spinbox.net
`127.0.0.1 netshelter.adtrix.com
`127.0.0.1 network.realmedia.com
`127.0.0.1 newads.cmpnet.com
`127.0.0.1 ng3.ads.warnerbros.com
`127.0.0.1 ngads.smartage.com
`127.0.0.1 nitrous.exitfuel.com
`127.0.0.1 nitrous.internetfuel.com
`127.0.0.1 nsads.hotwired.com
`127.0.0.1 ntbanner.digitalriver.com
`127.0.0.1 nx-adv0005.247realmedia.com
`127.0.0.1 nytadvertising.nytimes.com
`127.0.0.1 oas-central.realmedia.com
`127.0.0.1 oas-eu.247realmedia.com
`127.0.0.1 oas.foxnews.com
`127.0.0.1 oas.lee.net
`127.0.0.1 oas.startribune.com
`127.0.0.1 oas.villagevoice.com
`127.0.0.1 oasads.whitepages.com
`127.0.0.1 oascentral.abclocal.go.com
`127.0.0.1 oascentral.adage.com
`127.0.0.1 oascentral.bostonherald.com
`127.0.0.1 oascentral.clearchannel.com
`127.0.0.1 oascentral.construction.com
`127.0.0.1 oascentral.crainsdetroit.com
`127.0.0.1 oascentral.drphil.com
`127.0.0.1 oascentral.foxnews.com
`127.0.0.1 oascentral.sina.com
`127.0.0.1 oascentral.sina.com.hk
`127.0.0.1 oascentral.theonion.com
`127.0.0.1 oascentral.theonionavclub.com
`127.0.0.1 oascentral.thesmokinggun.com
`127.0.0.1 oascentral.thespark.com
`127.0.0.1 oascentral.wwe.com
`127.0.0.1 oasis.zmh.zope.com
`127.0.0.1 oassis.zmh.zope.com
`127.0.0.1 offers.impower.com
`127.0.0.1 onlineads.magicvalley.com
`127.0.0.1 openad.travelnow.com
`127.0.0.1 overflow.adsoftware.com
`127.0.0.1 oz.valueclick.com
`127.0.0.1 partner.ah-ha.com
`127.0.0.1 partner01.oingo.com
`127.0.0.1 partner02.oingo.com
`127.0.0.1 partner03.oingo.com
`127.0.0.1 ph-ad01.focalink.com
`127.0.0.1 ph-ad02.focalink.com
`127.0.0.1 ph-ad03.focalink.com
`127.0.0.1 ph-ad04.focalink.com
`127.0.0.1 ph-ad05.focalink.com
`127.0.0.1 ph-ad06.focalink.com
`127.0.0.1 ph-ad07.focalink.com
`127.0.0.1 ph-ad08.focalink.com
`127.0.0.1 ph-ad09.focalink.com
`127.0.0.1 ph-ad10.focalink.com
`127.0.0.1 ph-ad11.focalink.com
`127.0.0.1 ph-ad12.focalink.com
`127.0.0.1 ph-ad13.focalink.com
`127.0.0.1 ph-ad14.focalink.com
`127.0.0.1 ph-ad15.focalink.com
`127.0.0.1 ph-ad16.focalink.com
`127.0.0.1 ph-ad17.focalink.com
`127.0.0.1 ph-ad18.focalink.com
`127.0.0.1 ph-ad19.focalink.com
`127.0.0.1 ph-ad20.focalink.com
`127.0.0.1 phg.hitbox.com
`127.0.0.1 phpads.cnpapers.com
`127.0.0.1 phpads.macbidouille.com
`127.0.0.1 popup.matchmaker.com
`127.0.0.1 popups.ad-logics.com
`127.0.0.1 popups.infostart.com
`127.0.0.1 primetime.ad.primetime.net
`127.0.0.1 ptrads.mp3.com
`127.0.0.1 publicidades.redtotalonline.com
`127.0.0.1 q.azcentral.com
`127.0.0.1 realads.realmedia.com
`127.0.0.1 realmedia-a800.d4p.net
`127.0.0.1 red01.as-eu.falkag.net
`127.0.0.1 red01.as-us.falkag.net
`127.0.0.1 red02.as-eu.falkag.net
`127.0.0.1 red02.as-us.falkag.net
`127.0.0.1 red03.as-eu.falkag.net
`127.0.0.1 red03.as-us.falkag.net
`127.0.0.1 red04.as-eu.falkag.net
`127.0.0.1 red04.as-us.falkag.net
`127.0.0.1 redherring.ngadcenter.net
`127.0.0.1 redirect.click2net.com
`127.0.0.1 regio.adlink.de
