Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Generic Host Process for Win32 Services slowing me down

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Generic Host Process for Win32 Services slowing me down

Unread postby mrclean575 » February 5th, 2006, 7:23 pm

Have run Ewido, housecall, CWshredder, Spybot S&D, Kepersky, and countless others. No malware, spyware or viruses were found. Kerio Firewall shows Messenger and Generic Host Process for Win32 Processes keep accessing internet. I close down messenger through Task Manager and WinPatrol, and it immediately restarts. Computer kept locking up, try to open a program and it would freeze. Denied access to and from the internet to these two processes through Kerio, no longer locking up and ie appears to be functioning better. I must have something taking control of my system, but nobody can find it. Please help
mrclean575
Active Member
 
Posts: 9
Joined: February 1st, 2006, 10:10 pm
Advertisement
Register to Remove

Unread postby Rogue » February 6th, 2006, 10:09 am

Hi mrclean575,
Post another HiJackThis log to your previous post and I'll see If I overlooked something. I may have Admin see if they can move it for us.
http://www.malwareremoval.com/forum/viewtopic.php?t=6942
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby mrclean575 » February 6th, 2006, 5:06 pm

WinPatrol notified me that a file C:/windows/system32/drivers/etc/hosts was attempting to change a file, I denied it. also ie keeps attempting to connect to downloads.aaa1screensavers.com
mrclean575
Active Member
 
Posts: 9
Joined: February 1st, 2006, 10:10 pm

new hjt log

Unread postby mrclean575 » February 6th, 2006, 5:27 pm

WinPatrol notified me that a file C:/windows/system32/drivers/etc/hosts was attempting to change a file, I denied it and am copying change it attempted. Also ie keeps attempting to connect to downloads.aaa1screensavers.com


Logfile of HijackThis v1.99.1
Scan saved at 12:01:30 PM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\Program Files\XoftSpySE\XoftSpy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ken Schram\Desktop\downloads\programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dial
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Sunbelt Kerio Personal Firewall 4 - Service] C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Norton System Doctor.LNK = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Support - {2172C3A7-BB00-4CA4-B4CF-6A7B07CB0072} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.4.64/m ... assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.3.0.46/w ... assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.2.30/p ... assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/s ... assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/s ... assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.4.34/w ... assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5.28/w ... assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.3.39/w ... assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8311113640
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax2822.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



