angeloftheflames
-
Content Count
8 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by angeloftheflames
-
-
Logfile of HijackThis v1.98.2
Scan saved at 6:40:46 PM, on 12/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
-
Logfile of HijackThis v1.98.2
Scan saved at 11:25:08 PM, on 12/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\eMule\eMule.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
-
Thanks for posting Efwis, my browser is fixed but if you see anything more please tell me so i can remove it
Logfile of HijackThis v1.98.2
Scan saved at 4:43:01 PM, on 12/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\eMule\eMule.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
-
Logfile of HijackThis v1.98.2
Scan saved at 10:26:12 AM, on 12/8/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Morning Star\Application Data\swnr.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\winampa.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.0\THGuard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe
O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
-
Logfile of HijackThis v1.98.2
Scan saved at 9:56:36 PM, on 12/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Morning Star\Application Data\swnr.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe
O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
-
Logfile of HijackThis v1.98.2
Scan saved at 9:35:53 PM, on 12/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Morning Star\Application Data\swnr.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe
O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
-
Logfile of HijackThis v1.98.2
Scan saved at 8:53:12 PM, on 12/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\WINDOWS\Resources\Themes\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\PRTG Traffic Grapher 4\prtg4.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Morning Star\Application Data\swnr.exe
C:\PROGRA~1\Serv-U\ServUDaemon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\MORNIN~1\LOCALS~1\Temp\Rar$EX00.323\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\winxp\system32\blank.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9CC9DE59-1EE8-1363-BC2B-3976146B5796} - C:\WINDOWS\System32\sdq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [sTYLEXP] C:\WINDOWS\Resources\Themes\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /1
O4 - HKCU\..\Run: [Clock] C:\WINDOWS\msswchx.exe
O4 - HKCU\..\Run: [Oiir] C:\Documents and Settings\Morning Star\Application Data\swnr.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\eMule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...382/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://sea2fd.sea2.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE701EB7-DBF8-4077-A700-04166A1ECA9C}: NameServer = 209.47.15.118,64.157.143.38,207.69.188.185,207.69.188.186
Browsers Hijacked To Search.findwhatevernow.com
in Malware Removal
Posted
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.mirrormedia.co.uk
127.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 garden.ngadcenter.net
127.0.0.1 ogilvy.ngadcenter.net
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.msn.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.eads.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 ads.forbes.net
127.0.0.1 ads.newcity.com
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 ads.scifi.com
127.0.0.1 adengine.theglobe.com
127.0.0.1 ads.tucows.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads1.advance.net
127.0.0.1 eur.yimg.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 sg.yimg.com
127.0.0.1 adverity.adverity.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 ads.mysimon.com
127.0.0.1 ad.img.yahoo.co.kr
127.0.0.1 adimages.go.com
127.0.0.1 kr-adimage.lycos.co.kr