`127.0.0.1 remotead.cnet.com
`127.0.0.1 responsemedia-ad.flycast.com
`127.0.0.1 rmedia.boston.com
`127.0.0.1 rotabanner100.utro.ru
`127.0.0.1 s0b.bluestreak.com
`127.0.0.1 search.freeonline.com
`127.0.0.1 secure-au.imrworldwide.com
`127.0.0.1 secure.webconnect.net
`127.0.0.1 securerunner.com
`127.0.0.1 servads.aip.org
`127.0.0.1 servedby.advertising.com
`127.0.0.1 server.as5000.com
`127.0.0.1 server.iad.liveperson.net
`127.0.0.1 server01.popupmoney.com
`127.0.0.1 sfads.osdn.com
`127.0.0.1 sh4sure-images.adbureau.net
`127.0.0.1 shinystat.shiny.it
`127.0.0.1 simg.zedo.com
`127.0.0.1 skill.skilljam.com
`127.0.0.1 specialoffers.aol.com
`127.0.0.1 speed.pointroll.com
`127.0.0.1 spiegel.ivwbox.de
`127.0.0.1 spin.spinbox.net
`127.0.0.1 spinbox.consumerreview.com
`127.0.0.1 sponsor1.com
`127.0.0.1 ssads.osdn.com
`127.0.0.1 st.valueclick.com
`127.0.0.1 stat.dealtime.com
`127.0.0.1 static.admaximize.com
`127.0.0.1 static.everyone.net
`127.0.0.1 static.firehunt.com
`127.0.0.1 stats2.dooyoo.com
`127.0.0.1 suissa-ad.flycast.com
`127.0.0.1 sview.avenuea.com
`127.0.0.1 techreview-images.adbureau.net
`127.0.0.1 techreview.adbureau.net
`127.0.0.1 thinknyc.eu-adcenter.net
`127.0.0.1 tmsads.tribune.com
`127.0.0.1 topica.advertserve.com
`127.0.0.1 touche.adcentric.proximi-t.com
`127.0.0.1 tower.adexpedia.com
`127.0.0.1 transfer.go.com
`127.0.0.1 tsms-ad.tsms.com
`127.0.0.1 ttarget.adbureau.net
`127.0.0.1 twnads.weather.ca
`127.0.0.1 u0.extreme-dm.com
`127.0.0.1 ugo.eu-adcenter.net
`127.0.0.1 uk.i1.yimg.com
`127.0.0.1 us.a1.yimg.com
`127.0.0.1 us.adserver.yahoo.com
`127.0.0.1 usads.vibrantmedia.com
`127.0.0.1 utils.mediageneral.com
`127.0.0.1 v0.extreme-dm.com
`127.0.0.1 v1.extreme-dm.com
`127.0.0.1 van.ads.link4ads.com
`127.0.0.1 venus.goclick.com
`127.0.0.1 view.atdmt.com
`127.0.0.1 view.avenuea.com
`127.0.0.1 view.iballs.a1.avenuea.com
`127.0.0.1 vnu.eu-adcenter.net
`127.0.0.1 w.extreme-dm.com
`127.0.0.1 web.nyc.ads.juno.co
`127.0.0.1 web1b.netreflector.com
`127.0.0.1 webads.bizservers.com
`127.0.0.1 weeklyad.target.com
`127.0.0.1 wwbtads.com
`127.0.0.1 www.3qqq.net
`127.0.0.1 www.3turtles.com
`127.0.0.1 www.404errorpage.com
`127.0.0.1 www.5thavenue.com
`127.0.0.1 www.ad-souk.com
`127.0.0.1 www.ad-up.com
`127.0.0.1 www.ad.tomshardware.com
`127.0.0.1 www.adbanner.gr
`127.0.0.1 www.adforum.com
`127.0.0.1 www.adimages.beeb.com
`127.0.0.1 www.admex.com
`127.0.0.1 www.adpepper.dk
`127.0.0.1 www.adpowerzone.com
`127.0.0.1 www.adreporting.com
`127.0.0.1 www.ads.revenue.net
`127.0.0.1 www.adsoftware.com
`127.0.0.1 www.adtrix.com
`127.0.0.1 www.affiliateclick.com
`127.0.0.1 www.aureate.com
`127.0.0.1 www.banner4all.dk
`127.0.0.1 www.boonsolutions.com
`127.0.0.1 www.bugsbanner.it
`127.0.0.1 www.bulkclicks.com
`127.0.0.1 www.burstnet.com
`127.0.0.1 www.buyhitscheap.com
`127.0.0.1 www.click10.com
`127.0.0.1 www.clickbank.com
`127.0.0.1 www.clicktilluwin.com