#
# [Misc Add-ons][A - Z]
127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 dl.aaascreensavers.com
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 http://www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 http://www.acestats.com
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 http://www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 http://www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com
127.0.0.1 adserv.adbonus.com
127.0.0.1 http://www.adbonus.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 http://www.adcept.net
127.0.0.1 adcomplete.com
127.0.0.1 http://www.adcomplete.com
127.0.0.1 http://www.adcopy.info
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 http://www.adexit.com
127.0.0.1 http://www.ad4ever.com
127.0.0.1 adhearus.com
127.0.0.1 display2.adhearus.com
127.0.0.1 ssl3.adhost.com
127.0.0.1 www2.adhost.com
127.0.0.1 http://www.addme.com
127.0.0.1 http://www.adinfinity.com
127.0.0.1 te.adlandpro.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 http://www.adminder.com
127.0.0.1 adsfac.net
127.0.0.1 http://www.adonweb.com
127.0.0.1 http://www.adrelevance.com #[NetRatings]
127.0.0.1 media.adrevolver.com
127.0.0.1 adroar.com
127.0.0.1 ads.adroar.com
127.0.0.1 delta.adroar.com
127.0.0.1 iads.adroar.com #[Adware.AdRoar][ADW_ADROAR.A]
127.0.0.1 lists.adroar.com
127.0.0.1 http://www.adroar.com
127.0.0.1 ads.adsag.com
127.0.0.1 di.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 http://www.adserv.com
127.0.0.1 ads.adtomi.com
127.0.0.1 http://www.adtomi.com #[Adware.Adtomi]
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 http://www.adtoolsinc.com
127.0.0.1 http://www.adtrader.com
127.0.0.1 survey.advantageresearch.com
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net
127.0.0.1 advertisingvision.com #[Adware.Advision]
127.0.0.1 http://www.advertisingvision.com
127.0.0.1 adviva.com
127.0.0.1 http://www.adviva.com
127.0.0.1 ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[msvrl.dll]
127.0.0.1 http://www.affiliatefuel.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 affiliatetarget.com
127.0.0.1 http://www.affiliatetarget.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 http://www.affiliatetracking.net
127.0.0.1 http://www.affiliatetracking.com
127.0.0.1 partner.ah-ha.com #[Troj/Subsear-A][Adware-SSF.dr]
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 http://www.aim4media.com
127.0.0.1 crs.akamai.com
127.0.0.1 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
127.0.0.1 http://www.alexa.com
127.0.0.1 allcheapsolutions.com #[Backdoor-CIE]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster]
127.0.0.1 bantam.ai.net
127.0.0.1 fiona.ai.net
127.0.0.1 ads.amazingmedia.com
127.0.0.1 bohema.amillo.net #[Trojan.Mitglieder.H]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 associmg.com #[amazon.com]
127.0.0.1 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
127.0.0.1 http://www.armbender.com #[UCSearch.ArmBender]
127.0.0.1 audiogalaxy.com
127.0.0.1 http://www.audiogalaxy.com #[Restricted Zone site]
127.0.0.1 adserving.autotrader.com
127.0.0.1 http://www.avatarresources.com #[Parasite.AutoStartup]
127.0.0.1 http://www.avres.net
127.0.0.1 http://www.aweber.com
127.0.0.1 cploving.awmhost.net #[TrojanClicker.Win32.Lopin]
# B
127.0.0.1 bar.baidu.com #[Parasite.ClientMan]
127.0.0.1 http://www.baltictop.com
127.0.0.1 http://www.banner-mania.com
127.0.0.1 http://www.bannerspace.com #[Restricted Zone site]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com
127.0.0.1 http://www.bannerswap.com
127.0.0.1 http://www.bidclix.com
127.0.0.1 bidclix.net
127.0.0.1 http://www.bidclix.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net #[Restricted Zone site]
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 http://www.bighits.net
127.0.0.1 http://www.bigwebportal.com
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 http://www.black-hole.co.uk #[Restricted Zone site]
127.0.0.1 http://www.blazehits.net #[gonnasearch.com]
127.0.0.1 s7.blingblingcontent.com #[Easywebinstaller Control]
127.0.0.1 ads.bmais.net #[bluemountain]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 http://www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 a.boom.ro
127.0.0.1 s.boom.ro
127.0.0.1 www1.boomerank.com
127.0.0.1 boomerank.com
127.0.0.1 citi.bridgetrack.com #[Tracking Service]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 config.broadcastpc.tv #[TROJ_RVP.E]
127.0.0.1 report.broadcastpc.tv #[AdvWare.Broadcap.a]
127.0.0.1 http://www.broadcastpc.tv #[Adware.Broadcastpc]
127.0.0.1 http://www.browserplugin.com #[WebHlprObj Class]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 http://www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 browserwise.com #[Parasite.Xupiter][Xupiter.BrowserWise]
127.0.0.1 http://www.browserwise.com
127.0.0.1 http://www.buildtraffic.com
# C
127.0.0.1 casino-on-net.com
127.0.0.1 java2.casino-on-net.com
127.0.0.1 http://www.casino-on-net.com
127.0.0.1 cc-dt.com
127.0.0.1 ads.cc-dt.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 http://www.capital-systems.net #[Troj/Ovedil-B]
127.0.0.1 ads.cars.com
127.0.0.1 http://www.cashforclicks.com
127.0.0.1 http://www.cashpile.com
127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]
127.0.0.1 mds.centrport.net
127.0.0.1 c.clickaire.com #[CWS trojan downloads]
127.0.0.1 classifieds1000.com
127.0.0.1 http://www.classifieds1000.com
127.0.0.1 clearfind.com
127.0.0.1 http://www.clearfind.com #[Restricted Zone site]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com
127.0.0.1 http://www.clickexchange.ru
127.0.0.1 click2boost.com
127.0.0.1 secure.click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 http://www.click2boost.com
127.0.0.1 servedby.clickexperts.net
127.0.0.1 http://www.clicks2you.com
127.0.0.1 stats1.clicktracks.com
127.0.0.1 http://www.is1.clixgalore.com
127.0.0.1 http://www.clixgalore.com
127.0.0.1 www1.click-fr.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 http://www.clickhouse.com
127.0.0.1 http://www.clicks4u.com
127.0.0.1 http://www.clipgenie.com
127.0.0.1 comclick.com
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 http://www.comclick.com #[Restricted Zone site]
127.0.0.1 http://www.thecoolbar.com #[Softomate Toolbar][The Coolbar]
127.0.0.1 http://www.compactbanner.com
127.0.0.1 ads.console.net
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 http://www.coolshader.com
127.0.0.1 counted.com
127.0.0.1 bilbo.counted.com
127.0.0.1 http://www.counted.com
127.0.0.1 http://www.counterguide.com
127.0.0.1 counter4u.de
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 http://www.couponica.com
127.0.0.1 http://www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 twci.coremetrics.com
127.0.0.1 us.cqcounter.com
127.0.0.1 zz.cqcounter.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 http://www.cytron.com
# D
127.0.0.1 dailywinner.net #[Parasite.DailyWinner][ezcybersearch.com]
127.0.0.1 dw.dailywinner.net
127.0.0.1 http://www.dailywinner.net
127.0.0.1 http://www.dash.com
127.0.0.1 ads.date.com
127.0.0.1 banner.date.com
127.0.0.1 dbbsrv.com #[bserv.darkblue.com][Restricted Zone site]
127.0.0.1 freestuff.com.19828.fb.dbbsrv.com #[roar.com]
127.0.0.1 spyware.com.16871.fb.dbbsrv.com
127.0.0.1 webads.com.18345.fb.dbbsrv.com
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 http://www.deepmetrix.com
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
127.0.0.1 didtheyreadit.com #[email tracker]
127.0.0.1 http://www.didtheyreadit.com
127.0.0.1 counter.digits.com
127.0.0.1 http://www.divago.com #[Adware.Surfairy]
127.0.0.1 http://www.dnscaching.net #[stickypops.com]
127.0.0.1 http://www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 http://www.downloadalot.com #[Restricted Zone site]
127.0.0.1 doc-tracker.com
127.0.0.1 dqmedia.net #[spam]
127.0.0.1 drmx01.net #[spam]
127.0.0.1 http://www.duenow.com
127.0.0.1 gfx.dvlabs.com
127.0.0.1 klipads.dvlabs.com
# E
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 http://www.e2give.com
127.0.0.1 http://www.e-bannerx.com
127.0.0.1 adv1.eblocs.com
127.0.0.1 http://www.easycounter.com
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 http://www.ebates.com #[Adware.MoeMoney]
127.0.0.1 http://www.efinder.cc #[StartPage-DA]
127.0.0.1 c.enhance.com #[ah-ha.com]
127.0.0.1 enhancemysearch.com #[xzoomy.com]
127.0.0.1 http://www.enhancemysearch.com
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 http://www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 er.errorplace.com
127.0.0.1 http://www.errorplace.com
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 http://www.escorcher.com #[bogus antivirus spyware]
127.0.0.1 http://www.esearch.cc #[StartPage-EZ][server down?]
127.0.0.1 http://www.eshopads2.com
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 http://www.estat.com #[Restricted Zone site]
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 http://www.euroklik.nl #[EasyBar][InstallerX Class]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net
127.0.0.1 http://www.exchangead.com
127.0.0.1 exitexchange.com
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 http://www.exitexchange.com #[Restricted Zone site]
127.0.0.1 http://www.exittraffic.net
127.0.0.1 ezcybersearch.com #[EZCyberSearch.Surebar]
127.0.0.1 ads.ezcybersearch.com
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 http://www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 http://www.evidence-eliminator.com
127.0.0.1 http://www.ezhits4u.com #[EZHits4U.com]
# F
127.0.0.1 ads.fairfax.com.au
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 redirect.fairfax.com.au
127.0.0.1 campaigns.f2.com.au
127.0.0.1 http://www.fast2net.com
127.0.0.1 http://www.fastfind.org #[SubSearch][TROJ_STARTPAG.KF][Adware.Fastfind.B]
127.0.0.1 fasttrack.nu
127.0.0.1 http://www.fceboard.com #[Adware.EBoard]
127.0.0.1 http://www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 adserver.filefront.com
127.0.0.1 http://www.filemix.net #[Surf+]
127.0.0.1 http://www.fineclicks.com
127.0.0.1 firstname.com
127.0.0.1 clicks.firstname.com
127.0.0.1 flashtrack.net
127.0.0.1 ads.flashtrack.net #[Adware.Flashtrack.B]
127.0.0.1 coreg.flashtrack.net
127.0.0.1 http://www.flashtrack.net #[Adware.FlashEnhancer][KB312429]
127.0.0.1 flyinads.com
127.0.0.1 http://www.flyinads.com
127.0.0.1 ads.forbes.com
127.0.0.1 klipmart.forbes.com
127.0.0.1 http://www.ampira.com #[Fortunecity]
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.v3.com #[Fortunecity]
127.0.0.1 www2.fortunecity.com
127.0.0.1 ad.freefind.com
127.0.0.1 http://www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 free-stats.com
127.0.0.1 http://www.freewebsites.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 http://www.free-windows-games.com #[Parasite.GAMsys][GamHelper]
127.0.0.1 pops.freeze.com #[[GamHelper]
# G
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 http://www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 http://www.getsmart.com
127.0.0.1 bp2.getredirect.com
127.0.0.1 4.getredirect.com #[superlogy.com]
127.0.0.1 http://www.getredirect.com
127.0.0.1 getupdate.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 http://www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 http://www.gigex.com
127.0.0.1 globesearch.com
127.0.0.1 http://www.globesearch.com #[Restricted Zone site][CWS]
127.0.0.1 goclick.com
127.0.0.1 earth.goclick.com
127.0.0.1 partner1.goclick.com
127.0.0.1 http://www.goclick.com
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 http://www.goldenwebawards.com
127.0.0.1 goldstats.net