127.0.0.1 ad.kimo.com.tw
127.0.0.1 ads.paxnet.co.kr
127.0.0.1 ads.paxnet.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.admonitor.net
127.0.0.1 wwa.hitbox.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.erotism.com
127.0.0.1 banner.rootsweb.com
127.0.0.1 ads.ole.com
127.0.0.1 adimg1.chosun.com
127.0.0.1 ss.mtree.com
127.0.0.1 adpulse.ads.targetnet.com
127.0.0.1 adserver.ugo.com
127.0.0.1 ad.sales.olympics.com
127.0.0.1 m2.doubleclick.net
127.0.0.1 ph-ad21.focalink.com
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 www.datais.com
127.0.0.1 oas.mmd.ch
127.0.0.1 pub-g.ifrance.com
127.0.0.1 ads.bianca.com
127.0.0.1 wap.adlink.de
127.0.0.1 click.adlink.de
127.0.0.1 banner.adlink.de
127.0.0.1 hurricane.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 scand.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 direct.adlink.de
127.0.0.1 classic.adlink.de
127.0.0.1 adlui001.adlink.de
127.0.0.1 banner1.adlink.de
127.0.0.1 click.mp3.com
127.0.0.1 adcodes.bla-bla.com
127.0.0.1 icover.realmedia.com
127.0.0.1 ca.fp.sandpiper.net
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 ads.tmcs.net
127.0.0.1 amedia.techies.com
127.0.0.1 www.exchange-it.com
127.0.0.1 www.ad.tomshardware.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ads.currantbun.com
127.0.0.1 phoenix-adrunner.mycomputer.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 adserver.colleges.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.starnews.com
127.0.0.1 www.linksynergy.com
127.0.0.1 ieee-images.adbureau.net
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 ads.newsdigital.net
127.0.0.1 arc5.msn.com
127.0.0.1 arc4.msn.com
127.0.0.1 arc3.msn.com
127.0.0.1 arc2.msn.com
127.0.0.1 arc1.msn.com
127.0.0.1 ads.discovery.com
127.0.0.1 im.800.com
127.0.0.1 img.cmpnet.com
127.0.0.1 ad7.internetadserver.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.cbc.ca
127.0.0.1 www75.valueclick.com
127.0.0.1 ads.clearbluemedia.com
127.0.0.1 ti.click2net.com
127.0.0.1 www.onresponse.com
127.0.0.1 ads.list-universe.com
127.0.0.1 advert.bayarea.com
127.0.0.1 www3.pagecount.com
127.0.0.1 www.netsponsors.com
127.0.0.1 adthru.com
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ugo.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 wwb.hitbox.com
127.0.0.1 comtrack.comclick.com
127.0.0.1 www.24pm-affiliation.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.cibleclick.com
127.0.0.1 reply.mediatris.net
127.0.0.1 cgi.declicnet.com
127.0.0.1 pubs.mgn.net
127.0.0.1 ads.mcafee.com
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.adtraq.com
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 adpop.theglobe.com
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.detelefoongids.nl
127.0.0.1 ads.ecircles.com
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.jpost.com
127.0.0.1 ads.netmechanic.com
127.0.0.1 ads.webcash.nl
127.0.0.1 adserver.netcast.nl
127.0.0.1 adserver.webads.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.realtracker.com
127.0.0.1 adserver2.realtracker.com
127.0.0.1 adserver3.realtracker.com
127.0.0.1 delivery1.ads.telegraaf.nl
127.0.0.1 holland.hyperbanner.net
127.0.0.1 images.webads.nl
127.0.0.1 sc.clicksupply.com
127.0.0.1 service.bfast.com
127.0.0.1 www.ad4ex.com
127.0.0.1 www.bannercampaign.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 www.netvertising.be
127.0.0.1 www.speedyclick.com
127.0.0.1 www.webads.nl
127.0.0.1 ads.snowball.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 www10.valueclick.com
127.0.0.1 js1.hitbox.com
127.0.0.1 rd1.hitbox.com
127.0.0.1 mt37.mtree.com
127.0.0.1 ads.gameanswers.com
127.0.0.1 ads7.udc.advance.net
127.0.0.1 www23.valueclick.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 banners.nextcard.com
127.0.0.1 ads.iwon.com
127.0.0.1 www.qksrv.net
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 ads-b.focalink.com