`127.0.0.1 www.clickxchange.com
`127.0.0.1 www.coolsavings.com
`127.0.0.1 www.cpabank.com
`127.0.0.1 www.crazypopups.com
`127.0.0.1 www.datatech.es
`127.0.0.1 www.digimedia.com
`127.0.0.1 www.direc-tory.tk
`127.0.0.1 www.e-bannerx.com
`127.0.0.1 www.eads.com
`127.0.0.1 www.ehg-rr.hitbox.com
`127.0.0.1 www.fast-adv.it
`127.0.0.1 www.fineclicks.com
`127.0.0.1 www.focalex.com
`127.0.0.1 www.fusionbanners.com
`127.0.0.1 www.gatoradvertisinginformationnetwork.com
`127.0.0.1 www.getloan.com
`127.0.0.1 www.gopopup.com
`127.0.0.1 www.guesstheview.com
`127.0.0.1 www.guptamedianetwork.com
`127.0.0.1 www.hightrafficads.com
`127.0.0.1 www.idealcasino.net
`127.0.0.1 www.idirect.com
`127.0.0.1 www.ijacko.net
`127.0.0.1 www.indiads.com
`127.0.0.1 www.infinite-ads.com
`127.0.0.1 www.interstitialzone.com
`127.0.0.1 www.iwin.com
`127.0.0.1 www.jetseeker.com
`127.0.0.1 www.jl29jd25sm24mc29.com
`127.0.0.1 www.joinfree.ro
`127.0.0.1 www.leadgreed.com
`127.0.0.1 www.linkhut.com
`127.0.0.1 www.lottoforever.com
`127.0.0.1 www.media2.travelzoo.com
`127.0.0.1 www.merchantapp.com
`127.0.0.1 www.my-stats.com
`127.0.0.1 www.myaffiliateprogram.com
`127.0.0.1 www.myuitm.com
`127.0.0.1 www.netpalnow.com
`127.0.0.1 www.netpaloffers.net
`127.0.0.1 www.ontheweb.com
`127.0.0.1 www.parsads.com
`127.0.0.1 www.paypopup.com
`127.0.0.1 www.popupad.net
`127.0.0.1 www.popuptraffic.com
`127.0.0.1 www.postmasterbannernet.com
`127.0.0.1 www.radiate.com
`127.0.0.1 www.rankyou.com
`127.0.0.1 www.rtcode.com
`127.0.0.1 www.securerunner.com
`127.0.0.1 www.servedby.advertising.com
`127.0.0.1 www.shoppingjobshere.com
`127.0.0.1 www.smartadserver.com
`127.0.0.1 www.speedyclick.com
`127.0.0.1 www.sponsoradulto.com
`127.0.0.1 www.subsitesadserver.co.uk
`127.0.0.1 www.textbanners.net
`127.0.0.1 www.top20free.com
`127.0.0.1 www.treeloot.com
`127.0.0.1 www.tutop.com
`127.0.0.1 www.tuttosessogratis.org
`127.0.0.1 www.ukbanners.com
`127.0.0.1 www.uproar.com
`127.0.0.1 www.utarget.co.uk
`127.0.0.1 www.valueclick.com
`127.0.0.1 www.virtumundo.com
`127.0.0.1 www.webcashvideos.com
`127.0.0.1 www.websponsors.com
`127.0.0.1 www.whatuwhatuwhatuwant.com
`127.0.0.1 www.windaily.com
`127.0.0.1 www.winnerschoiceservices.com
`127.0.0.1 www.xbn.ru
`127.0.0.1 www1.ad.tomshardware.com
`127.0.0.1 www1.bannerspace.com
`127.0.0.1 www10.ad.tomshardware.com
`127.0.0.1 www10.indiads.com
`127.0.0.1 www10.paypopup.com
`127.0.0.1 www11.ad.tomshardware.com
`127.0.0.1 www12.ad.tomshardware.com
`127.0.0.1 www13.ad.tomshardware.com
`127.0.0.1 www14.ad.tomshardware.com
`127.0.0.1 www15.ad.tomshardware.com
`127.0.0.1 www2.ad.tomshardware.com
`127.0.0.1 www2.bannerspace.com
`127.0.0.1 www3.ad.tomshardware.com
`127.0.0.1 www3.bannerspace.com
`127.0.0.1 www4.ad.tomshardware.com
`127.0.0.1 www4.bannerspace.com
`127.0.0.1 www5.ad.tomshardware.com
`127.0.0.1 www5.bannerspace.com
`127.0.0.1 www6.ad.tomshardware.com
`127.0.0.1 www6.bannerspace.com