127.0.0.1 http://www.goldstats.net
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[Restricted Zone site]
127.0.0.1 adserver.gorillanation.com
127.0.0.1 gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 greatstartpage.com #[parasite downloads]
127.0.0.1 http://www.greatstartpage.com
127.0.0.1 grokster.com #[Restricted Zone site][P2P]
127.0.0.1 dl.grokster.com
127.0.0.1 http://www.grokster.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 http://www.g-wizzads.net
# H
127.0.0.1 hamster.com #[apps5.oingo.com]
127.0.0.1 ad0.haynet.com
127.0.0.1 http://www.hitboss.com
127.0.0.1 http://www.hit4hit.com
127.0.0.1 ads.hitcents.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 http://www.hithopper.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 hit-parade.com
127.0.0.1 http://www.hitpointer.com
127.0.0.1 hitslink.com
127.0.0.1 counter.hitslink.com
127.0.0.1 counter2.hitslink.com
127.0.0.1 www2.hitslink.com
127.0.0.1 http://www.hitslink.com #[Restricted Zone site]
127.0.0.1 http://www.hiwire.com
127.0.0.1 ads.home.net
127.0.0.1 counters.honesty.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 hotphrase.com
127.0.0.1 http://www.hotphrase.com #[Restricted Zone site]
127.0.0.1 hotsearch.com #[roar.com][Restricted Zone site]
127.0.0.1 http://www.hotsearch.com
127.0.0.1 hotsearchbar.com #[iiittt Class][SpiderSearch]
127.0.0.1 http://www.hotsearchbar.com
127.0.0.1 http://www.10s.com.br #[Trojan.Cargao]
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 http://www.humanclick.com #[Restricted Zone site]
127.0.0.1 hc2.humanclick.com
127.0.0.1 http://www.hypertracker.com
# I
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 http://www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 image-catcher.com
127.0.0.1 stats.surfaid.ihost.com
127.0.0.1 ads.imdb.com #[amazon.com]
127.0.0.1 http://www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 banners.inetfast.com
127.0.0.1 ads.infospace.com
127.0.0.1 bvads.infospace.com
127.0.0.1 dpxml.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 http://www.infospider.com
127.0.0.1 ads.intellicast.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com
127.0.0.1 mjxads.internet.com
127.0.0.1 indiads.com
127.0.0.1 infostart.com
127.0.0.1 popups.infostart.com
127.0.0.1 http://www.intelli-tracker.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 http://www.ipstat.com
127.0.0.1 istarthere.com #[Troj/IEStart-C]
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 partners.istarthere.com
127.0.0.1 http://www.istarthere.com
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 isurfplus.com
127.0.0.1 http://www.isurfplus.com #[Adware.Surebar]
127.0.0.1 http://www.itrafficstar.com #[Restricted Zone site]
# J
127.0.0.1 http://www.jcount.com
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 popup.jeanharris.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 http://www.joltid.com #[Adware.P2PNetworking]
127.0.0.1 ads.jpost.com
127.0.0.1 track.jpost.com
# K
127.0.0.1 www1.kliks.nl
127.0.0.1 www2.kliks.nl
127.0.0.1 http://www.kliks.nl
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 http://www.kliptracker.com
127.0.0.1 stats.klsoft.com
127.0.0.1 http://www.kmindex.ru
# L
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ts1.lexmark.com
127.0.0.1 http://www.linkcounter.com
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 http://www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 http://www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 http://www.linkopp.net
127.0.0.1 js.livehelper.com #[Restricted Zone site]
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 liveperson.net
127.0.0.1 server.iad.liveperson.net #[Restricted Zone site]
127.0.0.1 http://www.liveperson.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 locators.com #[object exploit]
127.0.0.1 toolbar.locators.com #[Locators Toolbar]
127.0.0.1 http://www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]
127.0.0.1 http://www.luckyhomepage.com #[Restricted Zone site]
127.0.0.1 adverts.lzio.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 search.lzio.com
127.0.0.1 updates.lzio.com #[Downloader-LE][Adware.ZioCom]
# M
127.0.0.1 make-deal.com
127.0.0.1 go.mailbits.com
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 marnet.us #[Downloader-IU]
127.0.0.1 image.masterstats.com
127.0.0.1 link.masterstats.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 associmage.match.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 maybeyes.biz #[Trojan.Ducky]
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 http://www.mediatickets.net
127.0.0.1 http://www.mt-download.com #[MediaTicketsInstaller Control]
127.0.0.1 ads.mediaturf.net
127.0.0.1 banner.meerhits.nl #[IEHIjacker.Meerhits.nl]
127.0.0.1 pokpok.meerhits.nl
127.0.0.1 exit.megago.com
127.0.0.1 http://www.megago.com #[typo squatter]
127.0.0.1 http://www.megasearchbar.com
127.0.0.1 http://www.megaseek.net #[Restricted Zone site]
127.0.0.1 http://www.memorywatcher.com #[TROJ_PEPER.A]
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 micorsoft.com
127.0.0.1 http://www.micorsoft.com #[typo hijacker]
127.0.0.1 adserver.mindshare.de
127.0.0.1 http://www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 banner.missingkids.com
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com
127.0.0.1 mp3today.net
127.0.0.1 http://www.mp3yes.com #[C2Media\LOP]
127.0.0.1 mpamexit.com
127.0.0.1 msgtag.com
127.0.0.1 img.msgtag.com #[Restricted Zone site]
127.0.0.1 http://www.msgtag.com
127.0.0.1 multi1.rmuk.co.uk
127.0.0.1 multimpp.com #[MultimppObj Class][AdvWare.BiSpy.o]
127.0.0.1 http://www.multimpp.com
127.0.0.1 mvtracker.com
127.0.0.1 http://www.mvtracker.com
127.0.0.1 mvr3d.net #[NavExcel\n-CASE]
127.0.0.1 mvr.us #[Parasite.NavExcel]
127.0.0.1 http://www.mvr.us
127.0.0.1 http://www.myaffiliateprogram.com
127.0.0.1 ads.mydailyhoroscope.net
127.0.0.1 http://www.mydailyhoroscope.net #[Adware.Horoscope]
127.0.0.1 http://www.myemessenger.com
127.0.0.1 rm.myoc.com
127.0.0.1 myhitlogger.com
127.0.0.1 mypagefinder.com #[Parasite.MyPageFinder]
# N
127.0.0.1 hit.namimedia.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 neededware.com #[Adware.NeededWare]
127.0.0.1 http://www.neededware.com
127.0.0.1 www6.netbroadcaster.com
127.0.0.1 code.netbreak.com.au
127.0.0.1 http://www.netflip.com
127.0.0.1 money2.netfirms.com
127.0.0.1 partner.netmechanic.com
127.0.0.1 tracker.netmechanic.com
127.0.0.1 counter.netmore.net
127.0.0.1 http://www.netpoll.nl
127.0.0.1 ads.netsol.com
127.0.0.1 ads.newsint.co.uk
127.0.0.1 adq.nextag.com
127.0.0.1 newiframe.biz #[TROJ_DELF.DS]
127.0.0.1 http://www.newiframe.biz
127.0.0.1 http://www.noadware.net #[SCAM.Enigma.NoAdware]
127.0.0.1 ad.nobreak.com
127.0.0.1 nounpax.com #[spam][server down?]
127.0.0.1 nowbox.com
127.0.0.1 http://www.nowbox.com #[Parasite.NowBox]
127.0.0.1 mediatickets.nubela.net
127.0.0.1 http://www.nubela.net
127.0.0.1 nzads.net.nz
# O
127.0.0.1 okcounter.com
127.0.0.1 http://www.okww.net #[Trojan.StartPage.C]
127.0.0.1 stat.onestat.com
127.0.0.1 http://www.onestat.com
127.0.0.1 one.ru
127.0.0.1 cnt.one.ru
127.0.0.1 stats0.one.ru
127.0.0.1 stats1.one.ru
127.0.0.1 stats2.one.ru
127.0.0.1 http://www.oneandonlynetwork.com #[Ticketmaster]
127.0.0.1 server1.opentracker.net
127.0.0.1 http://www.opinionlab.com
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 rate.opinionlab.com
127.0.0.1 banner.orb.net
127.0.0.1 http://www.originalicons.com #[F1 Organizer Class]
127.0.0.1 geoads.osdn.com
127.0.0.1 tg-images.osdn.com
127.0.0.1 otx5.otxresearch.com
127.0.0.1 otx.ifilm.com #[OTXMedia.dll]
127.0.0.1 http://www.otxresearch.com #[OTXMovie Class]
127.0.0.1 adpopper.outblaze.com #[bargain-buddy.net]
# P
127.0.0.1 http://www.p3marketing.com #[Zapspot]
127.0.0.1 click.payserve.com
127.0.0.1 http://www.pc-test.net
127.0.0.1 ad1.peel.com
127.0.0.1 ad3.peel.com
127.0.0.1 ads.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ads5.peel.com
127.0.0.1 http://www.peel.com
127.0.0.1 http://www.peel.net
127.0.0.1 ads.pennyweb.com #[addynamix.com]
127.0.0.1 banners.pennyweb.com
127.0.0.1 http://www.peruvianmarket.com #[Trojan.Beagooz.D]
127.0.0.1 ads.photosight.ru
127.0.0.1 phpadsnew.com
127.0.0.1 http://www.phpadsnew.com
127.0.0.1 pidorasam.net #[Backdoor.Berbew.J]
127.0.0.1 ads2.playnet.com
127.0.0.1 popfind.net #[Adware.Ddpop]
127.0.0.1 http://www.popupads.com
127.0.0.1 http://www.popupad.net
127.0.0.1 popupblockade.com #[Parasite.Httper]
127.0.0.1 http://www.popupblockade.com
127.0.0.1 popupmoney.com #[Restricted Zone site]
127.0.0.1 server01.popupmoney.com
127.0.0.1 http://www.popupmoney.com
127.0.0.1 popadstop.com #[Adware.PopAdStop]
127.0.0.1 http://www.popadstop.com
127.0.0.1 http://www.popunder.info #[TROJ_CHECKIN.B]
127.0.0.1 http://www.popupswappers.com
127.0.0.1 ad.popupswappers.com
127.0.0.1 http://www.popuptop.com
127.0.0.1 www2.portdetective.com
127.0.0.1 x0x0l.pp.ru #[BKDR_CCT.A]
127.0.0.1 http://www.praize.com #[Adware.Praize]
127.0.0.1 1.primaryads.com
127.0.0.1 http://www.privacyoutpost.com #[Troj/Regldr-A]
127.0.0.1 http://www.prtracker.com
127.0.0.1 http://www.profitzone.com #[ProfitZONE Adbar]
127.0.0.1 prolivation.com #[Restricted Zone site]
127.0.0.1 http://www.prolivation.com
127.0.0.1 ads.pro-market.net
127.0.0.1 http://www.promo.com.au
127.0.0.1 http://www.proxylist.biz
127.0.0.1 http://www.prutect.com #[Spyware.e2give]
127.0.0.1 http://www.pstopper.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 sma.punto.net
127.0.0.1 http://www.pureseeker.com #[C2Media\LOP]
127.0.0.1 http://www.pwallet.com #[Restricted Zone site]
# Q
127.0.0.1 rads01.quadrogram.com #[Adware.Quadro][Memwatcher.B][TROJ_PEPER.A]
127.0.0.1 adserv.quality-channel.de
127.0.0.1 http://www.quarterserver.de
127.0.0.1 questionmarket.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 survey.questionmarket.com
127.0.0.1 http://www.questionmarket.com
127.0.0.1 download.quickflicks.com #[Parasite.SVAPlayer]
127.0.0.1 http://www.qq886.com #[Backdoor.Semes]
# R
127.0.0.1 ramgo.com #[Restricted Zone site]
127.0.0.1 http://www.ramgo.com #[Win32.Startpage.B]
127.0.0.1 http://www.autoraskrutka.ru #[Spyware.Acext]
127.0.0.1 http://www.raskrutim.ru #[Spyware.Acext]
127.0.0.1 http://www.realclicks.com
127.0.0.1 http://www.relmaxtop.com
127.0.0.1 banner.relcom.ru
127.0.0.1 adservice.recon-networks.com
127.0.0.1 rightstats.com
127.0.0.1 http://www.rightstats.com
127.0.0.1 m.rmbclick.com
127.0.0.1 http://www.rgs-rostock.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 track.roiservice.com
# S
127.0.0.1 http://www.sandboxer.com #[Adware.Quadro][memorywatcher.com][Memwatcher.B]
127.0.0.1 http://www.savehits.com
127.0.0.1 st.sageanalyst.net
127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]
127.0.0.1 http://www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]
127.0.0.1 adsremote.scripps.com
127.0.0.1 counter.search.bg
127.0.0.1 searchalot.com
127.0.0.1 cards.searchalot.com
127.0.0.1 mail.searchalot.com
127.0.0.1 search.searchalot.com
127.0.0.1 web.searchalot.com
127.0.0.1 http://www.searchalot.com #[Adware-Tronix]
127.0.0.1 searchandclick.com
127.0.0.1 search.searchandclick.com
127.0.0.1 http://www.searchandclick.com #[Browseraid][SearchAndClick]
127.0.0.1 searchby.net
127.0.0.1 http://www.searchby.net #[Ultimate Popup Killer]
127.0.0.1 searchfst.com #[SFUtility Class][keywordsinc.com]
127.0.0.1 http://www.searchfst.com
127.0.0.1 http://www.searchgauge.com
127.0.0.1 http://www.search-control.com #[TrojanDropper.Win32.Small.ig]
127.0.0.1 search-itnow.com #[Parasite.AdultLinks]
127.0.0.1 http://www.search-itnow.com