127.0.0.1 ad2.peel.com
127.0.0.1 ads.floridatoday.com
127.0.0.1 stats.adultrevenueservice.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ph-ad06.focalink.com
127.0.0.1 global.msads.net
127.0.0.1 pluto1.iserver.net
127.0.0.1 ads1.intelliads.com
127.0.0.1 primetime.ad.asap-asp.net
127.0.0.1 ads.stileproject.com
127.0.0.1 di.image.eshop.msn.com
127.0.0.1 www.blissnet.net
127.0.0.1 www.consumerinfo.com
127.0.0.1 ads.rottentomatoes.com
127.0.0.1 k5ads.osdn.com
127.0.0.1 actionsplash.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 adserver.news.com.au
127.0.0.1 servedby.advertising.com
127.0.0.1 java.yahoo.com
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ads.1for1.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 ads.devx.com
127.0.0.1 utils.mediageneral.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.dnps.com
127.0.0.1 creative.whi.co.nz
127.0.0.1 rmedia.boston.com
127.0.0.1 webaffiliate.covad.com
127.0.0.1 ad.iwin.com
127.0.0.1 www.nailitonline2.com
127.0.0.1 mds.centrport.net
127.0.0.1 oas.dispatch.com
127.0.0.1 adserver.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.clickagents.com
127.0.0.1 banners.chek.com
127.0.0.1 zi.r.tv.com
127.0.0.1 ph-ad19.focalink.com
127.0.0.1 ads.greensboro.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ads.colo.kiva.net
127.0.0.1 adsrv.iol.co.za
127.0.0.1 mjxads.internet.com
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 ads.vnuemedia.com
127.0.0.1 affiliate.doteasy.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 oas.lee.net
127.0.0.1 www.banneroverdrive.com
127.0.0.1 ad3.peel.com
127.0.0.1 ad1.peel.comwww.xbn.ru
127.0.0.1 adserver.snowball.com
127.0.0.1 media15.fastclick.net
127.0.0.1 ads5.advance.net
127.0.0.1 ads3.advance.net
127.0.0.1 ads2.advance.net
127.0.0.1 ads.advance.net
127.0.0.1 usbytecom.orbitcycle.com
127.0.0.1 adbanner.sweepsclub.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 www.ad-flow.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 media19.fastclick.net
127.0.0.1 a.tribalfusion.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 adserver.hispavista.com
127.0.0.1 ads.musiccity.com
127.0.0.1 banners.revenuelink.com
127.0.0.1 ads1.sptimes.com
127.0.0.1 adserver.bizland-inc.net
127.0.0.1 ads.adtegrity.net
127.0.0.1 media13.fastclick.net
127.0.0.1 adserver.ukplus.co.uk
127.0.0.1 ads.live365.com
127.0.0.1 ads.fredericksburg.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 ar.atwola.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 netshelter.adtrix.com
127.0.0.1 y.ibsys.com
127.0.0.1 adserver.nydailynews.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 images.scripps.com
127.0.0.1 images.cybereps.com
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 krd.realcities.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 view.atdmt.com
127.0.0.1 ads7.advance.net
127.0.0.1 ad.abcnews.com
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 secure.webconnect.net
127.0.0.1 ads.nandomedia.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 media17.fastclick.net
127.0.0.1 techreview-images.adbureau.net
127.0.0.1 ads.exhedra.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 realmedia-a800.d4p.net
127.0.0.1 banner.northsky.com
127.0.0.1 ftp.nacorp.com
127.0.0.1 www.digitalbettingcasinos.com
127.0.0.1 c1.zedo.com
127.0.0.1 ads4.condenet.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.b3d.com
127.0.0.1 neighborhood.standard.net
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 spinbox.techtracker.com
127.0.0.1 toads.osdn.com
127.0.0.1 ads.themes.org
127.0.0.1 adserver.trb.com
127.0.0.1 media.fastclick.net
127.0.0.1 banner.easyspace.com
127.0.0.1 www.banner2u.com
127.0.0.1 ads.thestar.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 www.fineclicks.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ad.horvitznewspapers.net