`127.0.0.1 www7.ad.tomshardware.com
`127.0.0.1 www7.bannerspace.com
`127.0.0.1 www74.valueclick.com
`127.0.0.1 www8.ad.tomshardware.com
`127.0.0.1 www81.valueclick.com
`127.0.0.1 www9.ad.tomshardware.com
`127.0.0.1 xlonhcld.xlontech.net
`127.0.0.1 z.extreme-dm.com
`127.0.0.1 z0.extreme-dm.com
`127.0.0.1 z1.adserver.com
`127.0.0.1 z1.extreme-dm.com
`127.0.0.1 zads.zedo.com
`127.0.0.1 zdads.e-media.com
`127.0.0.1 us.b1.yimg.com
`127.0.0.1 us.c1.yimg.com
`127.0.0.1 us.d1.yimg.com
`127.0.0.1 us.e1.yimg.com
`127.0.0.1 us.f1.yimg.com
`127.0.0.1 us.g1.yimg.com
`127.0.0.1 us.h1.yimg.com
`127.0.0.1 us.j1.yimg.com
`127.0.0.1 us.k1.yimg.com
`127.0.0.1 us.l1.yimg.com
`127.0.0.1 us.m1.yimg.com
`127.0.0.1 us.n1.yimg.com
`127.0.0.1 us.o1.yimg.com
`127.0.0.1 us.p1.yimg.com
`127.0.0.1 us.q1.yimg.com
`127.0.0.1 us.r1.yimg.com
`127.0.0.1 us.s1.yimg.com
`127.0.0.1 us.t1.yimg.com
`127.0.0.1 us.u1.yimg.com
`127.0.0.1 us.v1.yimg.com
`127.0.0.1 us.w1.yimg.com
`127.0.0.1 us.x1.yimg.com
`127.0.0.1 us.y1.yimg.com
`127.0.0.1 us.z1.yimg.com
`127.0.0.1 incestland.com
`127.0.0.1 www.asiansforu.com
`127.0.0.1 www.datanotary.com
`127.0.0.1 www.entercasino.com
`127.0.0.1 www.incestdot.com
`127.0.0.1 www.incestgold.com
`127.0.0.1 www.mangayhentai.com
`127.0.0.1 www.realincestvideos.com
`127.0.0.1 www.searchv.com
`127.0.0.1 www.secretosx.com
`127.0.0.1 www.seductiveamateurs.com
`127.0.0.1 www.xxxtoolbar.com
`127.0.0.1 www.altnet.com
`127.0.0.1 search.kazaa.com
`127.0.0.1 www.kazaaplus.com
`127.0.0.1 ssa.kazaa.com
`127.0.0.1 ssm.kazaa.com
`127.0.0.1 www.cydoor.com
`127.0.0.1 ads.kazaa.com
`127.0.0.1 www.bullguard.com
`127.0.0.1 www.certifiedkazaa.com
`127.0.0.1 puma.kazaa.com
`127.0.0.1 www.bns2.net
`127.0.0.1 www.bns1.net
`127.0.0.1 www.rgs2.net
`127.0.0.1 www.rgs1.net
`127.0.0.1 www.cms2.net
`127.0.0.1 www.cms1.net
`127.0.0.1 cys3.net
`127.0.0.1 cys2.net
`127.0.0.1 cys1.net
`127.0.0.1 www.kapsules.org
`127.0.0.1 images.kazaa.com
`127.0.0.1 desktop.kazaa.com
`127.0.0.1 www.altnetp2p.com
`127.0.0.1 alpha.kazaa.com
`127.0.0.1 shop.kazaa.com
`127.0.0.1 www.bonzi.com
`127.0.0.1 www.brilliantdigital.com
`127.0.0.1 www.b3d.com
`127.0.0.1 media.altnet.com
`127.0.0.1 dev.bde.com.au
`127.0.0.1 update.kazaa.com
`127.0.0.1 bravo.kazaa.com
`127.0.0.1 www.k-lite.tk
`127.0.0.1 http://www.kazanon.com/
`127.0.0.1 litetk.com
`127.0.0.1 kazaa.ishareit.com
`127.0.0.1 www.kazaagold.com
`127.0.0.1 www.kazaa-gold.com
`127.0.0.1 kazaagold.com
`127.0.0.1 www.k-lite.com
`127.0.0.1 www.kazaa-download.de
`127.0.0.1 www.mp3downloadhq.com
`127.0.0.1 www.easymusicdownload.com
`127.0.0.1 easymusicdownload.com
`127.0.0.1 www.mp3madeeasy.com
`127.0.0.1 www.monstershare.com
`127.0.0.1 monstershare.com
`127.0.0.1 www.kazaa-plus.net
`127.0.0.1 kazaa-plus.net
`127.0.0.1 www.kazaa-plus.com
`127.0.0.1 www.edonkey.com
`127.0.0.1 www.kazaa-file-sharing-downloads.com
`127.0.0.1 www.kazaaplatinum.com