127.0.0.1 http://www.searchmachine.com
127.0.0.1 http://www.searchmagnifier.com
127.0.0.1 searchmiracle.com #[Adware.EliteBar]
127.0.0.1 install.searchmiracle.com
127.0.0.1 641.searchmiracle.com
127.0.0.1 10016.searchmiracle.com
127.0.0.1 9310.searchmiracle.com
127.0.0.1 http://www.searchresult.net #[Parasite.IgetNet]
127.0.0.1 searchseekfind.com
127.0.0.1 ads.searchseekfind.com
127.0.0.1 tp.searchseekfind.com #[Trojan.Download.Chekin][server down?]
127.0.0.1 http://www.searchseekfind.com
127.0.0.1 browser.secondpower.com
127.0.0.1 download.secondpower.com
127.0.0.1 www1.secondpower.com
127.0.0.1 www3.secondpower.com #[KB320159]
127.0.0.1 http://www.secondpower.com
127.0.0.1 adserver.securityfocus.com
127.0.0.1 http://www.selfsurveys.com
127.0.0.1 http://www.seehits.com
127.0.0.1 http://www.sendtraffic.com
127.0.0.1 sesso.com
127.0.0.1 http://www.sesso.com #[VBS.Biscuit.A@mm]
127.0.0.1 ds.serving-sys.com
127.0.0.1 quasar.sitegauge.com
127.0.0.1 tracker.sitescout.com
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 http://www.sitestatslive.com
127.0.0.1 http://www.shadowcrew.com #[spam]
127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]
127.0.0.1 http://www.shockcounter.com
127.0.0.1 shopathomeselect.com #[Parasite.ShopAtHomeSelect]
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 downloads.shopathomeselect.com
127.0.0.1 http://www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 skeech.com
127.0.0.1 http://www.skeech.com #[Restricted Zone site]
127.0.0.1 smart2com.net #[Trojan.Autoproxy]
127.0.0.1 smart-browser.com
127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]
127.0.0.1 http://www.smart-browser.com
127.0.0.1 smartclicks.net
127.0.0.1 http://www.smartclicks.net
127.0.0.1 smarter.com #[Restricted Zone site]
127.0.0.1 sidebar.smarter.com
127.0.0.1 http://www.smarter.com
127.0.0.1 ads.smni.com
127.0.0.1 static.smni.com
127.0.0.1 http://www.sonyasys.com #[Downloader.Botten]
127.0.0.1 ads.spaceports.com
127.0.0.1 www1.spaex.com #[searchboss.com]
127.0.0.1 http://www.specialoffersnetworks.com
127.0.0.1 http://www.spedia.net #[SpediaBar]
127.0.0.1 http://www.spyarsenal.com #[Spyware.DesktopSpy][Spyware.FamilyKeylog]
127.0.0.1 spyferret.com #[OnlinePcFix.SpyFerret]
127.0.0.1 http://www.spyferret.com
127.0.0.1 spyware.com #[roar.com]
127.0.0.1 http://www.ssppyy.com #[Spyware.Ssppyy]
127.0.0.1 http://www.s-tracking.com
127.0.0.1 link.startmake.com
127.0.0.1 adsintl.starwave.com
127.0.0.1 c1.statcounter.com
127.0.0.1 http://www.statcounter.com
127.0.0.1 js.statistici.ro
127.0.0.1 log.statistici.ro
127.0.0.1 s.statistici.ro
127.0.0.1 http://www.statomatic.com
127.0.0.1 reg.stats4all.com
127.0.0.1 stats4you.com
127.0.0.1 http://www.stats4you.com
127.0.0.1 ctgbn.stellaremperor.com #[Backdoor.Alets]
127.0.0.1 http://www.stickypops.com
127.0.0.1 clix.superclix.de
127.0.0.1 http://www.superlogy.com #[AdvWare.ToolBar.VB.b]
127.0.0.1 sqwire.com #[Adware.Sqwire][Xupiter.Sqwire]
127.0.0.1 http://www.sqwire.com #[Parasite.Xupiter][Adware-PornKings]
127.0.0.1 http://www.supaseek.com #[Spyware.Supaseek]
127.0.0.1 rd1.surfernetwork.com #[SurferNETWORK Plugin]
127.0.0.1 http://www.surfernetwork.com
127.0.0.1 www2.surveyfocus.com
127.0.0.1 http://www.surveynetworks.com
127.0.0.1 http://www.surveysite.com
127.0.0.1 www2.survey-poll.com #[microsoft]
127.0.0.1 swift-look.com #[phishing exploit]
127.0.0.1 http://www.symantic.com #[Typo Squatter]
127.0.0.1 adpick.switchboard.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 http://www.syspage.com #[pop-up scam]
127.0.0.1 http://www.sysupdates.com
127.0.0.1 http://www.sysupdates2.com #[TopMoxie]
# T
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 targetsearch.info #[Trojan.StartPage.H]
127.0.0.1 adult.targetsearch.info
127.0.0.1 go.targetsearch.info
127.0.0.1 tat-neftbank.ru #[Backdoor.Berbew.H]
127.0.0.1 http://www.tech-marketresearch.com
127.0.0.1 http://www.textads.biz
127.0.0.1 a.tfag.de
127.0.0.1 ak.tfag.de
127.0.0.1 theaffiliateprogram.com
127.0.0.1 myaffiliateprogram.com
127.0.0.1 http://www.the-counter.net
127.0.0.1 adbot.theonion.com
127.0.0.1 http://www.thepokerclub.com #[SecurityRisk.ClubPoker]
127.0.0.1 thesearchmall.com #[Adware.SearchMall]
127.0.0.1 http://www.thesearchmall.com
127.0.0.1 tnc4u.com #[Parasite.DownloadPlus]
127.0.0.1 new.tnc4u.com
127.0.0.1 http://www.tnc4u.com #[Adware.DownloadPlus]
127.0.0.1 http://www.toilet.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 tooncomics.com #[IEDLL.ToonComics][here4search.com]
127.0.0.1 http://www.tooncomics.com #[Downloader.Tooncom][CWS.Aff.Tooncomics]
127.0.0.1 log.trafic.ro
127.0.0.1 tool4ame.com #[TROJ_GOLID.A][Adware.IAGold]
127.0.0.1 http://www.toolshack.com
127.0.0.1 ads.toplayerserver.com
127.0.0.1 www1.toplayerserver.com
127.0.0.1 http://www.toplayerserver.com
127.0.0.1 topmoxie.com
127.0.0.1 http://www.topmoxie.com #[Etraffic]
127.0.0.1 toprebates.com #[webrebates]
127.0.0.1 http://www.toprebates.com
127.0.0.1 stat.toprefsys.com
127.0.0.1 http://www.top-search.com #[Adware-SSF.dr]
127.0.0.1 ad.topstat.com
127.0.0.1 nl.topstat.com #[Restricted Zone site]
127.0.0.1 s26.topstat.com
127.0.0.1 xl.topstat.com
127.0.0.1 ads.track-star.com
127.0.0.1 adserver.track-star.com
127.0.0.1 geo2.track-star.com
127.0.0.1 http://www.track-star.com
127.0.0.1 tradeexit.com
127.0.0.1 http://www.tradeexit.com #[Parasite.Winupie]
127.0.0.1 http://www.trafficbeamer.nl
127.0.0.1 trafficg.com #[Restricted Zone site]
127.0.0.1 http://www.trafficg.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 images.trafficmp.com
127.0.0.1 t.trafficmp.com
127.0.0.1 http://www.trafficflame.com
127.0.0.1 trafficfile.com
127.0.0.1 http://www.trafficfile.com
127.0.0.1 trackyourstats.com
127.0.0.1 trafficmarketplace.com
127.0.0.1 get.trafficmultiplier.com
127.0.0.1 go.trafficmultiplier.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 a.tribalfusion.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 ads.tucows.com
127.0.0.1 counts.tucows.com
127.0.0.1 google.tucows.com
127.0.0.1 http://www.turbomemorycharger.com #[Adware.Fapi]
# U
127.0.0.1 users.ucmore.com #[Parasite.UCmore]
127.0.0.1 http://www.ucmore.com
127.0.0.1 ads.ucomics.com
127.0.0.1 image.ugo.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 http://www.ukbanners.com
127.0.0.1 http://www.ultimatepopupkiller.com #[Restricted Zone site]
127.0.0.1 ultimatecounter.com
127.0.0.1 http://www.ultimatecounter.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 ads.unlimitedbanners.com
127.0.0.1 ads1.updated.com
127.0.0.1 url.biz.ua #[Download.Ject.B]
127.0.0.1 config.url404.com #[Parasite.Httper]
127.0.0.1 urlblaze.com #[Adware.TurboDownload]
127.0.0.1 http://www.urlblaze.com
127.0.0.1 http://www.urlblaze.net #[IEDriver][ADW_RULEDOR.C]
127.0.0.1 usachoice.net
# V
127.0.0.1 http://www.v5msn.com #[Adware.Livechat]
127.0.0.1 ads.valuead.com #[Restricted Zone site]
127.0.0.1 adnetintads.valuead.com
127.0.0.1 banners.valuead.com
127.0.0.1 cs.valuead.com
127.0.0.1 servedby.valuead.com
127.0.0.1 ad.valuehost.ru
127.0.0.1 image.versiontracker.com
127.0.0.1 spinbox.versiontracker.com
127.0.0.1 vesbiz.biz #[TROJ_DELF.DS]
127.0.0.1 http://www.vesbiz.biz
127.0.0.1 ads.vesperexchange.com
127.0.0.1 http://www.vesperexchange.com
127.0.0.1 cinnam.vibrahost.com #[PWSteal.Revcuss.C][Win32.Revcuss.C]
127.0.0.1 vivi.vibrahost.com #[PWSteal.Revcuss.A]
127.0.0.1 dns2010.vicp.net #[Backdoor.Tumag]
127.0.0.1 uygurman.vicp.net #[Trojan.Riler][Troj/Riler-B]
127.0.0.1 oas.villagevoice.com
127.0.0.1 http://www.vikord.com #[Download.Ject.C]
127.0.0.1 visit-link.com
127.0.0.1 http://www.voonda.com #[Spyware.TAFbar]
127.0.0.1 generic.vpptechnologies.com
127.0.0.1 images2.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 http://www.vstats.net
127.0.0.1 ads.vnuemedia.com
127.0.0.1 sevenc.vze.com #[VBS.Powcox@mm]
# W
127.0.0.1 http://www.w3exit.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 wazam.com
127.0.0.1 http://www.wazam.com #[Parasite.Wazam]
127.0.0.1 wcft.net #[Parasite.LinkReplacer]
127.0.0.1 http://www.wcft.net
127.0.0.1 ads.weather.com
127.0.0.1 ads.webattack.com
127.0.0.1 webcounter.com
127.0.0.1 http://www.webcounter.com
127.0.0.1 http://www.weblink.ru
127.0.0.1 adv.webmd.com
127.0.0.1 webhits.de
127.0.0.1 banners.webmasterplan.com
127.0.0.1 stat.webmedia.pl
127.0.0.1 bannervip.web1000.com
127.0.0.1 ads.webads360.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 orders.webpower.com
127.0.0.1 img.webring.com
127.0.0.1 img1.webring.com
127.0.0.1 ads.webshots.com
127.0.0.1 websponsors.com
127.0.0.1 a.websponsors.com
127.0.0.1 ads.websponsors.com
127.0.0.1 g.websponsors.com
127.0.0.1 http://www.websponsors.com
127.0.0.1 http://www.webstars2000.com
127.0.0.1 hits.webstat.com
127.0.0.1 http://www.wenksdisdkjeilsow.com #[Parasite.AutoStartup][Download.Trojan]
127.0.0.1 wetrack.it
127.0.0.1 st.wetrack.it
127.0.0.1 partner1.whatsfind.com
127.0.0.1 http://www.whatsfind.com #[HTML_STARTPAGE.C]
127.0.0.1 window1.com
127.0.0.1 ads.winhelp2002.com
127.0.0.1 ads.winsite.com
127.0.0.1 winstream.com #[Parasite.Searchex]
127.0.0.1 http://www.winstream.com
127.0.0.1 clicktrack.wnu.com
127.0.0.1 http://www.wowweb.net #[Adware.WWWBar]
127.0.0.1 http://www.wurldmedia.com #[Adware.Wurldmedia][WurldMedia][KB321923]
# X
127.0.0.1 x0x.biz
127.0.0.1 http://www.x0x.biz #[Backdoor.Berbew.D]
127.0.0.1 xtra.co.nz
127.0.0.1 nedstats.xs4all.nl
127.0.0.1 hit1.xstats.com
127.0.0.1 view1.xstats.com
127.0.0.1 ads.xtra.co.nz
# Y
127.0.0.1 bs.yandex.ru
127.0.0.1 counter.yadro.ru
127.0.0.1 crsky2004.yeah.net #[Backdoor.Singu.B]
127.0.0.1 yourspecialoffers.com #[FavoriteMan]
127.0.0.1 http://www.yourspecialoffers.com
127.0.0.1 ysearchus.com #[Parasite.TinyBar]
127.0.0.1 http://www.ysearchus.com
# Z
127.0.0.1 zuvio.com #[UCSearch.ucUCSearch]
127.0.0.1 http://www.zuvio.com #[Adware.OpenSite][OpenSite]
127.0.0.1 bannerads.zwire.com
# [Misc]
127.0.0.1 http://www.0stats.com
127.0.0.1 http://www.123counts.com #[hitslink.com]
127.0.0.1 http://www.123mania.com #[SrchHook Class][Parasite.123Mania]
127.0.0.1 123stat.com
127.0.0.1 1234.2bro.com #[Adware.Satbo]
127.0.0.1 http://www.241hits.com
127.0.0.1 up.isp.2ch.net #[Trojan.Upchan]
127.0.0.1 http://www.321search.com #[SearchAssistant.dll]
127.0.0.1 ct.360i.com
127.0.0.1 http://www.ff.iij4u.or.jp #[Trojan.Upchan]
127.0.0.1 download.35mb.com #[impregnable.net]
127.0.0.1 http://www.35mb.com #[download_35mb_com.applet]
127.0.0.1 1000stars.ru
127.0.0.1 xxxwwwjjjhd.20forfree.com #[W32.Autex.Worm]
127.0.0.1 http://www.xxxwwwjjjhd.20forfree.com
127.0.0.1 ad.37.com
127.0.0.1 2jm.com
127.0.0.1 7adpower.com
127.0.0.1 http://www.7adpower.com #[Svezia.Dialer][VacPro.UserControl1]
127.0.0.1 7am.com
127.0.0.1 http://www.777search.com #[LOP]
127.0.0.1 ad2.163.com
127.0.0.1 adclient.163.com
127.0.0.1 popme.163.com
127.0.0.1 smtp.163.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 ajim.delphibbs.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 14713804A.l2m.net #[LiveTechnology]
127.0.0.1 banner.50megs.com
127.0.0.1 guannan.3322.net #[Restricted Zone site]
127.0.0.1 http://www.fan8.com
127.0.0.1 banners.dot.tk
127.0.0.1 topsites.us #[Parasite.eStart]
127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
# [123Banners][123Greetings.com][TROJ_NALDEM.A][Trojan.Naldem]
127.0.0.1 http://www.123banners.com
127.0.0.1 ftp.123banners.com
127.0.0.1 123go.com
127.0.0.1 ns1.123go.net
# [180solutions][Adware.Ncase][KB317714]
127.0.0.1 n-case.com
127.0.0.1 http://www.n-case.com
127.0.0.1 180solutions.com #[KB320162][NCase]
127.0.0.1 ads.180solutions.com
127.0.0.1 ax.180solutions.com #[180SAInstaller Class]