127.0.0.1 adtegrity.thruport.com
127.0.0.1 a.mktw.net
127.0.0.1 ads.pennyweb.com
127.0.0.1 www3.ad.tomshardware.com
127.0.0.1 www4.ad.tomshardware.com
127.0.0.1 www6.ad.tomshardware.com
127.0.0.1 www8.ad.tomshardware.com
127.0.0.1 www15.ad.tomshardware.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 bannerads.anytimenews.com
127.0.0.1 ads1.condenet.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 zrap.zdnet.com.com
127.0.0.1 bidclix.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 coreg.flashtrack.net
127.0.0.1 rmads.msn.com
127.0.0.1 ads.icq.com
127.0.0.1 cb.icq.com
127.0.0.1 cf.icq.com
127.0.0.1 www2.newtopsites.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 images.fastclick.net
127.0.0.1 adserver.securityfocus.com
127.0.0.1 www.avsads.com
127.0.0.1 banners.moviegoods.com
127.0.0.1 ads.bitsonthewire.com
127.0.0.1 ads.iambic.com
127.0.0.1 sfads.osdn.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 adserver.phillyburbs.com
127.0.0.1 marketing.nyi.net
127.0.0.1 www.netflip.com
127.0.0.1 image.imgfarm.com
127.0.0.1 ads.viaarena.com
127.0.0.1 phpads2.cnpapers.com
127.0.0.1 ads.astalavista.us
127.0.0.1 banner.coza.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 ads.democratandchronicle.com
127.0.0.1 adlog.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adimage.bankrate.com
127.0.0.1 ads.mediadevil.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ads.cashsurfers.com
127.0.0.1 ads.specificpop.com
127.0.0.1 z1.adserver.com
127.0.0.1 images.bizrate.com
127.0.0.1 q.pni.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 adimage.asia1.com.sg
127.0.0.1 images.newsx.cc
127.0.0.1 www.adireland.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.nyi.net
127.0.0.1 geoads.osdn.com
127.0.0.1 www.crisscross.com
127.0.0.1 netcomm.spinbox.net
127.0.0.1 i.i.com.com
127.0.0.1 ads.videoaxs.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 adserver.pollstar.com
127.0.0.1 information.gopher.com
127.0.0.1 ads.adviva.net
127.0.0.1 adsrv.bankrate.com
127.0.0.1 a207.p.f.qz3.net
127.0.0.1 ehg-bestbuy.hitbox.com
127.0.0.1 ehg-intel.hitbox.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehg-macromedia.hitbox.com
127.0.0.1 ehg-dig.hitbox.com
127.0.0.1 speed.pointroll.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ads.gamespy.com
127.0.0.1 spd.atdmt.com
127.0.0.1 ads.columbian.com
127.0.0.1 clickit.go2net.com
127.0.0.1 vpdc.ru4.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.nerve.com
127.0.0.1 iv.doubleclick.net
127.0.0.1 ads2.condenet.com
127.0.0.1 www.burstnet.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 askmen.thruport.com
127.0.0.1 adsrv2.gainesvillesun.com
127.0.0.1 ads.theolympian.com
127.0.0.1 ads.courierpostonline.com
127.0.0.1 i.timeinc.net
127.0.0.1 oasads.whitepages.com
127.0.0.1 rad.msn.com
127.0.0.1 serve.thisbanner.com
127.0.0.1 images.trafficmp.com
127.0.0.1 www.kaplanindex.com
127.0.0.1 kaplanindex.com
127.0.0.1 1.httpdads.com
127.0.0.1 spinbox.maccentral.com
127.0.0.1 akaads-abc.starwave.com
127.0.0.1 webad.ajeeb.com
127.0.0.1 ads.granadamedia.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.wnd.com
127.0.0.1 a3.suntimes.com
127.0.0.1 tmsads.tribune.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.mh5.com
127.0.0.1 ad.usatoday.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads.jacksonsun.com
127.0.0.1 servads.aip.org
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 adng.ascii24.com
127.0.0.1 engage.speedera.net
127.0.0.1 ads.msn-ppe.com
127.0.0.1 ad.openfind.com.tw
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 ads.northjersey.com
127.0.0.1 ad.moscowtimes.ru
127.0.0.1 banners.valuead.com
127.0.0.1 ad1.aaddzz.com
127.0.0.1 ds.eyeblaster.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.statesmanjournal.com
127.0.0.1 ads.centralohio.com