`127.0.0.1 www.madeformusic.com
`127.0.0.1 www.ikazaa.net
`127.0.0.1 ikazaa.net
`127.0.0.1 www.ondemandmp3.com
`127.0.0.1 www.mp3u.com
`127.0.0.1 www.mp3specialty.com
`127.0.0.1 music-download-world.com
`127.0.0.1 song-download-world.com
`127.0.0.1 www.flixs.net
`127.0.0.1 www.ishareit.net
`127.0.0.1 www.ishareit.com
`127.0.0.1 www.download-doctor.com
`127.0.0.1 www.ezmp3download.com
`127.0.0.1 www.freesoftusa.com
`127.0.0.1 www.kazaamedia.com
`127.0.0.1 mp3-network.com
`127.0.0.1 www.mp3-network.com
`127.0.0.1 www.mp3grandcentral.net
`127.0.0.1 www.mp333.com
`127.0.0.1 www.kazaamate.com
`127.0.0.1 www.emule.biz
`127.0.0.1 www.kazaam8.tk
`127.0.0.1 www.rippro.com
`127.0.0.1 k-lite-legal.com
`127.0.0.1 www.kaaza.com
`127.0.0.1 secure.Webstartz.com
`127.0.0.1 www.kazaalite.de
`127.0.0.1 www.kazza.de
`127.0.0.1 kazza.com
`127.0.0.1 www.kazaalite.at
`127.0.0.1 www.kazaalite.ch
`127.0.0.1 www.kazaa-hilfe.de
`127.0.0.1 www.edonkey-2000.de
`127.0.0.1 www.edonkey-bot.de
`127.0.0.1 www.edonkey-edonkey2000.de
`127.0.0.1 www.edonkey-hilfe.de
`127.0.0.1 www.edonkey-morpheus-forum.de
`127.0.0.1 www.emule-hilfe.de
`127.0.0.1 www.file-sharing-forum.de
`127.0.0.1 www.filesharing-forum.de
`127.0.0.1 www.imesh-download.de
`127.0.0.1 www.kazaa-kaza.de
`127.0.0.1 www.kazaa-lite.info
`127.0.0.1 www.kazaa-lite-download.de
`127.0.0.1 www.1md.de
`127.0.0.1 www.mariodolzer.de
`127.0.0.1 www.morpheus-forum.de
`127.0.0.1 www.overnet-download.de
`127.0.0.1 www.overnet-hilfe.de
`127.0.0.1 www.winmx-download.de
`127.0.0.1 www.winmx-hilfe.de
`127.0.0.1 www.download-und-hilfe.de
`127.0.0.1 www.filesharing-hilfe-forum.de
`127.0.0.1 www.musik-download.biz
`127.0.0.1 www.mp3downloads.ch
`127.0.0.1 www.songfly.com
`127.0.0.1 www.kazaa.nl
`127.0.0.1 1stsoftwaredownloads.com
`127.0.0.1 morpheus-download-morpheus.com
`127.0.0.1 www.icisnet.org
`127.0.0.1 software.global-netcom.de
`127.0.0.1 www.filesharing-download.de
`127.0.0.1 www.p2p.tm
`127.0.0.1 www.filesharing-center.de
`127.0.0.1 www.filesharing-tools.de
`127.0.0.1 kazaa-download-kazaa.com
`127.0.0.1 www.interscilsa.com
`127.0.0.1 www.dvd-download-free.com
`127.0.0.1 www.howtominibooks.com
`127.0.0.1 www.internetmovies.com
`127.0.0.1 www.rippro.net
`127.0.0.1 www.musicmoviesbooks.com
`127.0.0.1 www.kazaalite.org
`127.0.0.1 www.getmp3music.com
`127.0.0.1 www1.ishareit.com
`127.0.0.1 www.filesharing-software.de
`127.0.0.1 www.firewarez.com
`127.0.0.1 www.k-lite.co.uk
`127.0.0.1 kazzaa.info
`127.0.0.1 www.morpheusp2p.com
`127.0.0.1 www.mudima.com
`127.0.0.1 www.download-central.com
`127.0.0.1 kazaaplatinum.com
`127.0.0.1 www.dingosoft.net
`127.0.0.1 www.kazaa-advance.com
`127.0.0.1 www.downloads-unlimited.com
`127.0.0.1 klserver.port5.com
`127.0.0.1 rippro.net
`127.0.0.1 www.findkazaalite.com
`127.0.0.1 www.freegoldkazaa.com
`127.0.0.1 www.freekazaalite.com
`127.0.0.1 www.kazaalitekpp.com
`127.0.0.1 kazaa.filez.ws