127.0.0.1 bis.180solutions.com #[nCaseInstaller Class]
127.0.0.1 bisads.180solutions.com
127.0.0.1 downloads.180solutions.com
127.0.0.1 installs.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 tv.180solutions.com
127.0.0.1 http://www.180solutions.com #[Parasite.nCase]
127.0.0.1 http://www.180searchassistant.com #[Adware.180Search]
127.0.0.1 http://www.surfassistant.com #[Adware.SurfAssistant]
127.0.0.1 downloads.zango.com
127.0.0.1 games.zango.com
127.0.0.1 infinity.zango.com #[ZangoInstaller Class]
127.0.0.1 messenger.zango.com
127.0.0.1 showtimes.zango.com
127.0.0.1 http://www.zango.com
127.0.0.1 http://www.zangomessenger.com
127.0.0.1 http://www.zangoshowtimes.com
# [3721.COM][Parasite.CnsMin][Adware.Wengs]
127.0.0.1 address.3721.com
127.0.0.1 agent.3721.com
127.0.0.1 assistant.3721.com
127.0.0.1 cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 corp.3721.com
127.0.0.1 dir.3721.com
127.0.0.1 download.3721.com
127.0.0.1 express.3721.com
127.0.0.1 img.3721.com
127.0.0.1 magic.3721.com
127.0.0.1 mark.3721.com
127.0.0.1 meta.3721.com
127.0.0.1 msearch.3721.com
127.0.0.1 sbox.3721.com
127.0.0.1 shanghai.3721.com
127.0.0.1 sina.3721.com
127.0.0.1 user.3721.com
127.0.0.1 wap.3721.com
127.0.0.1 http://www.3721.com #[Adware.Chinet]
127.0.0.1 yahoo.3721.com
127.0.0.1 3721.com
127.0.0.1 download.feiyang.com
# [411 Web Directory]
127.0.0.1 adtracker.411web.com
127.0.0.1 hits.411web.com
127.0.0.1 overture.411web.com
127.0.0.1 static.411web.com
127.0.0.1 xml.411web.com
127.0.0.1 search.letssearch.com
127.0.0.1 search2.letssearch.com
127.0.0.1 http://www.letssearch.com #[BrowserAid.LetsSearch]
# [7Search.com Networks][EMERgency 24, Inc][Track.SevenSearch]
127.0.0.1 7search.com #[Parasite.7FaSSt Search]
127.0.0.1 http://www.7search.com
127.0.0.1 fstrack.7search.com
127.0.0.1 impression.7search.com
127.0.0.1 img.7meta.com
127.0.0.1 http://www.7metasearch.com
127.0.0.1 bannerx.adtactics.com
127.0.0.1 adtactics.com
127.0.0.1 http://www.adtactics.com
127.0.0.1 ajokeaday.com
127.0.0.1 bannersxchange.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 http://www.linkstoyou.com
127.0.0.1 http://www.payperranking.com
127.0.0.1 http://www.pay-per-search.com
127.0.0.1 paypertext.com
127.0.0.1 predictivesearch.com
127.0.0.1 tracking.roispy.com
127.0.0.1 http://www.roispy.com
127.0.0.1 tracking.spiderbait.com
127.0.0.1 http://www.spiderbait.com
127.0.0.1 advertisingagent.com
# [About.com]
127.0.0.1 clicks.about.com
127.0.0.1 f.about.com
127.0.0.1 home.about.com
127.0.0.1 js.get.about.com
127.0.0.1 images.about.com
127.0.0.1 lunafetch.about.com
127.0.0.1 pixel3.about.com
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 statistics.s5.com
127.0.0.1 ad.aboutwebservices.com
# [Abroad Software SRL]
127.0.0.1 abroadsoftware.com #[EzSearchBar]
127.0.0.1 allsubtitles.exits.ro
127.0.0.1 best.exits.ro
127.0.0.1 books.exits.ro
127.0.0.1 http://www.exits.ro
# [Accipiter Solutions][Restricted Zone site]
127.0.0.1 adops.adbureau.net
127.0.0.1 etype.adbureau.net
127.0.0.1 http://www.adbureau.net
127.0.0.1 accipiter.speedera.net
# [AD-BLASTER.COM][Restricted Zone site]
127.0.0.1 ad-blaster.com
127.0.0.1 http://www.ad-blaster.com
127.0.0.1 promote4profit.com
127.0.0.1 http://www.promote4profit.com
# [ADDFREESTATS][3DSTATS][Tracking Service][Restricted Zone site]
127.0.0.1 addfreestats.com
127.0.0.1 top.addfreestats.com
127.0.0.1 http://www.addfreestats.com
127.0.0.1 http://www.3dstats.com
127.0.0.1 www1.addfreestats.com
127.0.0.1 www2.addfreestats.com
127.0.0.1 www3.addfreestats.com
# [Adlogix Media Group]
127.0.0.1 adlogix.com #[InPop.InControl][IEEnhancer]
127.0.0.1 lasagne.adlogix.com
127.0.0.1 publisher.adlogix.com
127.0.0.1 traffic.adlogix.com
127.0.0.1 trafficsource.adlogix.com
127.0.0.1 http://www.adlogix.com
127.0.0.1 getpopped.com
127.0.0.1 http://www.getpopped.com
127.0.0.1 hitgo.com #[IPU][InPop.InControl]
127.0.0.1 http://www.hitgo.com
127.0.0.1 popmonster.com #[IEFeature Class]
127.0.0.1 http://www.popmonster.com #[TROJ_POPMON.A]
127.0.0.1 r2.trafficserverstats.com
# [AdOrigin Corp][Restricted Zone site]
127.0.0.1 ads.adorigin.com
127.0.0.1 dev.adorigin.com
127.0.0.1 http://www.adorigin.com
127.0.0.1 blowsearch.com
127.0.0.1 msxml.blowsearch.com
127.0.0.1 web.blowsearch.com #[infospace.com]
127.0.0.1 http://www.blowsearch.com
# [Adteractive]
127.0.0.1 cb.adprofile.net
127.0.0.1 content.adprofile.net
127.0.0.1 tx.adprofile.net
127.0.0.1 w2-ver.adprofile.net
127.0.0.1 adteractive.com
127.0.0.1 http://www.adteractive.com
# [Adtegrity.com, Inc]
127.0.0.1 adtegrity.com
127.0.0.1 http://www.adtegrity.com
127.0.0.1 webalize.com #[SearchCentrix][VisiCom.SearchCentric]
127.0.0.1 toolbar.webalize.com #[downloads.searchcentrix.com]
127.0.0.1 http://www.webalize.com #[Visicom Media Toolbar]
127.0.0.1 webalize.net
127.0.0.1 http://www.webalize.net
127.0.0.1 webalize.mygeek.com
# [Advertisement Banners.com][Restricted Zone site]
127.0.0.1 advertisementbanners.com
127.0.0.1 ads.specificclick.com
127.0.0.1 http://www.specificclick.com
127.0.0.1 specificpop.com
127.0.0.1 ads.specificpop.com
127.0.0.1 banners.specificpop.com
127.0.0.1 http://www.specificpop.com
127.0.0.1 adopt.specificclick.net
127.0.0.1 images.specificclick.net
# [AJRotator][Tracking Service][Restricted Zone site]
127.0.0.1 image.adjuggler.com
127.0.0.1 rotator.adjuggler.com
127.0.0.1 http://www.adjuggler.com
127.0.0.1 thruport.com
127.0.0.1 adj54.thruport.com
127.0.0.1 imageserver1.thruport.com
127.0.0.1 http://www.thruport.com
# [Alset Inc][Adware.HelpExpress]
127.0.0.1 alset.com #[WIN32/HXDL AL]
127.0.0.1 http://www.alset.com
127.0.0.1 aveo.com
127.0.0.1 http://www.aveo.com
# [Asher Nahmias]
127.0.0.1 allcybersearch.com #[REG_STARTPAGE.A]
127.0.0.1 http://www.allcybersearch.com
127.0.0.1 amigeek.com
127.0.0.1 http://www.amigeek.com
127.0.0.1 clickyestoenter.net
127.0.0.1 http://www.clickyestoenter.net
127.0.0.1 http://www.gay50.com
127.0.0.1 gocybersearch.com
127.0.0.1 http://www.gocybersearch.com
127.0.0.1 http://www.hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 search.hotpopup.com
127.0.0.1 http://www.hotpopup.com
127.0.0.1 hotsearchbox.com #[JAVA_STARTPAGE.F]
127.0.0.1 http://www.hotsearchbox.com
127.0.0.1 i--search.com
127.0.0.1 http://www.i--search.com
127.0.0.1 jethomepage.com #[JS.Exception.Exploit]
127.0.0.1 http://www.jethomepage.com #[Troj/JetHome-B]
127.0.0.1 jetseeker.com #[CWS.Bootconf]
127.0.0.1 http://www.jetseeker.com
127.0.0.1 searchxl.com #[Adware.ZeroPopUpBar]
127.0.0.1 http://www.searchxl.com
127.0.0.1 tinybar.com
127.0.0.1 http://www.tinybar.com #[Parasite.TinyBar]
127.0.0.1 topsearcher.com #[JV/Goplanet]
127.0.0.1 http://www.topsearcher.com #[Troj/JetHome-J]
127.0.0.1 trixscripts.com
127.0.0.1 http://www.trixscripts.com
127.0.0.1 zeropopup.com #[Parasite.ZeroPopUp]
127.0.0.1 http://www.zeropopup.com #[Tellafriend.Trojan]
127.0.0.1 znext.com #[JS_TRAFFICHBAR.A][Parasite.TinyBar]
127.0.0.1 http://www.znext.com #[Parasite.ZeroPopUp][App/P0P-A]
# [Adpowerzone.com][Parasite.Pugi]
127.0.0.1 adpowerzone.com #[SearchExplorerBar]
127.0.0.1 ads.adpowerzone.com
127.0.0.1 easy.adpowerzone.com
127.0.0.1 tb.adpowerzone.com
127.0.0.1 tb-static.adpowerzone.com #[Adware.Websearch]
127.0.0.1 http://www.adpowerzone.com #[Adware.Searchexplorer]
# [AdsInContext][Adgoblin/Adsincontext]
127.0.0.1 adserver.adsincontext.com
127.0.0.1 ns1.adsincontext.com
127.0.0.1 srv01.adsincontext.com
127.0.0.1 srv02.adsincontext.com
127.0.0.1 srv03.adsincontext.com
127.0.0.1 srv04.adsincontext.com
127.0.0.1 srv05.adsincontext.com
127.0.0.1 srv07.adsincontext.com
127.0.0.1 adgoblin.com #[Adware.AdGoblin]
127.0.0.1 crossroad.adgoblin.com
127.0.0.1 http://www.adgoblin.com #[AdGoblin.foontext]
# [AD TECH AG][Adtech.de][Tracking Service][Restricted Zone site]
127.0.0.1 adforce.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adserv003.adtech.de
127.0.0.1 imageserv.adtech.de
127.0.0.1 livingnet.adtech.de
# [Advertising.com][Tracking Service]
127.0.0.1 cdn1.adsdk.com
127.0.0.1 cdn2.adsdk.com #[VirtualBouncer]
127.0.0.1 advertising.com
127.0.0.1 adserve.advertising.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 demo.advertising.com
127.0.0.1 opera1-servedby.advertising.com
127.0.0.1 servedby.advertising.com
127.0.0.1 rd.advertising.com
127.0.0.1 wap.advertising.com
127.0.0.1 http://www.advertising.com
127.0.0.1 clk4.com
127.0.0.1 http://www.clk4.com
127.0.0.1 http://www.contextualclicks.com
127.0.0.1 fastseeker.com #[Adware.FastSeek]
127.0.0.1 http://www.fastseeker.com
127.0.0.1 spyblast.com #[Parasite.SpyBlast]
127.0.0.1 http://www.spyblast.com #[SBFullInst Control]
# [Affiliation Networks][Tracking Service]
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 t.ign.com
127.0.0.1 tracker.ign.com
127.0.0.1 adserver.snowball.com
127.0.0.1 polls.snowball.com
127.0.0.1 scripts.snowball.com
127.0.0.1 t.snowball.com
127.0.0.1 tracker.snowball.com
# [Altnet][Adware.BDE][Adware.Topsearch]
127.0.0.1 altnet.com
127.0.0.1 file.altnet.com
127.0.0.1 media.altnet.com
127.0.0.1 ts.altnet.com
127.0.0.1 tss.altnet.com
127.0.0.1 pm.altnet.com
127.0.0.1 http://www.altnet.com
127.0.0.1 http://www.altnetp2p.com
127.0.0.1 brilliantdigital.com #[Parasite.BDE]
127.0.0.1 st.brilliantdigital.com
127.0.0.1 http://www.brilliantdigital.com
127.0.0.1 b3d.com
127.0.0.1 http://www.b3d.com
127.0.0.1 bde3d.com
# [Applied Technologies Internet][Tracking Service][Restricted Zone site]
127.0.0.1 xiti.com
127.0.0.1 loga.xiti.com
127.0.0.1 logc13.xiti.com
127.0.0.1 logi6.xiti.com
127.0.0.1 logi7.xiti.com
127.0.0.1 logv3.xiti.com
127.0.0.1 logv18.xiti.com
127.0.0.1 logv20.xiti.com
127.0.0.1 logp.xiti.com
127.0.0.1 trafic.xiti.com
127.0.0.1 http://www.xiti.com
# [Apropos AdIntelligence][PeopleOnPage][ADW_POPBAR.A]
127.0.0.1 adintelligence.net
127.0.0.1 acc.adintelligence.net
127.0.0.1 adchannel.adintelligence.net
127.0.0.1 creatives.adintelligence.net
127.0.0.1 download.adintelligence.net #[SysAI]
127.0.0.1 http://www.adintelligence.net
127.0.0.1 adchannel.contextplus.net #[Parasite.AproposMedia]
127.0.0.1 http://www.contextplus.net
127.0.0.1 http://www.contextplus.com
127.0.0.1 adv.peopleonpage.com
127.0.0.1 app.peopleonpage.com
127.0.0.1 download.peopleonpage.com #[POP Loader]
127.0.0.1 envolo.peopleonpage.com
127.0.0.1 img.peopleonpage.com
127.0.0.1 srv.peopleonpage.com
127.0.0.1 http://www.peopleonpage.com #[Apropos.bho][PeopleOnPage.Apropos]
# [aQuantive Inc][Avenue A][Restricted Zone site]
127.0.0.1 image.avenuea.com
127.0.0.1 http://www.avenuea.com
127.0.0.1 http://www.atdmt.com
127.0.0.1 click.atdmt.com
127.0.0.1 clk.atdmt.com
127.0.0.1 spd.atdmt.com
127.0.0.1 spe.atdmt.com
127.0.0.1 switch.atdmt.com
127.0.0.1 view.atdmt.com
127.0.0.1 atlasdmt.com
127.0.0.1 http://www.atlasdmt.com
127.0.0.1 http://www.avenueainc.com
# [Avenue Media]
127.0.0.1 active-alert-server.com
127.0.0.1 http://www.active-alert-server.com
127.0.0.1 amnv.net
127.0.0.1 http://www.amnv.net
127.0.0.1 avenuemedia.com
127.0.0.1 http://www.avenuemedia.com
127.0.0.1 climaxbucks.com #[ClimaxBucks.InternetOptimizer]
127.0.0.1 cdn.climaxbucks.com
127.0.0.1 mt1.climaxbucks.com
127.0.0.1 mt23.climaxbucks.com
127.0.0.1 xbs.climaxbucks.com
127.0.0.1 http://www.climaxbucks.com
127.0.0.1 xbs.cocktailcash.com
127.0.0.1 cocktailcash.com
127.0.0.1 http://www.cocktailcash.com
127.0.0.1 ads.internet-optimizer.com #[Parasite.Internet Optimizer]
127.0.0.1 internet-optimizer.com #[Downloader.Dyfcia.F]
127.0.0.1 help.internet-optimizer.com
127.0.0.1 http://www.internet-optimizer.com #[Adware.NetOptimizer]
127.0.0.1 http://www.lunasearch.com