`127.0.0.1 www.kazaalite-download.com
`127.0.0.1 www.kazaavip.com
`127.0.0.1 compgenie.host.sk
`127.0.0.1 www.musicdownloadcenter.com
`127.0.0.1 www.kazza-lite.net
`127.0.0.1 warez4u.us
`127.0.0.1 www.warez4u.us
`127.0.0.1 forum.warez4u.us
`127.0.0.1 www.forum.warez4u.us
`127.0.0.1 startpage.warez4u.us
`127.0.0.1 www.startpage.warez4u.us
`127.0.0.1 kazaalite.warez4u.us
`127.0.0.1 www.kazaalite.warez4u.us
`127.0.0.1 www-k-lite.tk
`127.0.0.1 www.www-k-lite.tk
`127.0.0.1 klite.prv.pl
`127.0.0.1 www.klite.prv.pl
`127.0.0.1 downloadkazaalite.prv.pl
`127.0.0.1 www.downloadkazaalite.prv.pl
`127.0.0.1 klite.republika.pl
`127.0.0.1 www.klite.republika.pl
`127.0.0.1 lesres.prv.pl
`127.0.0.1 www.lesres.prv.pl
`127.0.0.1 lesres.republika.pl
`127.0.0.1 www.lesres.republika.pl
`127.0.0.1 kazaalite.twistedpc.us
`127.0.0.1 www.kazaalite.twistedpc.us
`127.0.0.1 k-lite.twistedpc.us
`127.0.0.1 www.k-lite.twistedpc.us
`127.0.0.1 purple.serverstoday.com
`127.0.0.1 overpro.com
`127.0.0.1 data.overpro.com
`127.0.0.1 kazaalite.pl
`127.0.0.1 www.kazaalite.pl
`127.0.0.1 ad.newmail.ru
`127.0.0.1 www.littlehouseonthemill.biz
`127.0.0.1 littlehouseonthemill.biz
`127.0.0.1 dhost.info
`127.0.0.1 www.dhost.info
`127.0.0.1 click.adultsingles.com
`127.0.0.1 www.click.adultsingles.com
`127.0.0.1 kazaa-lite-start-page.freeweb-hosting.com
`127.0.0.1 www.kazaa-lite-start-page.freeweb-hosting.com
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\notepad.exe
+C:\WINDOWS\system32\slrundll.exe
*C:\WINDOWS\slrundll.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+428=\SystemRoot\System32\smss.exe
+484=\??\C:\WINDOWS\system32\csrss.exe
+508=\??\C:\WINDOWS\system32\winlogon.exe
+552=C:\WINDOWS\system32\services.exe
+564=C:\WINDOWS\system32\lsass.exe
+788=C:\WINDOWS\system32\svchost.exe
+844=C:\WINDOWS\system32\svchost.exe
+956=C:\WINDOWS\System32\svchost.exe
+1076=C:\WINDOWS\System32\svchost.exe
+1268=C:\WINDOWS\Explorer.EXE
+1624=C:\WINDOWS\system32\spoolsv.exe
+1764=C:\WINDOWS\system32\RunDLL32.exe
+1788=C:\Program Files\ahead\InCD\InCD.exe
+1796=C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
+1832=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
+1856=C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
+1864=C:\Program Files\Winamp\winampa.exe
+1872=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
+1888=C:\Program Files\Messenger\msmsgs.exe
+1920=C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
+920=C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
+968=C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
+1516=C:\WINDOWS\System32\nvsvc32.exe
+1668=C:\WINDOWS\system32\wdfmgr.exe
+1740=C:\WINDOWS\System32\svchost.exe
+1348=C:\Program Files\Internet Explorer\iexplore.exe
+156=C:\Program Files\Evidence Eliminator\Ee.exe
+1520=C:\Documents and Settings\Jesse\My Documents\STARTDRECK\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

Ok I think that is it.

Thankx
Last edited by Ringleader; 03-04-2005 at 09:00 AM.
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 10:02 AM   #4 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

Download KillBox (http://www.greyknight17.com/spy/KillBox.exe). Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

c:\windows\bgdor.exe
c:\windows\ei25.exe
c:\windows\system32\splwbr.dll
c:\windows\system32\vmss\
c:\windows\system32\wsxsvc\

Restart and give us a new HijackThis log.

Is anything else detected now?
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 11:39 AM   #5 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


Ran KillBox
Ran KillBox

Deleted these guys with killbox

c:\windows\bgdor.exe
c:\windows\ei25.exe
c:\windows\system32\splwbr.dll
c:\windows\system32\vmss\
c:\windows\system32\wsxsvc\

Here is the new Hijack log
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\Documents and Settings\Jesse\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


I also ran TDS3 again and here is the log and alarms

12:38:33 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
12:38:34 [Init] Started 04-03-05 12:38:34 Eastern Standard Time (UTC: 5), Internet Time @776.78
12:38:34 [Init] Loading TDS-3 Systems ...
12:38:34 [Init] Token successfully adjusted.
12:38:34 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
12:38:34 [Init] • Plugins : OK. Loaded 13
12:38:34 [Init] • Exec Protection : Not Installed
12:38:34 [Init] WARNING: Your Radius.TD3 database needs to be updated!
12:38:34 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
12:38:34 [Init] Licensed users can use the Update facility from the TDS menu
12:38:34 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
12:38:43 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
12:38:43 [Init] • Systems Initialised [48508 references - 24053 primaries/12272 traces/12183 variants/other]
12:38:43 [Init] Radius Systems loaded. <Databases updated 04-03-2005>
12:38:43 [Init] TDS-3 Ready. <Jesse@192.168.2.8, 127.0.0.1 - United States>
12:38:43 [Tip Of The Day] Did you know? - You can use DiamondCS Port Explorer to see which ports are being used by which processes, and even packet-sniff processes and sockets! See http://www.diamondcs.com.au/portexplorer/
12:38:43 [TDS] Good afternoon Jesse. Why don't you ever take me out for lunch?
12:38:47 [Mutex Memory Scan] Started...
12:38:49 [Mutex Memory Scan] Finished (no trojan mutexes found).
12:38:49 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
12:39:18 [CRC32] Started - verifying 29 files ...
12:39:18 [CRC32] File doesn't exist: C:\autoexec.bat
12:39:23 [CRC32] Test finished.
12:41:10 [Memory Scan] Memory scan started, please wait a moment ...
12:41:11 [Memory Scan] Memory scan complete.
12:41:11 [Mutex Memory Scan] Started...
12:41:12 [Mutex Memory Scan] Finished (no trojan mutexes found).
12:41:12 [Trace Scan] Started...
12:41:18 [Trace Scan] Finished.
12:41:18 [ServiceScan] Scanning for services and drivers ...
12:41:23 [ServiceScan] Scanned 277 services and drivers.
12:41:23 [File Scan] Scanning in A:\ ...
12:41:24 [File Scan] Scanned 0 files: 0 alarms in 1.039063 seconds (Avg 1. files/sec)
12:41:24 [File Scan] Scanning in C:\ ...
13:17:21 [File Scan] Scanned 31449 files: 3 alarms in 2156.691 seconds (Avg 15.58 files/sec)
13:17:21 [File Scan] Scanning in D:\ ...
13:17:21 [File Scan] Scanned 0 files: 3 alarms in 1.171875E-02 seconds (Avg 1. files/sec)
13:17:21 [File Scan] Scanning in E:\ ...
13:17:21 [File Scan] Scanned 0 files: 3 alarms in 0.0234375 seconds (Avg 1. files/sec)
13:17:21 [Scan] Finished.
13:28:30 [Text Dump] Saved to C:\Documents and Settings\Jesse\My Documents\My eBooks\tds goody\TDS3\scandump.txt


ALARMS
Scan Control Dumped @ 13:28:30 04-03-05
Positive identification: Adware.DelphinMediaViewer.c
File: c:\windows\system32\vmss\vmss.exe