127.0.0.1 movies-etc.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 http://www.movies-etc.com
127.0.0.1 yoogee.com #[Parasite.Internet Optimizer]
127.0.0.1 http://www.yoogee.com
# [Azoogle.com INC]
127.0.0.1 c.azjmp.com
127.0.0.1 images.azoogleads.com
127.0.0.1 http://www.azoogleads.com
127.0.0.1 http://www.giftfox.com
127.0.0.1 images.imgehost.com
127.0.0.1 c.qckjmp.com
# [Aztec Marketing][Adware.ILookup]
127.0.0.1 google.begin2search.com
127.0.0.1 toolbar.begin2search.com
127.0.0.1 http://www.begin2search.com #[Adware.Begin2search][iiittt Class]
127.0.0.1 click2findnow.com
127.0.0.1 http://www.click2findnow.com
# [Actif Oiseau Alerte S.A.]
127.0.0.1 http://www.eaffiliateinc.com
127.0.0.1 http://www.toonxxxfantasies.com
127.0.0.1 worldanywhere.com
127.0.0.1 toolbar.worldanywhere.com
127.0.0.1 http://www.worldanywhere.com
# [Bell Globemedia Interactive Inc]
127.0.0.1 adcounter.theglobeandmail.com
127.0.0.1 adrates.theglobeandmail.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads1.theglobeandmail.com
127.0.0.1 visit.theglobeandmail.com
127.0.0.1 www1.theglobeandmail.com
# [BLOKE.COM][Restricted Zone site]
127.0.0.1 adbot.com
127.0.0.1 w1.adbot.com
127.0.0.1 http://www.adbot.com
127.0.0.1 counter.bloke.com
127.0.0.1 www1.counter.bloke.com
127.0.0.1 www3.counter.bloke.com
127.0.0.1 www4.counter.bloke.com
127.0.0.1 www5.counter.bloke.com
127.0.0.1 www6.counter.bloke.com
127.0.0.1 www7.counter.bloke.com
127.0.0.1 counterbot.com
127.0.0.1 cb1.counterbot.com
# [Bluestreak][Tracking Service][Restricted Zone site]
127.0.0.1 ak.bluestreak.com
127.0.0.1 ca1.bluestreak.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 http://www.bluestreak.com
# [BONZI][Adware.Bonzi]
127.0.0.1 download.bonzi.com
127.0.0.1 images.bonzi.com
127.0.0.1 http://www.bonzi.com
127.0.0.1 http://www.bonzibuddy.com
# [BraveNet][Tracking Service][Restricted Zone site]
127.0.0.1 bravenet.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 images.bravenet.com
127.0.0.1 linktrack.bravenet.com
127.0.0.1 pub1.bravenet.com
127.0.0.1 http://www.bravenet.com
# [BruggeNet][Trojan.Adclicker]
127.0.0.1 belgiandip.com #[ITS Protocol exploit]
127.0.0.1 http://www.belgiandip.com
127.0.0.1 fassia.net #[Parasite.AutoSearch]
127.0.0.1 http://www.fassia.net
127.0.0.1 flipperkeys.com
127.0.0.1 http://www.flipperkeys.com
127.0.0.1 http://www.illtemperedguppys.com
127.0.0.1 manipulatingtheicesurface.com
127.0.0.1 http://www.manipulatingtheicesurface.com
127.0.0.1 http://www.no-beba-el-agua.com
127.0.0.1 smokeandapancake.org #[Adware.Winpup]
127.0.0.1 http://www.smokeandapancake.org #[AdClicker-O][Troj/Psyme-C]
127.0.0.1 http://www.undergroundlair.net #[Troj/AdClick-N]
127.0.0.1 www2.undergroundlair.net
127.0.0.1 http://www.00z70az77mnsa-00swj1zzprh.com #[www2.undergroundlair.net]
127.0.0.1 http://www.funcionamiento-con-la-tijera.com #[undergroundlair.net]
127.0.0.1 http://www.pshnw6510990nmo-34nue7700.net
# [BurstMedia][Tracking Service][Restricted Zone site]
127.0.0.1 burstmedia.com
127.0.0.1 web.burstmedia.com
127.0.0.1 roscoe.burstmedia.com
127.0.0.1 ads.burstnet.com
127.0.0.1 gifs.burstnet.com
127.0.0.1 sj.burstnet.com
127.0.0.1 te.burstnet.com
127.0.0.1 http://www.burstnet.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www3.burstnet.com
127.0.0.1 www4.burstnet.com
127.0.0.1 www5.burstnet.com
127.0.0.1 www6.burstnet.com
127.0.0.1 http://www.burstnet.akadns.net
# [Casale Media]
127.0.0.1 casalemedia.com
127.0.0.1 as.casalemedia.com
127.0.0.1 asg01.casalemedia.com
127.0.0.1 asg02.casalemedia.com
127.0.0.1 asg03.casalemedia.com
127.0.0.1 asg04.casalemedia.com
127.0.0.1 asg05.casalemedia.com
127.0.0.1 asg06.casalemedia.com
127.0.0.1 asg07.casalemedia.com
127.0.0.1 asg08.casalemedia.com
127.0.0.1 asg09.casalemedia.com
127.0.0.1 asg10.casalemedia.com
127.0.0.1 asg11.casalemedia.com
127.0.0.1 asg12.casalemedia.com
127.0.0.1 asg13.casalemedia.com
127.0.0.1 aslg01.casalemedia.com
127.0.0.1 aslg02.casalemedia.com
127.0.0.1 aslg03.casalemedia.com
127.0.0.1 aslg04.casalemedia.com
127.0.0.1 aslg05.casalemedia.com
127.0.0.1 aslg06.casalemedia.com
127.0.0.1 aslg07.casalemedia.com
127.0.0.1 aslg08.casalemedia.com
127.0.0.1 aslg09.casalemedia.com
127.0.0.1 aslg10.casalemedia.com
127.0.0.1 c.casalemedia.com
127.0.0.1 i.casalemedia.com
127.0.0.1 is.casalemedia.com
127.0.0.1 isg01.casalemedia.com
127.0.0.1 isg02.casalemedia.com
127.0.0.1 isg03.casalemedia.com
127.0.0.1 isg04.casalemedia.com
127.0.0.1 isg05.casalemedia.com
127.0.0.1 isg06.casalemedia.com
127.0.0.1 isg07.casalemedia.com
127.0.0.1 isg08.casalemedia.com
127.0.0.1 isg09.casalemedia.com
127.0.0.1 isg10.casalemedia.com
127.0.0.1 r.casalemedia.com
127.0.0.1 http://www.casalemedia.com
127.0.0.1 http://www.noadwarenow.com
127.0.0.1 http://www.spywarestormer.com #[CInstall Class]
# [c2 Media Ltd][Download.Adware.Lop][C2.lop]
127.0.0.1 active-max.com
127.0.0.1 search.active-max.com
127.0.0.1 http://www.active-max.com
127.0.0.1 allaboutsearching.com
127.0.0.1 http://www.allaboutsearching.com
127.0.0.1 amazingautossearch.com
127.0.0.1 http://www.amazingautossearch.com
127.0.0.1 contexualsearch.com
127.0.0.1 http://www.contexualsearch.com
127.0.0.1 http://www.dialup2.com
127.0.0.1 ecpm.com
127.0.0.1 http://www.ecpm.com
127.0.0.1 find-quick.com
127.0.0.1 http://www.find-quick.com
127.0.0.1 look-today.com
127.0.0.1 http://www.look-today.com
127.0.0.1 maxexp.com
127.0.0.1 http://www.mp3search.com
127.0.0.1 mysearchnow.com
127.0.0.1 search200.com
127.0.0.1 http://www.search200.com
127.0.0.1 search.mysearchnow.com
127.0.0.1 http://www.mysearchnow.com
127.0.0.1 netsearchsoft.com
127.0.0.1 http://www.netsearchsoft.com
127.0.0.1 omegasearch.com
127.0.0.1 http://www.omegasearch.com
127.0.0.1 prosearching.com
127.0.0.1 http://www.prosearching.com
127.0.0.1 http://www.rub.to
127.0.0.1 sbvr.com
127.0.0.1 http://www.sbvr.com
127.0.0.1 searchexe.com
127.0.0.1 http://www.searchexe.com
127.0.0.1 searchweb2.com
127.0.0.1 http://www.searchweb2.com
127.0.0.1 spawnet.com
127.0.0.1 http://www.spawnet.com
127.0.0.1 tdmy.com #[TrojanDownloader.Win32.Swizzor.h]
127.0.0.1 tefs.com
127.0.0.1 tfil.com
127.0.0.1 http://www.tfil.com
127.0.0.1 tdko.com
127.0.0.1 http://www.tdko.com
127.0.0.1 wfix.com #[super-spider.com]
127.0.0.1 installdollars.com #[affiliate]
# [Cyril Paciullo][Messenger Plus!][C2Media\LOP affiliate]
127.0.0.1 download.msgplus.net
127.0.0.1 files.msgplus.net
127.0.0.1 plugins.msgplus.net
127.0.0.1 http://www.msgplus.net
127.0.0.1 http://www.msgpluszone.com
127.0.0.1 http://www.patchou.com
# [CA Web Designs][Tracking Service][Restricted Zone site]
127.0.0.1 clickxchange.com
127.0.0.1 caweb1.clickxchange.com
127.0.0.1 caweb2.clickxchange.com
127.0.0.1 http://www.clickxchange.com
# [CDT Inc][NetVision][Adware.CDT][Parasite.ISTbar]
127.0.0.1 public.americandaytrading.com
127.0.0.1 blazefind.com #[IE SearchBar]
127.0.0.1 omniscient.blazefind.com #[TROJ_BLAZEFIND.A]
127.0.0.1 xml.blazefind.com
127.0.0.1 http://www.blazefind.com #[Adware.BlazeFind]
127.0.0.1 cdtnet.net
127.0.0.1 anne.cdtnet.net
127.0.0.1 caroline.cdtnet.net
127.0.0.1 flingstone.com #[TROJ_WINFAVS.A]
127.0.0.1 redirect.flingstone.com
127.0.0.1 static.flingstone.com #[brdg Class]
127.0.0.1 http://www.flingstone.com #[Adware.WinFavorites.B]
127.0.0.1 www2.flingstone.com #[brdg Class][Win32/Bryss.Spy.Trojan]
127.0.0.1 homepagecash.com
127.0.0.1 http://www.homepagecash.com
127.0.0.1 loudcash.com
127.0.0.1 partners.loudcash.com
127.0.0.1 http://www.loudcash.com
127.0.0.1 searchbarcash.com
127.0.0.1 public.searchbarcash.com #[WinFavorites][DownloadUL Class]
127.0.0.1 http://www.searchbarcash.com #[Parasite.TinyBar]
127.0.0.1 searchbrowser.com
127.0.0.1 findwhatevernow.searchbrowser.com
127.0.0.1 skoobidoo.com
127.0.0.1 http://www.skoobidoo.com
127.0.0.1 www2.skoobidoo.com #[Downloader.MSCache]
127.0.0.1 public.windupdates.com #[Windows SyncroAd]
127.0.0.1 http://www.windupdates.com #[AdvWare.WinAD]
127.0.0.1 counterstrike.server.us #[Downloader.CDT]
# [CJB Management][Backdoor.Ptsnoop]
127.0.0.1 bannerexchange.cjb.net
127.0.0.1 coder3862004.cjb.net #[Trojan.Bansap]
127.0.0.1 pop.mircx.com #[Trojan.Bansap]
127.0.0.1 searchwww.com
127.0.0.1 search.searchwww.com #[Parasite.SearchWWW]
127.0.0.1 vbs.searchwww.com
127.0.0.1 http://www.searchwww.com
# [Click Enterprises]
127.0.0.1 dafinder.com
127.0.0.1 www2.dafinder.com
127.0.0.1 www3.dafinder.com
127.0.0.1 adult.getmoviesonline.com
127.0.0.1 http://www.getmoviesonline.com
127.0.0.1 ourlinklist.com
127.0.0.1 searchaccurate.com #[Parasite.TinyBar]
127.0.0.1 http://www.searchaccurate.com
# [CNN\Time Warner\AOL]
127.0.0.1 ads.web.aol.com
127.0.0.1 affiliate.aol.com
127.0.0.1 aim.aol.com
127.0.0.1 dynamic.aol.com
127.0.0.1 free.aol.com
127.0.0.1 usaol.com
127.0.0.1 ar.atwola.com
127.0.0.1 pr.atwola.com
127.0.0.1 ads.newline.aol.com
127.0.0.1 p.specialoffers.aol.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adremote.timeinc.net
127.0.0.1 aolwpnscom.112.2o7.net
127.0.0.1 aolwpnswhatsnew.112.2o7.net
# [CNET.COM][Ad Servers]
127.0.0.1 adimg.cnet.com
127.0.0.1 remotead-internal.cnet.com
127.0.0.1 remotead.cnet.com
127.0.0.1 ads.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adlog.com.com
# [Commission Junction][Tracking Service][Restricted Zone site]
127.0.0.1 cj.com
127.0.0.1 http://www.cj.com
127.0.0.1 http://www.commission-junction.com
127.0.0.1 qksrv.com
127.0.0.1 http://www.qksrv.net
127.0.0.1 http://www.qksz.net
# [Comodo Research Labs][Restricted Zone site]
127.0.0.1 secure.comodo.net
127.0.0.1 http://www.comodo.net #[certificate issuer]
127.0.0.1 http://www.instantssl.com
127.0.0.1 trusttoolbar.com
127.0.0.1 http://www.trusttoolbar.com
# [CommonName Limited][Adware.CommonName][Parasite.CommonName]
127.0.0.1 commonname.com
127.0.0.1 http://www.commonname.com
127.0.0.1 commonnames.com
127.0.0.1 http://www.commonnames.com
127.0.0.1 xpsn.com
127.0.0.1 http://www.xpsn.com
# [Coolsavings, Inc][Conducent TimeSink]
127.0.0.1 mn104.coolsavings.com
127.0.0.1 www101.coolsavings.com
127.0.0.1 www102.coolsavings.com
127.0.0.1 www105.coolsavings.com
127.0.0.1 www108.coolsavings.com
127.0.0.1 www109.coolsavings.com
127.0.0.1 www112.coolsavings.com #[CMV5 Class]
127.0.0.1 www113.coolsavings.com
# [InterWeb Solutions][Restricted Zone site]
# [Major Affiliates]
127.0.0.1 1-se.com #[CWS.Aboutblank][W32.Tuoba.Trojan]
127.0.0.1 http://www.1-se.com #[VBS.Startpage.C]
127.0.0.1 1stpagehere.com
127.0.0.1 http://www.1stpagehere.com
127.0.0.1 http://www.31234.com #[CWS.Msconfig]
127.0.0.1 4-counter.com #[CWS.Winproc32][icanfindit.net]
127.0.0.1 a-search.biz
127.0.0.1 adasearch.com
127.0.0.1 http://www.adasearch.com
127.0.0.1 adulthyperlinks.com #[Parasite.CoolWebSearch]
127.0.0.1 http://www.adulthyperlinks.com
127.0.0.1 acc.count-all.com #[CWS.Tapicfg]
127.0.0.1 aifind.info #[CWS.Xmlmimefilter][Trojan.Bookmarker.B,F]
127.0.0.1 allhyperlinks.com #[CWS.DNSRelay]
127.0.0.1 http://www.allhyperlinks.com #[CWS.OSLogo][CWS.Oemsyspnp]
127.0.0.1 alfa-search.com #[CWS.Alfasearch]
127.0.0.1 http://www.alfa-search.com
127.0.0.1 allneedsearch.com #[TROJ_STARTPAGE.B][find-itnow.com]
127.0.0.1 approvedlinks.com #[super-spider.com]
127.0.0.1 best-search.info #[CWS.Smartfinder.2]
127.0.0.1 http://www.clearsearch.net
127.0.0.1 http://www.coolfreehost.com
127.0.0.1 coolsearch.biz #[Trojan.Win32.StartPage.po]
127.0.0.1 http://www.coolsearch.biz
127.0.0.1 http://www.crooder.com
127.0.0.1 defaultsearching.com #[CWS.Sounddrv][searchmeup.com]
127.0.0.1 drusearch.com #[Download.Ject.B]
127.0.0.1 easy-search.biz #[Adware.EasySearch]
127.0.0.1 http://www.e-finder.cc #[CW
mrclean575
Active Member
 