Positive identification (DLL): Adware.DelfinMediaViewer (dll)
File: c:\windows\system32\wsxsvc\wsx.ocx

Positive identification: Adware.DelphinMediaViewer.c1
File: c:\windows\system32\wsxsvc\wsxsvc.exe

Thankx
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 12:08 PM   #6 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should not have any open browsers when you are following the procedures below.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

c:\windows\system32\vmss\
c:\windows\system32\wsxsvc\

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 02:30 PM   #7 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


Ran Hijackthis Analyzer
Followed your instructions up to the point where I had to delete

c:\windows\system32\vmss\
c:\windows\system32\wsxsvc\

I could not open My Computer folder to get to them!!! I keep getting an error message send/don't send thing. I tryed numerous way around trying different browse functions but no success....

I tried to use KillBox to get it and Killbox found them.
It said c:\windows\system32\vmss\ did not exist and it told me I could not delete c:\windows\system32\wsxsvc\

Once I got back to normal mode I ran HIJACK again and had to delete the O16 entries again.

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

Ran (HIjack) again then Analyzer

Analyzer log

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 4:18:51 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Documents and Settings\Jesse\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1


End of KRC HijackThis Analyzer Log.
====================================================================

Thankx again
Last edited by Ringleader; 03-04-2005 at 02:33 PM.
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 02:39 PM   #8 (permalink)
Knower of all that is MS
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

Reboot into Normal Mode and run new HijackThis scan. If there were some entries that didn't show up in Safe Mode, you may check and fix those that appear now in normal mode (if you do that, make sure to run a new scan again). Save the log file and run KRC HijackThis Analyzer in the same folder to get the result.txt log. Just post the contents of the result.txt file in the forum.
__________________


GO BIG BLUE!!
CTSNKY is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 03:20 PM   #9 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


Result log
Ran Hijack got rid of
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)


New Hijack Analyzer Log

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 3/2/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.0
Scan saved at 5:15:40 PM, on 3/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Documents and Settings\Jesse\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1


End of KRC HijackThis Analyzer Log.
====================================================================

Thankx
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 03:49 PM   #10 (permalink)
Knower of all that is MS
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro


Your log is clean. If you disabled System Restore, make sure to enable it now.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial (http://www.greyknight17.com/spyware.htm#prevent) and use the tools provided.

Are there any problems now? If not, you should be set to go.
__________________


GO BIG BLUE!!
CTSNKY is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 04:01 PM   #11 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


What to do???
Thank you guy's for helping me get cleaned out.

The problems I have now is that shutdown startup is very slow!!!

Also I keep getting those Error messages send/don't send everytime I try to open up My Computer folder. This also happens when I try to type a URL in IE address bar.

I am not sure if these are problems left over from those buggers I just rid myself of or what??

Can you help me through these troubles or should I start a new thread somewhere else??

THANKX You guys are the best!!!!!
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-04-2005, 04:08 PM   #12 (permalink)
Knower of all that is MS
 
CTSNKY's Avatar
 
Join Date: Aug 2004
Posts: 10,755
OS: (multiple machines) 95, 98, 2K & XP Home & Pro


Try following the instructions found here:

http://support.microsoft.com/default...b;en-us;318378

If it persists, then do please create a new thread in Windows XP forum for more help!
__________________


GO BIG BLUE!!
CTSNKY is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2005, 06:25 AM   #13 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


Buggers are back....
I went on working through some of my other troubles on getting my folders working and dealing with IE problems got those partially worked out.

Decided to run Hijack again and seen that these fellas where back

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

I think these are all that are back.

Here is the Hijack log

Logfile of HijackThis v1.99.0
Scan saved at 8:20:05 AM, on 3/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\ahead\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Microsoft Broadband Networking\MSBNTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jesse\My Documents\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://charter.msn.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Microsoft Broadband Networking.lnk = ?
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6D05F-DE31-4DA7-AFD6-99CED325912A}: NameServer = 192.168.2.1
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thank for going through this battle with me!!!
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-05-2005, 09:42 PM   #14 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

That's ok, those are all ok to keep.

Your log is clean. If you disabled System Restore, make sure to enable it now.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial (http://www.greyknight17.com/spyware.htm#prevent) and use the tools provided.

Are there any problems now? If not, you should be set to go.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 03-06-2005, 05:30 AM   #15 (permalink)
Registered User
 
Ringleader's Avatar
 
Join Date: Mar 2005
Location: WV
Posts: 8
OS: xp


Thanks
You guys are the best!!!

Thanks
Ringleader is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:04 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85