Posts: 9
Joined: February 1st, 2006, 10:10 pm

Unread postby Rogue » February 8th, 2006, 12:08 am

Hi mrclean575

Sorry for the delay in responding.

Been relying on my windows firewall, have now installed Kerio.

This is from your previous post. With windows firewall you were never prompted. Since Kerio monitors traffic both ways you will see notifications. To become more familiar with this application you may want to visit Kerio’s manual http://www.kerio.com/manual/kpf/en/index.html for configuration settings and information.

Generic Host Process for Win32 Processes keep accessing internet.

Generic Host Process for Win32 Processes is another name for svchost.
A process used by Windows XP to allow services to run and link with other applications like DNS Client, Windows Time, Windows Updates, RPC/NetBIOS and other services use the svchost.exe.
Ask Leo has a good article here
Yes some malware can activate Generic Host Process. I’ll have you check those in a moment.
WinPatrol notified me that a file C:/windows/system32/drivers/etc/hosts was attempting to change a file, I denied it and am copying change it attempted. Also ie keeps attempting to connect to downloads.aaa1screensavers.com

This message as written should show me signs in your HJT Log. If you get another message from WinPatrol please copy it all down and post it in a reply.
FYI C:/windows/system32/drivers/etc/hosts is the location where your hosts are stored.
==========

Download WinPFind from here
Right Click the Zip Folder and Select "Extract All"
Extract it somewhere you will remember like the Desktop
Don t do anything with it yet!
==========

Start, update, immunize, and scan with SpyBot. Delete all it finds.
=========

Now lets see what svchost’s are running.
Click Start on the Windows taskbar, and then click Run.
In the Open box, type CMD, and then press ENTER.
Type Tasklist /SVC, and then press ENTER
An example of what you should see is located here
Copy the PID and the scvhost.exe services and post them in you next post.
An example would be: Svchost.exe 404 RpcSs
==========

Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
==========

Doubleclick WinPFind.exe
Click "Start Scan"
It will scan the entire System, so please be patient!
Once the Scan is Complete, go to the WinPFind folder, locate WinPFind.txt
Place those results in the next post!
==========

Reboot back to Normal Mode!
==========

Run an online virus scan called Kapersky from here.

1. Click on "Kapersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kapersky will update the anti-virus database. Let it run.
4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. Once finished, save a log as ".txt" to the desktop. And restart.
========

Post an new HJT Log
Post WinPfind Log
Post Kapersky Log
Post PID and the scvhost.exe services
Note any other problems you are having.

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby mrclean575 » February 10th, 2006, 4:55 pm

If I open Task Manager, click on Performance tab CPU usage is @ 100%. Click on Processes tab, double click CPU column it shows svchost.exe at 90-98%. When I try to view the list of services that are running in Svchost, and I type Tasklist /SVC, and then press ENTER. I get a response of: 'Tasklist' is not recognized as an internal or external command, operable program or batch file.
As far as your other requests, I'll post the results shortly.
mrclean575
Active Member
 
Posts: 9
Joined: February 1st, 2006, 10:10 pm

Logs

Unread postby mrclean575 » February 11th, 2006, 9:36 pm

Logfile of HijackThis v1.99.1
Scan saved at 8:22:51 PM, on 2/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Ken Schram\Desktop\downloads\programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [Sunbelt Kerio Personal Firewall 4 - Service] C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose
O4 - HKCU\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /M "Stylus Photo R200" /EF "HKCU"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Support - {2172C3A7-BB00-4CA4-B4CF-6A7B07CB0072} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.4.64/m ... assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.3.0.46/w ... assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.2.30/p ... assets.cab
O16 - DPF: Showbiz Slots 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/s ... assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/s ... assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.4.4.34/w ... assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.5.28/w ... assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.2.3.39/w ... assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8311113640
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - https://music.msn.com/client/msnmusax2822.cab
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe



WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 9/25/2003 4:20:04 AM 43391 C:\WINDOWS\browser.exe
UPX! 12/21/1999 6:58:02 AM 21312 C:\WINDOWS\choice.exe

Items found in C:\WINDOWS\HOSTS

PECompact2 2/7/2006 2:30:42 PM 17663293 C:\WINDOWS\lpt$vpn.201
qoologic 2/7/2006 2:30:42 PM 17663293 C:\WINDOWS\lpt$vpn.201
SAHAgent 2/7/2006 2:30:42 PM 17663293 C:\WINDOWS\lpt$vpn.201
UPX! 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
FSG! 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
Umonitor 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
qoologic 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
aspack 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
PTech 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
urllogic 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
ad-beh 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
SAHAgent 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
KavSvc 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
abetterinternet.com 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
web-nex 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
ad-w-a-r-e.com 2/9/2006 6:21:22 PM 535314432 C:\WINDOWS\MEMORY.DMP
abetterinternet.com 6/20/2005 6:08:12 PM 8149 C:\WINDOWS\mvmzm.dll
web-nex 6/20/2005 6:08:12 PM 8149 C:\WINDOWS\mvmzm.dll
ad-w-a-r-e.com 6/20/2005 6:08:12 PM 8149 C:\WINDOWS\mvmzm.dll
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 10/18/2005 11:25:20 AM 176709 C:\WINDOWS\tsc.exe
PECompact2 2/7/2006 2:30:42 PM 17663293 C:\WINDOWS\VPTNFILE.201
qoologic 2/7/2006 2:30:42 PM 17663293 C:\WINDOWS\VPTNFILE.201
SAHAgent 2/7/2006 2:30:42 PM 17663293 C:\WINDOWS\VPTNFILE.201
UPX! 11/9/2005 8:04:40 PM 1077328 C:\WINDOWS\vsapi32.dll
aspack 11/9/2005 8:04:40 PM 1077328 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 9/17/2001 4:29:00 PM 726016 C:\WINDOWS\SYSTEM32\beegd10.ocx
PEC2 8/18/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 1/12/2006 11:32:12 AM 543496 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
abetterinternet.com 4/28/2004 8:23:26 PM H 30765 C:\WINDOWS\SYSTEM32\log10.txt
PECompact2 1/4/2006 7:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 1/4/2006 7:46:40 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/18/2001 7:00:00 AM 630784 C:\WINDOWS\SYSTEM32\rasdlg(3).dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
SAHAgent 3/4/2005 10:37:22 PM 6291456 C:\WINDOWS\SYSTEM32\RO5FE7.bac
winsync 8/18/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

qoologic 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194604.backup
PTech 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194604.backup
SAHAgent 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194604.backup
abetterinternet.com 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194604.backup
ad-w-a-r-e.com 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194604.backup
qoologic 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194659.backup
PTech 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194659.backup
SAHAgent 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194659.backup
abetterinternet.com 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194659.backup
ad-w-a-r-e.com 1/29/2006 4:19:34 PM 179080 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20060207-194659.backup
web-nex 2/7/2006 7:47:02 PM R 53751 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak
ad-w-a-r-e.com 2/7/2006 7:47:02 PM R 53751 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.bak

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/11/2006 9:03:38 AM S 2048 C:\WINDOWS\bootstat.dat
1/26/2006 8:03:06 PM H 0 C:\WINDOWS\inf\oem62.inf
1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat
2/11/2006 9:03:28 AM H 8192 C:\WINDOWS\system32\config\default.LOG
2/11/2006 9:03:58 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
2/11/2006 9:03:40 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
2/11/2006 9:04:44 AM H 77824 C:\WINDOWS\system32\config\software.LOG
2/10/2006 6:50:44 PM H 1024 C:\WINDOWS\system32\config\system.LOG
1/26/2006 5:25:14 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
1/19/2006 10:17:06 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3fa81cff-5fa9-48e0-ae4b-d371ac82b07a
1/19/2006 10:17:06 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
2/11/2006 8:12:24 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:44 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Compaq Computer Corporation 3/30/2001 7:32:44 PM 122880 C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/29/2001 2:16:26 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/29/2001 6:06:42 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
11/29/2001 2:16:26 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
11/29/2001 6:06:42 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mkmxmqnq
{1e0a7d6b-4ae2-415c-835a-ef402e5f1609} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VIDEOTRANS
{548773BA-874E-4C02-9DC7-B7A096772C7D} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
IntelliPoint "C:\Program Files\Microsoft IntelliPoint\point32.exe"
WinPatrol C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
Sunbelt Kerio Personal Firewall 4 - Service C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe
SpybotSnD "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoclose

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
1A:Stardock TrayMonitor

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Pctspk 2
PAVSRV 2
GhostStartService 2
ccPwdSvc 3
vsmon 3
NProtectService 2
KodakCCS 3
InCDsrvR 2
Compaq_RBA 2
SAVScan 3
LexBceS 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
item Adobe Gamma Loader

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx
item Kodak EasyShare software
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx
item Kodak EasyShare software

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE
item KODAK Software Updater
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Kodak\KODAKS~1\7288971\Program\KODAKS~1.EXE
item KODAK Software Updater

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MI1933~1\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MI1933~1\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NORTON~1\NORTON~2\SYSDOC32.EXE /startup
item Norton System Doctor
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton System Doctor.lnk
backup C:\WINDOWS\pss\Norton System Doctor.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\NORTON~1\NORTON~2\SYSDOC32.EXE /startup
item Norton System Doctor

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SBC Self Support Tool.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot
item SBC Self Support Tool
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SBC Self Support Tool.lnk
backup C:\WINDOWS\pss\SBC Self Support Tool.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot
item SBC Self Support Tool

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ZoneAlarm Pro.lnk
backup C:\WINDOWS\pss\ZoneAlarm Pro.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
item ZoneAlarm Pro
backup C:\WINDOWS\pss\ZoneAlarm Pro.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe -nopopup
item ZoneAlarm Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Ken Schram^Start Menu^Programs^Startup^Webshots.lnk
location Startup
item Webshots
location Startup
item Webshots

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\43sO33U
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item chkmxs
hkey HKLM
command chkmxs.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item chkmxs
hkey HKLM
command chkmxs.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAS Client
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfgmgr52
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\checkrun
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item elitepbh32
hkey HKLM
command C:\windows\system32\elitepbh32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item elitepbh32
hkey HKLM
command C:\windows\system32\elitepbh32.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Desktop Weather
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item THEWEA~1
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item THEWEA~1
hkey HKCU
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DownloadAccelerator
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DAP
hkey HKLM
command C:\PROGRA~1\DAP\DAP.EXE /STARTUP
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DAP
hkey HKLM
command C:\PROGRA~1\DAP\DAP.EXE /STARTUP
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON Stylus Photo R200 Series
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item E_S4I2H1
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item E_S4I2H1
hkey HKLM
command C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\system32\exp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\system32\exp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GhostStartTrayApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GhostStartTrayApp
hkey HKLM
command C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GhostStartTrayApp
hkey HKLM
command C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPInSightLAN 01
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPClient
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPClient
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IPInSightMonitor 01
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPMon32
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IPMon32
hkey HKLM
command "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KavSvc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item uaupun
hkey HKLM
command C:\WINDOWS\system32\uaupun.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item uaupun
hkey HKLM
command C:\WINDOWS\system32\uaupun.exe reg_run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Kazaa All-In-One
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Kazaa-All-In-One
hkey HKCU
command C:\Program Files\Kazaa All-In-One\Kazaa-All-In-One.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Kazaa-All-In-One
hkey HKCU
command C:\Program Files\Kazaa All-In-One\Kazaa-All-In-One.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyStartUp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Money Startup
hkey HKCU
command c:\Program Files\Microsoft Money\System\Money Startup.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Money Startup
hkey HKCU
command c:\Program Files\Microsoft Money\System\Money Startup.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Motive SmartBridge
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MotiveSB
hkey HKLM
command C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MotiveSB
hkey HKLM
command C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PhotoShow Deluxe Media Manager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mssysmgr
hkey HKCU
command C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mssysmgr
hkey HKCU
command C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\piiserviceOE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item
hkey HKLM
command
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PopUpKiller
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PopUpKiller
hkey HKLM
command C:\Program Files\PopUp Killer\PopUpKiller.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PopUpKiller
hkey HKLM
command C:\Program Files\PopUp Killer\PopUpKiller.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSof1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\system32\PSof1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\system32\PSof1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\regsync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item regsync
hkey HKLM
command C:\WINDOWS\system32\regsync.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item regsync
hkey HKLM
command C:\WINDOWS\system32\regsync.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SAITEKAUTOCONFIGURE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SaiCnfig
hkey HKLM
command C:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe /autorun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SaiCnfig
hkey HKLM
command C:\Program Files\Saitek\Saitek Gaming Extensions\SaiCnfig.exe /autorun
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WildTangent CDA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0500
hkey HKLM
command "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cdaEngine0500
hkey HKLM
command "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 2
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
FileName0 C:\WINDOWS\System32\RSACi.rat
Key [k©üðfCmM-îS‹Ã®Œ
Hint gsc
WarnOnOff 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 1
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
l 4
n 4
s 4
v 4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/11/2006 2:04:25 PM





Kapersky scanner found no threats.
mrclean575
Active Member
 
Posts: 9
Joined: February 1st, 2006, 10:10 pm

Unread postby Rogue » February 12th, 2006, 12:34 am

Thanks mrclean575, I'll search through this winpfind log and see what i can find.
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Rogue » February 13th, 2006, 3:19 pm

Hi mrclean575,

Sorry for the delay. Those WinPFind logs are lengthy

Please to the following:

Submit File to Jotti
Please click on Jotti
Use the "Browse" button and locate the following file on your computer:

C:\WINDOWS\browser.exe

Click the "Submit" button.
Please copy and post (reply) with the results

If Jotti's service load is too high, you can use the following scanner instead:
http://www.virustotal.com/xhtml/index_en.html
==========

If I open Task Manager, click on Performance tab CPU usage is @ 100%. Click on Processes tab, double click CPU column it shows svchost.exe at 90-98%. When I try to view the list of services that are running in Svchost, and I type Tasklist /SVC, and then press ENTER. I get a response of: 'Tasklist' is not recognized as an internal or external command, operable program or batch file.


Download and install Process Explore from here. This will show us which svchost is running at 90%.
Expand the tree just like Windows Explore.
Locate the svchost.exe that is running at 98%
Right click on svchost.exe, click Properties, select Services tab
Note the Service, Display Name and Path
Post those in your next reply
==========

Download KillBox.zip from hereand save it to your Desktop.
You will need to extract the file(s) from the zipped folder.

To do this: Right-click on the zipped folder and from the menu that appears, click on Extract All...
In the Extraction Wizard window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


You should now see the contents of the KillBox folder.
Do not run yet
==========

In the winpfind log I see signs of Dap which is not technically malware, but it may include malware and allow it into your system. You can find Safer Alternatives. Until we are clean I would like to remove it.
==========

Please go to:
Start
Control panel
Add/Remove programs

Find and remove these programs (if they are present)

Casino
Kazaa All-In-One
WildTangent
Dap
Shop at Home Assistant

(If some programs listed are not present, please do not panic)
=========
IMPORTANT
Close all other open windows and programs.

Run KillBox.exe
Click the radio button to the left of 'Delete on Reboot', then 'copy and paste' the following line(s), one at a time, into the 'Full Path of File to Delete' textbox:

C:\WINDOWS\SYSTEM32\RO5FE7.bac
C:\WINDOWS\cfgmgr52.dll
C:\windows\system32\elitepbh32.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\uaupun.exe
C:\WINDOWS\system32\PSof1.exe
C:\WINDOWS\system32\regsync.exe
C:\WINDOWS\mvmzm.dll
C:\WINDOWS\SYSTEM32\log10.txt
C:\WINDOWS\MEMORY.DMP

After pasteing each line click on the red and white 'X' button.
First you will be asked to confirm that 'All listed Files will be Deleted on Next Reboot[b/]' - click on [b]Yes.
Next you will be asked to Files will be Removed on Reboot, Do you want to reboot now?' - click on No until you have pasted the final line, then click on Yes

If you get a 'PendingFileRenameOperations Registry Data has been Removed by External Process!' message, just restart manually.
=========

Before you proceed, I want you to create a Restore Point. This is standard procedure before making any registry changes.
A tutorial for System Restore is available here.

Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

REGEDIT4

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mkmxmqnq]

[-HKEY_CLASSES_ROOT\CLSID\{1e0a7d6b-4ae2-415c-835a-ef402e5f1609}]

[-HKEY_CURRENT_USER\Software\Classes\CLSID\{1e0a7d6b-4ae2-415c-835a-ef402e5f1609}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e0a7d6b-4ae2-415c-835a-ef402e5f1609}]

[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VIDEOTRANS]



Save it to your desktop as Fixme.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: Fixme.reg

Locate Fixme.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.
==========


Post a new WinPFing Log
Post Jotti results
If you are still having problems with svchost
Post info on svchost from Process Explore

Thanks,
Rogue
User avatar
Rogue
MRU Teacher Emeritus
 
Posts: 4782
Joined: November 3rd, 2005, 3:21 pm
Location: Salt Lake City, Utah

Unread postby Nick-YF19 » February 26th, 2006, 1:26 pm

While we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 13 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware