Need help removing malware from my computer. I've got a flashing icon in my task bar, which keeps popping messages up trying to redirect me to a website for spyware removal software. Started out in the self help section. Downloaded Smitfraudfix by (S!Ri) and AVG Anti spyware. Here's a copy of my HJT scan and rapport scan:

Logfile of HijackThis v1.99.1
Scan saved at 10:06:55 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SYSWB6.exe
C:\WINDOWS\Dit.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\Callwave11\IAM.exe
C:\Program Files\stickies\stickies.exe
C:\WINDOWS\system32\Winkb6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\HiJack This\HijackThis.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mid-Iowa PCPartner
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SYSWB6] SYSWB6
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: CallWave.lnk = C:\Documents and Settings\Douglas\My Documents\My Downloads\Callwave11\IAM.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120013803375
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O17 - HKLM\System\CCS\Services\Tcpip\..\{92AA402F-3C3A-4E9F-9335-6AF59B245CC9}: NameServer = 69.66.0.20 69.66.1.20
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

SmitFraudFix v2.212

Scan done at 22:02:15.71, Tue 08/14/2007
Run from C:\Documents and Settings\Douglas\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SYSWB6.exe
C:\WINDOWS\Dit.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\Callwave11\IAM.exe
C:\Program Files\stickies\stickies.exe
C:\WINDOWS\system32\Winkb6.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\HiJack This\HijackThis.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 ads.microsoft.com
127.0.0.1 ads.techguy.org

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\xtsyynm.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Douglas


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Douglas\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Douglas\FAVORI~1

C:\DOCUME~1\Douglas\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a4029063-4fe3-422c-ac72-12905c09642a}"="clinker"

[HKEY_CLASSES_ROOT\CLSID\{a4029063-4fe3-422c-ac72-12905c09642a}\InProcServer32]
@="C:\WINDOWS\system32\xtsyynm.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{a4029063-4fe3-422c-ac72-12905c09642a}\InProcServer32]
@="C:\WINDOWS\system32\xtsyynm.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 69.66.0.20
DNS Server Search Order: 69.66.1.20

HKLM\SYSTEM\CCS\Services\Tcpip\..\{92AA402F-3C3A-4E9F-9335-6AF59B245CC9}: NameServer=69.66.0.20 69.66.1.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{92AA402F-3C3A-4E9F-9335-6AF59B245CC9}: NameServer=69.66.0.20 69.66.1.20


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Thank you for your assistance.

Hi! Welcome to the Tom Coyote forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine.
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
• It's often worth reading through these instructions and printing them for ease of reference.
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
• Please reply to this thread. Do not start a new topic.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

Thank you, Scotty. I appreciate your assistance! Here's a copy of the uninstall list from HJT:


Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Acrobat and Reader 6.0.3 Update
Adobe Reader 6.0.1
Avance AC'97 Audio
AVG Anti-Spyware 7.5
CallWave
CDK Players
CleanUp!
ClearType Tuning Control Panel Applet
Easy CD Creator 5 DVD Edition
Google Earth
Gravis Xperience 4.5
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP PrecisionScan LT Software
Informations about your PC
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
Jeopardy! 2003
KB9908 Uninstall
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark Supplies Monitor
Lexmark Z23-Z33
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Macromedia Shockwave Player
MailWasher 2.0.19 beta
Medal of Honor Allied Assault
Medion Flash XL
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Photo 7.0
Microsoft Plus! for Windows XP
Microsoft PowerPoint Viewer 97
Microsoft Reader
Microsoft Streets and Trips 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Microsoft Word 2002
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mouse Driver
Mozilla Firefox (2.0.0.4)
Mozilla Firefox (2.0.0.6)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
NAIC Classic Plus Member Edition
NAIC Portfolio Record Keeper 4 (101 Day Version)
NAIC Stock Prospector Member Edition
Nero
Norton AntiVirus Corporate Edition
NVIDIA Drivers
NVIDIA Logo Screensaver
PhotoRecall Deluxe
Pop-Up Stopper Professional
Power Cinema
PowerDirector Pro
PowerDVD
QuickTime
QuickVerse 7.0
RealPlayer
Roxio EasyWrite Reader
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Serif DrawPlus 3.0
Shockwave
SiS 900 PCI Fast Ethernet Adapter Driver
SiSAGP driver
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Startup Control Panel
Stickies 5.0a
Trivial Pursuit Unhinged
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB PC Camera (SN9C103)
Viewpoint Media Player (Remove Only)
We-Blocker
WexTech AnswerWorks
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Yahoo! Messenger
ZoneAlarm

Hi

Run Smitfraudfix
Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Download MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

Hi,
Ran the smitfraudfix.cmd, option #2, in safe mode. I didn't see anything about the 'wininet.dll' file, so I assume it wasn't infected. Rebooted in normal mode. Downloaded the new hosts file. Here's the results of the cleaning process:
SmitFraudFix v2.212

Scan done at 22:31:54.39, Wed 08/15/2007
Run from C:\Documents and Settings\Douglas\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[IE-SpyAd]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com
127.0.0.1 ads.activepower.net
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adagencypro.com
127.0.0.1 adbest.com #[IE-SpyAd]
127.0.0.1 ad.adbest.com
127.0.0.1 ad.pop1.adbn.ru
127.0.0.1 adserv.adbonus.com #[IE-SpyAd]
127.0.0.1 www.adbonus.com
127.0.0.1 james.adbutler.de #[Tenebril.TrackingCookie]
127.0.0.1 www.adbutler.de #[SunBelt.AdButler.de]
127.0.0.1 adcp.adcentriconline.com
127.0.0.1 bell.adcentriconline.com #[Wildcard DNS]
127.0.0.1 media.adcentriconline.com #[IE-SpyAd]
127.0.0.1 adcomplete.com #[IE-SpyAd]
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 axa.addcontrol.net #[Ewido.TrackingCookie.Addcontrol]
127.0.0.1 ads.addynamix.com #[SpySweeper.Spy.Cookie]
127.0.0.1 e13.media.addynamix.com
127.0.0.1 www.adeos.eu
127.0.0.1 adcode.adengage.com
127.0.0.1 stats2.adengage.com
127.0.0.1 www.adengage.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com #[IE-SpyAd]
127.0.0.1 www.ad4ever.com #[IE-SpyAd]
127.0.0.1 track.adform.net
127.0.0.1 www.adfusion.com
127.0.0.1 harvest.adgardener.com
127.0.0.1 harvest8.adgardener.com
127.0.0.1 harvest11.adgardener.com
127.0.0.1 harvest12.adgardener.com
127.0.0.1 harvest13.adgardener.com
127.0.0.1 harvest163.adgardener.com
127.0.0.1 seeds.adgardener.com
127.0.0.1 www.adgroups.net
127.0.0.1 www.ad-groups.com #[Ban Man Pro Banner Code]
127.0.0.1 www.adgauge.com
127.0.0.1 host1.adhese.be #[Adhese Datamine Tag]
127.0.0.1 host2.adhese.be
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net]
127.0.0.1 host4.adhese.be
127.0.0.1 ssl3.adhost.com #[IE-SpyAd]
127.0.0.1 www2.adhost.com
127.0.0.1 ads.adhostingsolutions.com
127.0.0.1 www.adimpact.com
127.0.0.1 www.adinventoryrecorder.com
127.0.0.1 adfarm1.adition.com
127.0.0.1 imagesrv.adition.com
127.0.0.1 ad.adition.net
127.0.0.1 adsearch.adkontekst.pl
127.0.0.1 community.adlandpro.com #[Ad-Aware Tracking Cookie]
127.0.0.1 pk.adlandpro.com
127.0.0.1 te.adlandpro.com #[IE-SpyAd]
127.0.0.1 trafficex.adlandpro.com
127.0.0.1 www.adlandpro.com #[Ad-Aware Tracking Cookie]
127.0.0.1 engine.adland.ru
127.0.0.1 publicidad.adlead.com
127.0.0.1 ad.adlegend.com #[affects Webroot AlertNet]
127.0.0.1 media.adlegend.com
127.0.0.1 www.adlimg03.com
127.0.0.1 classic.adlink.de #[IE-SpyAd]
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 rc.de.adlink.net
127.0.0.1 tr.de.adlink.net
127.0.0.1 www.adminder.com #[SpySweeper.Spy.Cookie]
127.0.0.1 rms.admeta.com #[admeta.basefarm.net]
127.0.0.1 ads.admodus.com
127.0.0.1 ad.adnet.biz
127.0.0.1 engine.adnet.ru
127.0.0.1 ad2.adnetinteractive.com
127.0.0.1 ad.adnetwork.com.br
127.0.0.1 www.adnetworkonline.com
127.0.0.1 s1.ad.adocean.pl #[Ewido.Spyware.Cookie.Adocean]
127.0.0.1 s2.ad.adocean.pl
127.0.0.1 s1.centrumcz.adocean.pl
127.0.0.1 s1.czgde.adocean.pl
127.0.0.1 s1.skgde.adocean.pl
127.0.0.1 ad01.adonspot.com #[IE-SpyAd]
127.0.0.1 ad02.adonspot.com
127.0.0.1 isohunt.adonspot.com
127.0.0.1 ab.adpro.com.ua
127.0.0.1 ac.adpro.com.ua
127.0.0.1 system.adquick.nl
127.0.0.1 www.adquest.nl
127.0.0.1 adreactor.com
127.0.0.1 adserver.adreactor.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 adx.adrenaline.cz
127.0.0.1 www.adsforindians.com
127.0.0.1 ad.adrefer.net
127.0.0.1 www.adreporting.com #[SunBelt.Adreporting.com]
127.0.0.1 gambling911.adrevolver.com
127.0.0.1 media.adrevolver.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 track.adrevolver.com #[McAfee.Cookie-Adrevolver]
127.0.0.1 cntr.adrime.com
127.0.0.1 images.adrime.com
127.0.0.1 ad.adriver.ru
127.0.0.1 www.adrotate.net
127.0.0.1 serv.ad-rotator.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ad.ads8.com
127.0.0.1 vip.ads8.com
127.0.0.1 www.ads183.com
127.0.0.1 antevenio.flux.ads-click.com
127.0.0.1 ad.ads.dk #[IE-SpyAd]
127.0.0.1 tdkads.ads.dk
127.0.0.1 adservercentral.com
127.0.0.1 banners.adservercentral.com
127.0.0.1 www.adservercentral.com #[SunBelt.adservercentral.com]
127.0.0.1 adservicedomain.info
127.0.0.1 adsfac.net #[Facilitate Tracking Code][IE-SpyAd]
127.0.0.1 images.adshuffle.com
127.0.0.1 this.content.served.by.adshuffle.com
127.0.0.1 ad-soft.net #[regfreeze.net][IE-SpyAd]
127.0.0.1 adsaway.com #[HTML/TrojanDownloader.Agent.BP trojan]
127.0.0.1 www.adsaway.com #[Google.Warning]
127.0.0.1 www.adshot.de
127.0.0.1 allchix.adsmax.com
127.0.0.1 www2.adsmax.com
127.0.0.1 www.adsodainteractive.com
127.0.0.1 37.adsonar.com
127.0.0.1 ads.adsonar.com
127.0.0.1 foxnews.adsonar.com
127.0.0.1 js.adsonar.com
127.0.0.1 redir.adsonar.com
127.0.0.1 www.adspace.be
127.0.0.1 g.adspeed.net
127.0.0.1 serv.adspeed.com
127.0.0.1 ads.adsponse.de
127.0.0.1 www.adsprve1.com #[IE-SpyAd]
127.0.0.1 creative.adsrevenue.net
127.0.0.1 popunder.adsrevenue.net
127.0.0.1 adserve.adster.com
127.0.0.1 images.adster.com
127.0.0.1 adsvert.com
127.0.0.1 o.adtargeter.com
127.0.0.1 ads.adtiger.de
127.0.0.1 www.adtiger.de
127.0.0.1 ads.adgoto.com
127.0.0.1 adsrv.admindshare.com
127.0.0.1 adtology.com
127.0.0.1 adtology2.com
127.0.0.1 ad.adtoma.com
127.0.0.1 downldcl.adtoolsinc.com
127.0.0.1 www.adtoolsinc.com #[IE-SpyAd]
127.0.0.1 www.adtrade.net
127.0.0.1 www.adtrader.com #[IE-SpyAd]
127.0.0.1 netshelter.adtrix.com
127.0.0.1 ads.advancedpcmedia.com
127.0.0.1 survey.advantageresearch.com #[IE-SpyAd]
127.0.0.1 ad.adver.com.tw
127.0.0.1 www.adventideas.com #[Adcycle]
127.0.0.1 www.adversal.com
127.0.0.1 www.adversalservers.com
127.0.0.1 austria1.adverserve.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 ads.advertise.net #[IE-SpyAd]
127.0.0.1 www.advertisingspaces.net
127.0.0.1 www.advertisingstats.com #[IE-SpyAd]
127.0.0.1 advertisingpurchase.com
127.0.0.1 ad.adverticum.net
127.0.0.1 img.adverticum.net
127.0.0.1 imgs.adverticum.net
127.0.0.1 ads.advertisingz.com
127.0.0.1 ad.advertstream.com
127.0.0.1 adviva.com #[IE-SpyAd]
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net #[Panda.Spyware:Cookie/Adviva]
127.0.0.1 de.ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 www.traf.advscripts.com
127.0.0.1 ad.adworx.at
127.0.0.1 www.ad-z.de
127.0.0.1 banners.adzones.com
127.0.0.1 clicks.adzones.com
127.0.0.1 feeds.adzones.com
127.0.0.1 www.adzones.com
127.0.0.1 aeoworld.de
127.0.0.1 www.aeoworld.de #[W32/WMF-exploit]
127.0.0.1 banners.affilimatch.de
127.0.0.1 tracker.affistats.com #[IE-SpyAd][msvrl.dll]
127.0.0.1 adz.afterdawn.net
127.0.0.1 ad.afy11.net
127.0.0.1 stats.agent.co.il
127.0.0.1 agentmediagroup.com #[Javascript.Exploit]
127.0.0.1 www.agentmediagroup.com
127.0.0.1 rmbannerserver.agestado.com.br
127.0.0.1 stats.agentinteractive.com
127.0.0.1 api.aggregateknowledge.com
127.0.0.1 aams1.aim4media.com
127.0.0.1 artwork.aim4media.com
127.0.0.1 www.aim4media.com #[SunBelt.Adserver.aim4media]
127.0.0.1 adlik.akavita.com
127.0.0.1 adlik2.akavita.com
127.0.0.1 adserver.akqa.net #[Ad-Aware Tracking Cookie]
127.0.0.1 www.alaqiq.net #[Javascript.Exploit]
127.0.0.1 download.alexa.com #[Trackware.Alexa][SPYW_ALEXA.A]
127.0.0.1 download.china.alibaba.com #[Adware.AlibabaTB][AdWare.ToolBar.Alibabar.b]
127.0.0.1 tracking.allposters.com
127.0.0.1 ad.allstar.cz
127.0.0.1 bokee.allyes.com
127.0.0.1 demoafp.allyes.com
127.0.0.1 eastmoney.allyes.com
127.0.0.1 smarttrade.allyes.com
127.0.0.1 taobaoafp.allyes.com
127.0.0.1 tom.allyes.com
127.0.0.1 uuseeafp.allyes.com
127.0.0.1 www.almondnetworks.com
127.0.0.1 www.almoso3h.com #[Trojan-PSW.Win32.VB.cl]
127.0.0.1 www.alsaloumainvestment.com #[Win32/SpamTool.Gadina]
127.0.0.1 ad.altervista.org
127.0.0.1 marx2.altervista.org
127.0.0.1 pqwaker.altervista.org
127.0.0.1 bantam.ai.net #[IE-SpyAd]
127.0.0.1 fiona.ai.net
127.0.0.1 adimg.alice.it
127.0.0.1 adv.alice.it
127.0.0.1 count1.altastat.com
127.0.0.1 altmedia101.com
127.0.0.1 www.alldep.com #[Spamdexing]
127.0.0.1 adserver.alt.com
127.0.0.1 c0.amazingcounters.com
127.0.0.1 c1.amazingcounters.com
127.0.0.1 c2.amazingcounters.com
127.0.0.1 c3.amazingcounters.com
127.0.0.1 c4.amazingcounters.com
127.0.0.1 c5.amazingcounters.com
127.0.0.1 c6.amazingcounters.com
127.0.0.1 c7.amazingcounters.com
127.0.0.1 c8.amazingcounters.com
127.0.0.1 www.amazingcounters.com
127.0.0.1 banner.ambercoastcasino.com
127.0.0.1 ads.amdmb.com
127.0.0.1 whos.amung.us #[WebBug]
127.0.0.1 advert.ananzi.co.za
127.0.0.1 advert2.ananzi.co.za
127.0.0.1 adserver.ancestry.com #[RealMedia]
127.0.0.1 adserver04.ancestry.com #[RealMedia]
127.0.0.1 andishecenter.com #[VBS/Envary.A]
127.0.0.1 www.andyhoppe.com
127.0.0.1 angpeu.info #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 ads.angryape.com
127.0.0.1 banners.ads.angryape.com
127.0.0.1 www.antarasystems.com
127.0.0.1 www.anticlown.com
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 www.arcadebanners.com
127.0.0.1 www.arcadebannerexchange.com
127.0.0.1 ard114.info #[Spamdexing]
127.0.0.1 areabuyreal.com
127.0.0.1 act.areabuyreal.com #[Win32/TrojanDownloader.Zlob]
127.0.0.1 click.areabuyreal.com #[WildCard DNS]
127.0.0.1 www.areabuyreal.com
127.0.0.1 demiurge.arstechnica.com
127.0.0.1 artsklimited.info #[Win32/Padodor.NAQ]
127.0.0.1 banner.arttoday.com
127.0.0.1 ads.asia1.com.sg
127.0.0.1 asimpleinternet.com #[Tenebril.SpecialOffers]
127.0.0.1 www.asimpleinternet.com
127.0.0.1 ads.ask.com #[sv-click.looksmart.com]
127.0.0.1 www.askyaya.com #[SunBelt.AskYaya]
127.0.0.1 ads.aspalliance.com
127.0.0.1 ads.associatedcontent.com
127.0.0.1 dist.atlas-ia.com #[ADW_ATLAST.A]
127.0.0.1 www.atlas-ia.com #[Adware.OfferAgent][Adware-Atlas]
127.0.0.1 elitegaming.ath.cx #[Adware.AdSupport]
127.0.0.1 www.elitegaming.ath.cx
127.0.0.1 ads.auctionads.com
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com
127.0.0.1 auto-search.org #[VicMan Search]
127.0.0.1 ads.auctioncity.co.nz
127.0.0.1 www.autosurfpro.com #[IE-SpyAd]
127.0.0.1 ads.autotrader.co.za
127.0.0.1 adserving.autotrader.com #[SunBelt.AdServing.AutoTrader.com]
127.0.0.1 www.axill.com
127.0.0.1 images.axill.in
127.0.0.1 www.axill.in
127.0.0.1 axload.to #[Adware.Webprefix][Trojan.Downloader.6588.E]
127.0.0.1 valid.axload.to
127.0.0.1 ayiosamvrosios.com #[Javascript.Exploit]
127.0.0.1 www.azads.net #[IE-SpyAd]
127.0.0.1 azresults.com #[Spamdexing]
127.0.0.1 www.azresults.com
127.0.0.1 azsearch.org
127.0.0.1 babla.info #[Spamdexing]
127.0.0.1 adserver1.backbeatmedia.com
127.0.0.1 adserver1-images.backbeatmedia.com
127.0.0.1 bullseye.backbeatmedia.com
127.0.0.1 www.badhyip.org #[Google.Warning]
127.0.0.1 ads.badische-zeitung.de
127.0.0.1 bar.baidu.com #[Win32/Adware.Toolbar.Baidu][Sophos.JS/BDHelper-A]
127.0.0.1 ad.baiso.com.cn #[Trojan.Baiso][ADSPY/BaiduBar.P]
127.0.0.1 balticaffiliate.com #[Spamdexing]
127.0.0.1 www.baltictop.com
127.0.0.1 adsrv.bankrate.com
127.0.0.1 click.banneradv.com
127.0.0.1 adserver.banneradministration.com
127.0.0.1 www.bannerbox.cn
127.0.0.1 bannerboxes.com #[BannerBoxes Ad Code]
127.0.0.1 clicks.bannerboxes.com
127.0.0.1 feeds.bannerboxes.com
127.0.0.1 www.bannerboxes.com
127.0.0.1 bannerbg.com
127.0.0.1 www.banner-exchange.nl
127.0.0.1 ad.bannerhost.ru
127.0.0.1 banners.bannerlandia.com.ar
127.0.0.1 www.bannermanagement.nl
127.0.0.1 www.bannerout.com
127.0.0.1 www.banneroverdrive.com
127.0.0.1 www.bannerpromotion.it
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com
127.0.0.1 www3.bannerspace.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com #[Tenebril.Tracking Cookie]
127.0.0.1 www.bannerswap.ca
127.0.0.1 ads.vg.basefarm.net #[RealMedia]
127.0.0.1 media.baventures.com
127.0.0.1 ads.baz.ch
127.0.0.1 ad2.bbmedia.cz
127.0.0.1 bbeplayer.com #[WebBug]
127.0.0.1 bc0.cn #[ANI.Exploit]
127.0.0.1 www.beachtrash.com #[MHTMLRedir.Exploit]
127.0.0.1 autocontext.begun.ru
127.0.0.1 adlogger.bertgeens.be
127.0.0.1 www.belstat.be
127.0.0.1 www.belstat.com
127.0.0.1 www.belstat.nl
127.0.0.1 oas.benchmark.fr #[RealMedia]
127.0.0.1 bengilani.com #[VBS/Envary.A]
127.0.0.1 bestinfosearch.com
127.0.0.1 www.bestinfosearch.com #[Malicious.Links]
127.0.0.1 bestinshowjewelry.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 webtrends.besite.be
127.0.0.1 www.besttoolbars.net #[ADW_TBARWIN32.A]
127.0.0.1 bestzarplata.info
127.0.0.1 www.bestzarplata.info #[Javascript.Exploit.makemelaugh][server down?]
127.0.0.1 ads.betanews.com
127.0.0.1 banner.betfred.com
127.0.0.1 download.baigoo.com #[AdWare.Win32.Baigoo.a][Trackware.Baigoo]
127.0.0.1 big4top.com
127.0.0.1 www.big4top.com #[IFrame.Exploit]
127.0.0.1 ad0.bigmir.net
127.0.0.1 ad1.bigmir.net
127.0.0.1 ad4.bigmir.net
127.0.0.1 ad5.bigmir.net
127.0.0.1 ad6.bigmir.net
127.0.0.1 ad7.bigmir.net
127.0.0.1 adi.bigmir.net
127.0.0.1 c.bigmir.net #[SecuritySpace.WebBug]
127.0.0.1 i.bigmir.net
127.0.0.1 bigtracker.com
127.0.0.1 bighits.net
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 www.bighits.net
127.0.0.1 counter.bigli.ru
127.0.0.1 banex.bikers-engine.com
127.0.0.1 ad2.billboard.cz
127.0.0.1 adserver.bizhat.com
127.0.0.1 counter.bizland.com
127.0.0.1 dc.bizjournals.com
127.0.0.1 webads.bizservers.com
127.0.0.1 blackhatcrew.ru
127.0.0.1 www.black-hole.co.uk
127.0.0.1 ads2.blastro.com
127.0.0.1 ads3.blastro.com
127.0.0.1 ads4.blastro.com
127.0.0.1 blaze-search.com
127.0.0.1 ads.blick.ch
127.0.0.1 streamstats1.blinkx.com
127.0.0.1 ads.blizzard.com
127.0.0.1 blogadswap.com
127.0.0.1 tracker.blogbeat.net
127.0.0.1 ads.blogdrive.com
127.0.0.1 banners.blogexplosion.com
127.0.0.1 counter.blogexplosion.com
127.0.0.1 blogtextlinks.blogexplosion.com
127.0.0.1 rentblog.blogexplosion.com
127.0.0.1 mapstats.blogflux.com
127.0.0.1 www.blogpatrol.com
127.0.0.1 pcbutts1-therealtruth.blogspot.com
127.0.0.1 t.blogreaderproject.com #[WebBug]
127.0.0.1 ads1.prod.bluetape.com
127.0.0.1 blogmark.bokee.com #[Adware.BocaiToolbar]
127.0.0.1 count.blogscout.de
127.0.0.1 track.blogcounter.de
127.0.0.1 www.blogcounter.de
127.0.0.1 adserver.bluewin.ch
127.0.0.1 ads.boardtracker.com
127.0.0.1 ranks.boardtracker.com
127.0.0.1 adimage.bokee.com
127.0.0.1 ad.bol.bg
127.0.0.1 adv.bol.bg
127.0.0.1 ads.bomis.com
127.0.0.1 banners.bookmaker.com
127.0.0.1 boolom.com #[Win32/Viking.DA]
127.0.0.1 ccc.boolans.com #[Adware.Rugo]
127.0.0.1 err.boom.ru
127.0.0.1 www.borlander.cn #[Adware.Borlan]
127.0.0.1 www.borlander.com.cn #[ADSPY/Boran.X.19.C]
127.0.0.1 astalavista.box.sk #[SiteAdvisor.astalavista.box.sk]
127.0.0.1 ads.brainiads.com
127.0.0.1 download.bravesentry.com #[McAfee.BraveSentry]
127.0.0.1 support.bravesentry.com
127.0.0.1 www.bravesentry.com #[NOD32.Win32/Adware.SpySheriff.variant]
127.0.0.1 bans.bride.ru #[IE-SpyAd]
127.0.0.1 cc.bridgetrack.com
127.0.0.1 citi.bridgetrack.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 citi.bridgetrack.com.edgesuite.net
127.0.0.1 rccl.bridgetrack.com #[MVPS.Criteria]
127.0.0.1 banners.broadwayworld.com
127.0.0.1 www.browserplugin.com #[HJTH.EroticAccess][wobz.de]
127.0.0.1 bsdpng.info
127.0.0.1 btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.btbilgisayarkursu.com #[Win32/TrojanDownloader.Small.AWA]
127.0.0.1 www.bulletads.com
127.0.0.1 redemption.bullseye-media.net
127.0.0.1 users.bullseye-media.net
127.0.0.1 www.bullseye-media.net
127.0.0.1 bunnezone.com #[Win32/Jep.Russ]
127.0.0.1 burnsrecyclinginc.com #[Win32/TrojanDropper.Agent.NBX]
127.0.0.1 www.burnsrecyclinginc.com
127.0.0.1 ad1.bustcash.com
127.0.0.1 www.buy404s.com
127.0.0.1 www.buzzclick.com
127.0.0.1 tr.buzzlogic.com
127.0.0.1 byet.org #[zedo.com]
127.0.0.1 byindia.com #[Spamdexing]
127.0.0.1 www.byip.cn #[Google.Warning]
127.0.0.1 multi.byulcom.com #[Win32/TrojanDownloader.Small.BIV]
127.0.0.1 ads.calgarystampede.com
127.0.0.1 canadianhw.ca #[VBS/Envary.A]
127.0.0.1 www.canadianhw.ca
127.0.0.1 images.cashfiesta.com #[AdWare.CashFiesta.a]
127.0.0.1 www.cashfiesta.com #[McAfee.Adware-CashFiesta]
127.0.0.1 www.cashfiesta.net
127.0.0.1 banner.casinoking.com #[AdWare.Win32.Casino.ae]
127.0.0.1 www.cashventure.com
127.0.0.1 ads.casino.com
127.0.0.1 out.catchonlife.com #[lootseek.com]
127.0.0.1 ad.caradisiac.com
127.0.0.1 ads.cars.com
127.0.0.1 blockbuster.com.7.ccg360.com
127.0.0.1 blockbuster.med.ccg360.com
127.0.0.1 www.cd321.com
127.0.0.1 ads.cdfreaks.com #[eTrust.Ads.cdfreaks]
127.0.0.1 ads.cdrinfo.com
127.0.0.1 stats.cdrinfo.com #[WebBug]
127.0.0.1 www.celebritypicturesarchive.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 www.celebrity-pictures-world.com #[Trojan-Downloader.Win32.IstBar.nn]
127.0.0.1 clicktracker.centrum.cz
127.0.0.1 mds.centrport.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 cetrk.com
127.0.0.1 cesp.be #[HTML/TrojanDownloader.Agent.NAB]
127.0.0.1 adserver.cducinema.com
127.0.0.1 counter.cgiworld.net
127.0.0.1 tracker.cgiworld.net
127.0.0.1 abc.checkm8.com
127.0.0.1 rmm1u.checkm8.com
127.0.0.1 web.checkm8.com #[CHECKM8 AD TAGS]
127.0.0.1 web2.checkm8.com
127.0.0.1 ads.checkm8.co.za
127.0.0.1 ads.chellomedia.com
127.0.0.1 ads.china.com
127.0.0.1 www.china3q.com #[Trojan.Startpage.S]
127.0.0.1 ad.chip.de
127.0.0.1 www.chsniper.com #[Downloader.Sniper]
127.0.0.1 ad.cibleclick.com #[eTrust.Cibleclick]
127.0.0.1 www.cibleclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 cindyproject.info #[Spamdexing]
127.0.0.1 www.classicequipment.com #[Google.Warning]
127.0.0.1 board.classifieds1000.com
127.0.0.1 xp.classifieds1000.com
127.0.0.1 www.classifieds1000.com #[SiteAdvisor.classifieds1000.com]
127.0.0.1 images.clckm.com
127.0.0.1 pics.clckm.com #[Parking Service]
127.0.0.1 cleanfeed.info #[Spamdexing]
127.0.0.1 ads.clickad.com #[eTrust.Tracking Cookie]
127.0.0.1 clickbank.net #[Ad-Aware.Tracking Cookie]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank][Adware.ClickDLoader]
127.0.0.1 ssl.clickbank.net
127.0.0.1 zzz.clickbank.net #[Ewido.TrackingCookie.Clickbank]
127.0.0.1 publishers.clickbooth.com #[directleads.com]
127.0.0.1 clickboothlnk.com
127.0.0.1 www.clickboothlnk.com
127.0.0.1 j.clickdensity.com
127.0.0.1 r.clickdensity.com
127.0.0.1 dsml.clickexperts.net
127.0.0.1 www.clicks2you.com
127.0.0.1 www.clickmanage.com
127.0.0.1 clicktopsite.com #[Spamdexing]
127.0.0.1 clicktracks.com #[McAfee.Cookie-Clicktracks]
127.0.0.1 stats.clicktracks.com #[Tenebril.Tracking Cookie]
127.0.0.1 stats1.clicktracks.com # [eTrust.Tracking Cookie]
127.0.0.1 stats2.clicktracks.com #[SpySweeper.Spy.Cookie]
127.0.0.1 stats3.clicktracks.com
127.0.0.1 stats4.clicktracks.com
127.0.0.1 www.clicktracks.com #[SunBelt.ClickTracks]
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 hit.click2006.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com #[SunBelt.ClickHouse]
127.0.0.1 www.click-power.com #[Win32/TrojanDownloader.VB.JL][Win32.Virtumonde.by]
127.0.0.1 www.clicks4u.com #[IE-SpyAd]
127.0.0.1 www.clicksbroker.com
127.0.0.1 ad1.clickhype.com #[Ewido.TrackingCookie.Clickhype]
127.0.0.1 clickoly.com #[Spamdexing]
127.0.0.1 redirect.clickshield.net
127.0.0.1 clickthru.net
127.0.0.1 ads.clickthru.net
127.0.0.1 icon.clickthru.net
127.0.0.1 clicktorrent.info
127.0.0.1 static.clicktorrent.info
127.0.0.1 www.clicktorrent.info #[phpAds]
127.0.0.1 www1.clicktorrent.info
127.0.0.1 norbert_sirot.club.fr #[Trojan-Spy.Win32.Banker.anv]
127.0.0.1 banner.clubdicecasino.com
127.0.0.1 adserver.clix.pt
127.0.0.1 ad.cmfu.com
127.0.0.1 www.cnstats.com
127.0.0.1 ad.coas2.co.kr
127.0.0.1 ads.cobrad.com
127.0.0.1 collectiveads.net
127.0.0.1 www.combimedia.nl
127.0.0.1 bdx.comclick.com
127.0.0.1 br.comclick.com
127.0.0.1 ct2.comclick.com #[Tenebril.Tracking Cookie]
127.0.0.1 fl01.ct2.comclick.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Ewido.TrackingCookie.Comclick]
127.0.0.1 members.commissionmonster.com
127.0.0.1 aa.connextra.com
127.0.0.1 bb.connextra.com #[a22.g.akamai.net]
127.0.0.1 cc.connextra.com
127.0.0.1 dd.connextra.com
127.0.0.1 ee.connextra.com
127.0.0.1 ff.connextra.com #[a22.g.akamai.net]
127.0.0.1 data.connextra.com
127.0.0.1 linkexchange.consoleunderground.com
127.0.0.1 www.consoleunderground.com #[Adware.Begin2search]
127.0.0.1 ads.consumeraffairs.com
127.0.0.1 ads.contactmusic.com #[AdvertPro]
127.0.0.1 servedby.contextuad.org
127.0.0.1 svp.contextuad.org #[SunBelt.ContextuAd]
127.0.0.1 www.contextualclick.com #[Dynamic keywords analyser]
127.0.0.1 ads.console.net
127.0.0.1 su.copylouis.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 banners.copyscape.com
127.0.0.1 www.countit.ch
127.0.0.1 counter.co.kz
127.0.0.1 www.counter-gratis.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.countercentral.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter-shop.net
127.0.0.1 htm-pop-ky.counterstat.net
127.0.0.1 www.counting4free.com
127.0.0.1 www.counter.cz
127.0.0.1 www.counti.de
127.0.0.1 www.countmypage.com
127.0.0.1 log1.countomat.com
127.0.0.1 connectionzone.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 test.coremetrics.com #[SpySweeper.Spy.Cookie]
127.0.0.1 twci.coremetrics.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 banner.coza.com
127.0.0.1 www.cpaclicks.com #[Spamdexing]
127.0.0.1 server.cpmstar.com #[ads.shizmoo.com]
127.0.0.1 1.cq158.cn #[Win32/Agent.NAW]
127.0.0.1 cracklab.info #[server down?]
127.0.0.1 cracks.am #[eTrust.Cracks.am][ADW_CRAMTB.A]
127.0.0.1 www.cracks.am #[######-portal.com][Adware.CramToolbar]
127.0.0.1 ads.cracked.com
127.0.0.1 track.cracked.com
127.0.0.1 www.crackserver.com #[StopBadware.Report]
127.0.0.1 new.crashextads.co.uk
127.0.0.1 crawl.ws
127.0.0.1 cont.crawl.ws #[AdWare.Win32.MegaKiss.b]
127.0.0.1 www.crawl.ws
127.0.0.1 counter.credo.ru
127.0.0.1 www.cridem.org #[Win32/Spy.Banker.AHY]
127.0.0.1 www.crispads.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 ads.crucialparadigm.com
127.0.0.1 crunet.info #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 cxss358.com #[HTML/TrojanDownloader.Agent.BP]
127.0.0.1 cyberbounty.com
127.0.0.1 clk.cyberbounty.com
127.0.0.1 pop.cyberbounty.com
127.0.0.1 serve.cyberbounty.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 js.cybermonitor.com #[McAfee.Cookie-Cybermonitor]
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 banner.cybertechdev.com
127.0.0.1 cybertown.ru
127.0.0.1 search.cygo.net
127.0.0.1 www.cygo.net #[McAfee.Adware-Cygo]
127.0.0.1 cytron.com #[DailyWinner][eTrust.Cytron]
127.0.0.1 www.cytron.com
127.0.0.1 www.d3m0n.biz
127.0.0.1 dabestdomain.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 ads.dada.it
127.0.0.1 mm.dalumm.com #[Win32/TrojanDownloader.Small.TZ]
127.0.0.1 www.data-jpn.com #[Trojan.Pajatan]
127.0.0.1 banner.date.com #[Tenebril.Tracking Cookie]
127.0.0.1 www.dateclix.com #[DateClix.com Banner Exchange Code]
127.0.0.1 datingbanners.net
127.0.0.1 ads.datinggold.com
127.0.0.1 ad.db3nf.com
127.0.0.1 dcstat.com
127.0.0.1 deansplanet.com #[Malicious.Links.Zango]
127.0.0.1 www.deansplanet.com
127.0.0.1 au.track.decideinteractive.com
127.0.0.1 au.link.decideinteractive.com
127.0.0.1 eu.link.decideinteractive.com
127.0.0.1 link.decideinteractive.com
127.0.0.1 www.decideinteractive.com
127.0.0.1 www.decideinteractive.co.uk
127.0.0.1 deepcom.com #[SiteAdvisor.deepcom.com]
127.0.0.1 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com #[Microsoft]
127.0.0.1 demsas-iran.com #[VBS/Envary.A]
127.0.0.1 ads.dennisnet.co.uk
127.0.0.1 ad.depositfiles.com
127.0.0.1 ad.detik.com
127.0.0.1 desire-search.com #[Spamdexing]
127.0.0.1 ads.deviantart.com
127.0.0.1 adsvr.deviantart.com
127.0.0.1 phpadsnew.devstart.com
127.0.0.1 banners.diariodelaltoaragon.es
127.0.0.1 track.did-it.com #[Panda.Spyware:Cookie/did-it]
127.0.0.1 digiwexonline.com #[W32/Kibik.a]
127.0.0.1 www.digink.com #[PcTools.SysCheckBop32]
127.0.0.1 ads.digitalpoint.com
127.0.0.1 geo.digitalpoint.com
127.0.0.1 comm1.digits.com
127.0.0.1 counter.digits.com #[IE-SpyAd]
127.0.0.1 ads.dir.bg
127.0.0.1 banners.dir.bg
127.0.0.1 direct-ip.com #[Adware-DirectIP][SecurityRisk.DirectIP]
127.0.0.1 www.direct-ip.com #[Adware-DirectIP][Adware-CommanderNET]
127.0.0.1 ad.directconnect.se
127.0.0.1 banners.directnic.com #[SecuritySpace.WebBug][MVPS.Criteria]
127.0.0.1 dnads.directnic.com
127.0.0.1 parked.directnic.com
127.0.0.1 stats.directnic.com
127.0.0.1 www.directnicparking.com
127.0.0.1 cache.directorym.com #[c2.mii.instacontent.net]
127.0.0.1 ads.directnetadvertising.net
127.0.0.1 www.directnetadvertising.net #[Ad-Aware Tracking Cookie]
127.0.0.1 ad.displayadsmedia.com
127.0.0.1 agentq.ditto.com
127.0.0.1 js.ditto.com
127.0.0.1 matrix.ditto.com
127.0.0.1 media.ditto.com #[a232.x.akamai.net]
127.0.0.1 www.ditto.com #[AdWare.Win32.Softomate.c]
127.0.0.1 cnads.dixcom.com
127.0.0.1 dcww.dmcast.com #[Adware-DesktopMedia]
127.0.0.1 ad1.dmcmedia.co.kr
127.0.0.1 dmdl.dmcast.com
127.0.0.1 install.dmcast.com #[Adware-DesktopMedia.dr]
127.0.0.1 track.dmipartners.com
127.0.0.1 ads.dmnews.com
127.0.0.1 ad.dmpi.net
127.0.0.1 ad2.dmpi.net
127.0.0.1 ad3.dmpi.net
127.0.0.1 ad4.dmpi.net
127.0.0.1 ubnm.dmpi.net
127.0.0.1 www.dnscaching.net #[SiteAdvisor.dnscaching.net]
127.0.0.1 dnv-counter.com
127.0.0.1 www.domamil.cz #[Trojan.Beagooz]
127.0.0.1 www.dodostats.com
127.0.0.1 doorgen.com #[Spamdexing]
127.0.0.1 www.doorgen.com
127.0.0.1 ads.dotomi.com
127.0.0.1 www.donotchangeme.com
127.0.0.1 www.down988.cn #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 www.download-services.com #[VBA32.Trojan-Downloader.Agent.26]
127.0.0.1 www.downseek.com #[SunBelt.DownSeek Search]
127.0.0.1 downloa-d.com
127.0.0.1 www.downloa-d.com #[Trojan-Clicker.Win32.Agent.ip]
127.0.0.1 banners.dpnet.com.br
127.0.0.1 drmx01.net #[Spamdexing]
127.0.0.1 counter.dreamhost.com
127.0.0.1 www.claus.drehteile-rieche.de #[Win32.Formglieder.B]
127.0.0.1 www.dreamadvert.com #[SunBelt.Dreamadvert]
127.0.0.1 www.dropthehammer.com #[Win32/Spy.Banker.AHY]
127.0.0.1 ads.drugs.com
127.0.0.1 b.ds1.nl
127.0.0.1 ddd.dudu.com #[Tenebril.DuDu Accelerator]
127.0.0.1 ulink4.dudu.com #[Adware.DDDClient][SunBelt.DuDuAccelerator]
127.0.0.1 ulink13.dudu.com #[Win32/Adware.DM]
127.0.0.1 www.dudu.com #[McAfee.Downloader-AVV]
127.0.0.1 www.duenow.com
127.0.0.1 www.dutty.de #[W32.Peerload.A]
127.0.0.1 gfx.dvlabs.com
127.0.0.1 klipads.dvlabs.com
127.0.0.1 www.dzy520.com #[Google.Warning]
127.0.0.1 e2give.com #[Adware-E2Give][Spyware.e2give]
127.0.0.1 www.e2give.com
127.0.0.1 hits.e.cl
127.0.0.1 blogads.ebanner.nl
127.0.0.1 www.e-bannerx.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 www.earncashontheinternet.com #[SunBelt.OpinionBar]
127.0.0.1 www.eash.info #[Spamdexing][Microsoft.Strider]
127.0.0.1 click.easilyfound.com #[Tenebril.AdTraffic]
127.0.0.1 www.easilyfound.com
127.0.0.1 www.eastworldnetwork.com
127.0.0.1 www.easycounter.com #[IE-SpyAd]
127.0.0.1 banners.easydns.com
127.0.0.1 easyerror.info #[Trojan-Downloader.Win32.Delf.agw]
127.0.0.1 easyhitcounters.com
127.0.0.1 beta.easyhitcounters.com
127.0.0.1 www.ebannertraffic.com
127.0.0.1 easy-web-stats.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 mailer.ebates.com
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 ads.eccentrix.com
127.0.0.1 ads.ecrush.com #[AdvertPro]
127.0.0.1 www.eden21.net #[Win32/Haxdoor][TR/Dldr.Botol.D.1]
127.0.0.1 c6.edgesuite.net #[RealMedia]
127.0.0.1 ads.edirectme.com
127.0.0.1 qq.ee28.cn #[Javascript.Exploit]
127.0.0.1 www.ejmx.com #[Adware.ElectroJMX]
127.0.0.1 ad.e-kolay.net
127.0.0.1 www.ek21.com #[Trojan.Chost.B]
127.0.0.1 www.elancenet.org #[Worm/Eyeveg.CH]
127.0.0.1 elitwarez.ru #[Javascript.Exploit]
127.0.0.1 www.elitwarez.ru
127.0.0.1 now.eloqua.com #[WebBug]
127.0.0.1 ads.eluniversal.com.mx
127.0.0.1 hits.eluniversal.com.mx
127.0.0.1 publicidad.eluniversal.com.mx
127.0.0.1 elwebsearch.info #[Malicious Links]
127.0.0.1 wwv.elwebsearch.info
127.0.0.1 www.elwebsearch.info
127.0.0.1 ad1.emediate.dk
127.0.0.1 ad1.emediate.se
127.0.0.1 www.emoinstaller.com #[Win32/Adware.NdotNet][SiteAdvisor.emoinstaller.com]
127.0.0.1 www.emusic.com #[McAfee.Adware-eMusic][F-Secure.Adware.eMusic]
127.0.0.1 dotnet.endai.com
127.0.0.1 stats.engineseeker.com
127.0.0.1 entk.net
127.0.0.1 log.enquisite.com
127.0.0.1 adv.entercasino.com #[Adware.Casino.V]
127.0.0.1 ads.eog.com
127.0.0.1 ads.e-planning.net
127.0.0.1 ads.us.e-planning.net
127.0.0.1 adserving00.epi.es
127.0.0.1 adserving03.epi.es
127.0.0.1 launcheruk.escritorioactivo.com
127.0.0.1 vipuk.escritorioactivo.com #[HJTH.123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[eTrust.EScorcher]
127.0.0.1 www.eshopads2.com
127.0.0.1 estat.com
127.0.0.1 perso.estat.com #[Ewido.Spyware.Cookie.Estat]
127.0.0.1 prof.estat.com #[SecuritySpace.WebBug]
127.0.0.1 sky.estat.com
127.0.0.1 www.estat.com
127.0.0.1 gtb.etology.com
127.0.0.1 pages.etology.com
127.0.0.1 www.etracker.de
127.0.0.1 www.etxh.com #[Win32/Prosti.C]
127.0.0.1 ads.ero-advertising.com
127.0.0.1 adopt.euroclick.com #[Ewido.TrackingCookie.Euroclick]
127.0.0.1 cdn.euroclick.com
127.0.0.1 www.euroklik.nl #[EasyBar][HJTH.SinCity Dialer]
127.0.0.1 advert.eurotip.cz
127.0.0.1 www.euros4click.de
127.0.0.1 ad.eurosport.com #[oas.eurosport.com]
127.0.0.1 www.eurowebstats.com
127.0.0.1 www.everestpoker.com #[AdWare.Win32.Casino.t]
127.0.0.1 advert.exaccess.ru
127.0.0.1 dynamic.exaccess.ru
127.0.0.1 static.exaccess.ru
127.0.0.1 www.exchangead.com
127.0.0.1 exchange.bg
127.0.0.1 www.exchange.bg
127.0.0.1 exit-ad.de #[Ad-Aware.Tracking Cookie]
127.0.0.1 exitexchange.com #[IE-SpyAd][SiteAdvisor.exitexchange.com]
127.0.0.1 ads.exitexchange.com
127.0.0.1 count.exitexchange.com #[McAfee.Cookie-Exitexchange]
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.exittrade.com
127.0.0.1 www.exittraffic.net #[SiteAdvisor.exittraffic.net]
127.0.0.1 syndication.exoclick.com
127.0.0.1 nyton.experclick.com #[p.mii.instacontent.net]
127.0.0.1 www.experclick.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ads.expressindia.com
127.0.0.1 banners.expressindia.com
127.0.0.1 cdn.eyewonder.com #[SunBelt.EyeWonder]
127.0.0.1 pixel1097.everesttech.net
127.0.0.1 pixel1324.everesttech.net
127.0.0.1 pixel1370.everesttech.net
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 evilman.cn #[Win32/TrojanDownloader.VB.APY]
127.0.0.1 ads2.exhedra.com
127.0.0.1 www.eyeget.com #[McAfee.Adware-EyeGet]
127.0.0.1 feedback.eyereturn.com
127.0.0.1 resources.eyereturn.com
127.0.0.1 timespent.eyereturn.com
127.0.0.1 voken.eyereturn.com
127.0.0.1 ads.ezboard.com
127.0.0.1 eziin.com #[Adware.Eziin]
127.0.0.1 www.eziin.com
127.0.0.1 www.ezurl.co.kr #[Spyware.Ezurl]
127.0.0.1 ads.facebook.com #[facebook-ads.vo.llnwd.net]
127.0.0.1 www.factorygames.com #[SiteAdvisor.factorygames.com]
127.0.0.1 banner.fairpoker.com #[AdWare.Win32.Casino.w]
127.0.0.1 www.fast-adv.it
127.0.0.1 www.fastfind.org #[TROJ_STARTPAG.KF][Win32/Adware.MediaBack]
127.0.0.1 fastonlineusers.com
127.0.0.1 fasttrack.nu
127.0.0.1 fastwebcounter.com
127.0.0.1 counter.fateback.com
127.0.0.1 counter1.fc2.com
127.0.0.1 www.ffxiforums.net #[Trojan-PSW.Win32.OnLineGames.kw]
127.0.0.1 alex.fileburst.com #[Win32/TrojanDropper.Agent.NBT]
127.0.0.1 adserver.filefront.com #[Ad-Aware.Tracking Cookie]
127.0.0.1 findover.org #[Spamdexing]
127.0.0.1 search.findscout.com
127.0.0.1 www.findscout.com #[W32/Delf.KPZ]
127.0.0.1 ai.p.findology.com
127.0.0.1 banner.finn.no
127.0.0.1 ads.firingsquad.com
127.0.0.1 ads2.firingsquad.com
127.0.0.1 ads.firstgrand.com
127.0.0.1 firstwolf.org #[Downloader-BAC]
127.0.0.1 fishclix.com
127.0.0.1 www.fishclix.com
127.0.0.1 www.fish-screensaver.com #[AdWare.Win32.Gator.1008]
127.0.0.1 www.fjordbergen.com #[Win32/Spy.Banker.BIG]
127.0.0.1 www.fjjyjy.net #[Win32/Hipigon][W32.Fijjy]
127.0.0.1 cdn.flashedmail.com #[Parked?]
127.0.0.1 tracker1.flashedmail.com #[IE-SpyAd]
127.0.0.1 adserver4.fluent.ltd.uk
127.0.0.1 adserver.fmpub.net
127.0.0.1 dynamic.fmpub.net
127.0.0.1 static.fmpub.net
127.0.0.1 ads.fmwinc.com
127.0.0.1 www.foofle.net #[Backdoor.Foobot]
127.0.0.1 adcycle.footymad.net
127.0.0.1 www.forodeortodoncia.com #[Backdoor.IRC.Zapchast]
127.0.0.1 js.forrestersurveys.com
127.0.0.1 socratos.forrestersurveys.com
127.0.0.1 user.france.net.in #[Javascript.Exploit]
127.0.0.1 akcr.free.fr #[Win32/Spy.Bancos.U]
127.0.0.1 googlelite.free.fr #[Spamdexing]
127.0.0.1 ad.freecity.de
127.0.0.1 ads05.freecity.de
127.0.0.1 freecounters.xp.tl
127.0.0.1 maurobb.freecounter.it
127.0.0.1 www.freecounter.it
127.0.0.1 securinews.free.fr #[Trojan.Hexem]
127.0.0.1 www.freedownloadhq.com #[SiteAdvisor.freedownloadhq.com]
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehitwebcounters.com
127.0.0.1 adverts.freeloader.com
127.0.0.1 freelogs.com
127.0.0.1 bar.freelogs.com
127.0.0.1 goo.freelogs.com
127.0.0.1 htm.freelogs.com
127.0.0.1 ico.freelogs.com
127.0.0.1 joe.freelogs.com
127.0.0.1 mom.freelogs.com
127.0.0.1 xyz.freelogs.com
127.0.0.1 adserver.freenet.de
127.0.0.1 freeonlineusers.com
127.0.0.1 www.free-ranking.de
127.0.0.1 freescanpro.com
127.0.0.1 www.freescanpro.com
127.0.0.1 free-stats.com
127.0.0.1 abbyssh.freestats.com
127.0.0.1 insurancejournal.freestats.com
127.0.0.1 www.freestat.ws
127.0.0.1 www.freestats.ws
127.0.0.1 banners.freett.com
127.0.0.1 count.freett.com
127.0.0.1 counters.freewebs.com
127.0.0.1 ads.freeonlinegames.com
127.0.0.1 stats.freeonlinegames.com
127.0.0.1 error.freewebsites.com
127.0.0.1 www.freewebsites.com
127.0.0.1 media.ftv-publicite.fr #[RealMedia]
127.0.0.1 fullddl.com
127.0.0.1 www.fullddl.com #[HTML/TrojanDownloader.XXXToolbar]
127.0.0.1 404.funpic.de
127.0.0.1 funppc.com
127.0.0.1 www.funppc.com
127.0.0.1 ads.futurenetworkusa.com
127.0.0.1 ads.gad-network.com
127.0.0.1 adserver.gadu-gadu.pl
127.0.0.1 www.gamersbanner.com
127.0.0.1 ads.gameservers.com
127.0.0.1 ads.gamespy.com #[SpySweeper.Spy.Cookie]
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads.gamespyid.com
127.0.0.1 www.gameurdr.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 server.gamyun.net
127.0.0.1 www.gamyun.net #[Adware.GamyunIeToolbar]
127.0.0.1 ad.garantiarkadas.com
127.0.0.1 ads.gather.com
127.0.0.1 track.gawker.com #[WebBug]
127.0.0.1 js.gbeb.cc #[Javascript.Exploit]
127.0.0.1 haymarket-adserver.gcnpublishing.com
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 sda.geek.com #[AdvertPro]
127.0.0.1 adserver.geenstijl.nl
127.0.0.1 kassa.geenstijl.nl
127.0.0.1 adserver.geizkragen.de
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 geotarget.info #[Whois.Blacklisted]
127.0.0.1 banners.geotarget.info
127.0.0.1 www.geotarget.info
127.0.0.1 www.geowhere.net #[SunBelt.GeoWhere Search]
127.0.0.1 get-access.host.sk #[McAfee.StartPage-IR]
127.0.0.1 getclicky.com
127.0.0.1 static.getclicky.com
127.0.0.1 www.getmusicvideocodes.com #[Malicious.Links.Zango]
127.0.0.1 www.getsmart.com
127.0.0.1 dlx.getupdate.com #[AdvWare.ToolBar.VB.b][Adware.Getup]
127.0.0.1 banner.giantvegas.com
127.0.0.1 truehits.gits.net.th
127.0.0.1 truehits1.gits.net.th
127.0.0.1 ads.globo.com
127.0.0.1 ads.img.globo.com
127.0.0.1 glory-movy.net #[Javascript.Exploit]
127.0.0.1 duke.gocomics.com #[ads.uclick.com]
127.0.0.1 www.god74.com #[Trojan.Huanux]
127.0.0.1 www.godesktop.com #[SiteAdvisor.godesktop.com]
127.0.0.1 adserver2.goals365.com
127.0.0.1 www.go-and-search.com #[Spamdexing]
127.0.0.1 goglee.biz
127.0.0.1 www.goglee.biz
127.0.0.1 golden-keys.net #[Spamdexing]
127.0.0.1 banner.goldenpalace.com #[Tenebril.Tracking Cookie]
127.0.0.1 stage.goldkey.com #[Parking Service]
127.0.0.1 goldstats.net
127.0.0.1 www.goldstats.net
127.0.0.1 www.goodhealth-search.com #[Spamdexing]
127.0.0.1 www.qooqlesearch.com #[Spamdexing]
127.0.0.1 www.goggle.com #[IE-SpyAd][typo squatter]
127.0.0.1 google-counter.com #[Win32/Spy.Banker.CKW]
127.0.0.1 www.google-counter.com #[Google.Warning]
127.0.0.1 google-moogle.com #[Spamdexing]
127.0.0.1 www.google-moogle.com
127.0.0.1 show.googleadsenseagent.com #[Adware.Roogoo][server down?]
127.0.0.1 www.google-hard.com #[Win32/TrojanProxy.Agent.LK]
127.0.0.1 google-pharmacy.com #[Spamdexing]
127.0.0.1 goooglegulp.com #[Spamdexing]
127.0.0.1 www.gogogo.com #[PremiumTraffic.Parking Service]
127.0.0.1 partner.gonamic.de
127.0.0.1 www.goodsearchnow.com #[Trojan.Jakposh]
127.0.0.1 googlus.com #[Spamdexing]
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 goserv.com #[VBS/Exploit.Phel.A]
127.0.0.1 stat.org.gosite.ws
127.0.0.1 gostats.com
127.0.0.1 as.gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com #[SpySweeper.Spy.Cookie]
127.0.0.1 c3.gostats.com
127.0.0.1 c4.gostats.com #[Panda.Spyware:Cookie/GoStats]
127.0.0.1 ded.gostats.com
127.0.0.1 monster.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 ads.goyk.com
127.0.0.1 www.gpt-pal.com #[Javascript.Exploit]
127.0.0.1 graffitifonts.com
127.0.0.1 www.graffitifonts.com #[Malicious.Links.Zango]
127.0.0.1 graficastrigo.com #[Trojan.Tabela.E]
127.0.0.1 www.gratis-toplist.de
127.0.0.1 adv.gratuito.st
127.0.0.1 greatfog.com #[Javascript.Exploit]
127.0.0.1 www.greasypalm.co.uk #[PcTools.GreasyPalm bar]
127.0.0.1 greencunt.org #[Javascript.Exploit]
127.0.0.1 grepblogs.net
127.0.0.1 grigcnt.info #[Javascript.Exploit]
127.0.0.1 adserver.gruprc.ro
127.0.0.1 publi.grupocorreo.es #[RealMedia]
127.0.0.1 ads.guru3d.com
127.0.0.1 www.g-wizzads.net #[adbureau.net]
127.0.0.1 www.h148.cn #[Google.Warning]
127.0.0.1 ads2.haber3.com
127.0.0.1 www.handyarchive.com #[SiteAdvisor.handyarchive.com]
127.0.0.1 www.haogs.cn
127.0.0.1 www.haosf128.com #[Google.Warning]
127.0.0.1 streamit.hardwarezone.com
127.0.0.1 ad1.hardware.no #[AdvertPro]
127.0.0.1 adserver.hardwareanalysis.com
127.0.0.1 www.harmonyhollow.net #[Adware Bundler]
127.0.0.1 ads.harpers.org
127.0.0.1 hartim.com
127.0.0.1 ad0.haynet.com
127.0.0.1 ad.hbv.de
127.0.0.1 ads.heias.com
127.0.0.1 www.helpdesignonline.com
127.0.0.1 helpingfind.info #[SiteAdvisor.msiesettings.com]
127.0.0.1 www.henbang.net #[Adware.Henbang][SPYW_HAP.A]
127.0.0.1 www.hentaibanners.com
127.0.0.1 www.hentaicashmachine.com
127.0.0.1 www.hentaicounter.com
127.0.0.1 www.hentaipop.com #[Electronic Group Dialer]
127.0.0.1 www.hentaiseeker.com
127.0.0.1 www.hentaitoonami.com
127.0.0.1 ads.herbalsmokeshop.com
127.0.0.1 www.herbalsmokeshops.com
127.0.0.1 www2.hermoment.com
127.0.0.1 www.hermoment.com
127.0.0.1 ads.hexun.com
127.0.0.1 www.hey.lt
127.0.0.1 hiden.info #[Javascript.Exploit]
127.0.0.1 pubs.hiddennetwork.com
127.0.0.1 ads.highdefdigest.com
127.0.0.1 www.hiperstat.com
127.0.0.1 adserver.hispanoclick.com
127.0.0.1 www.hitscount.com
127.0.0.1 hits-counter.com
127.0.0.1 www.hits-counter.com
127.0.0.1 ctr.hitcounter-1.com
127.0.0.1 www.hit-counter-download.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com #[ADW_HITHOPPER.A]
127.0.0.1 www.hitlogger.com
127.0.0.1 rdr.hitmngr.com
127.0.0.1 hitmodel.net
127.0.0.1 www.hit-counts.com
127.0.0.1 hit-now.com
127.0.0.1 www.hitscreamer.com
127.0.0.1 hitslog.com
127.0.0.1 h1.hitslog.com
127.0.0.1 s4.histats.com
127.0.0.1 s10.histats.com
127.0.0.1 s11.histats.com
127.0.0.1 www.hitstats.co.uk
127.0.0.1 hitstats.net
127.0.0.1 www.hittracking.com
127.0.0.1 images.hitwise.co.uk
127.0.0.1 anna.homeftp.net #[W32.Linkbot.A]
127.0.0.1 adserver.hostfinderguy.com
127.0.0.1 www.gontijoamaral.hpg.com.br #[Adware.Diginum]
127.0.0.1 www.adserver.home.pl
127.0.0.1 www.homeoffun.com #[SiteAdvisor.homeoffun.com]
127.0.0.1 counters.honesty.com
127.0.0.1 cgi.honesty.com #[MVPS.Criteria]
127.0.0.1 ad.hosting.pl
127.0.0.1 ns1.hosting101.biz #[JS/Small.DN]
127.0.0.1 hot8888.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 hot8888.cn #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 ad2.hotels.com
127.0.0.1 www.hot-lindsay.com #[Zango][Parked?]
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 hotstream.info
127.0.0.1 ad.howstuffworks.com #[RealMedia][SpySweeper.Spy.Cookie]
127.0.0.1 hpod.com
127.0.0.1 www.htmate2.com #[Cursor.MySpace]
127.0.0.1 adserver.html.it
127.0.0.1 click.html.it
127.0.0.1 vip.huigezi.com #[Backdoor.Graybird.Q][W32.Looked.F]
127.0.0.1 down.hunll.com #[BDS/Agent.ahj.701]
127.0.0.1 www.huxley-online.net #[Win32/Spy.Elite.10.A]
127.0.0.1 hyip-review.info #[Javascript.Exploit]
127.0.0.1 www.hypercounter.com
127.0.0.1 www.hypertracker.com #[SpySweeper.Spy.Cookie]
127.0.0.1 ads.iafrica.com
127.0.0.1 ibm-ssl.com #[Trojan.DR.Cimuz.Gen.1]
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com #[SunBelt.ICDirect.com]
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 tracker.icerocket.com
127.0.0.1 ads.idgnow.com.br
127.0.0.1 banners.idg.com.br
127.0.0.1 adidm07.idmnet.pl
127.0.0.1 adidm.idmnet.pl
127.0.0.1 ie-exe.com #[AdWare.Win32.Softomate.x]
127.0.0.1 ad.ifrance.com
127.0.0.1 ijk.cc #[JS/Downloader-BCP]
127.0.0.1 image-catcher.com
127.0.0.1 bar.iebar8.com #[Adware.Navihelper]
127.0.0.1 stats.surfaid.ihost.com #[IE-SpyAd]
127.0.0.1 adserver.ig.com.br
127.0.0.1 gate.ilogbox.com
127.0.0.1 ads.imeem.com
127.0.0.1 bbn.img.com.ua
127.0.0.1 content-ads.impactengine.com
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 ads.ims.nl
127.0.0.1 s201.indexstats.com
127.0.0.1 stats.indexstats.com #[Analytics Tracking Code]
127.0.0.1 stats.indextools.com #[eTrust.Tracking Cookie]
127.0.0.1 campaign.indieclick.com
127.0.0.1 optimize.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 get.inetbar.com #[SunBelt.INetBar]
127.0.0.1 juggler.inetinteractive.com
127.0.0.1 rotator.juggler.inetinteractive.com
127.0.0.1 banners.inetfast.com
127.0.0.1 adserving.infinite-ads.com
127.0.0.1 www.infineo.de #[Win32/Spy.Banker.AWA]
127.0.0.1 www.info--bits.com
127.0.0.1 infospot.infocious.com
127.0.0.1 ads.infospace.com #[ADW_DEALHELPER.C]
127.0.0.1 msxml.infospace.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.infotelsrl.com #[eTrust.Infotel srl]
127.0.0.1 ads.injersey.com #[RealMedia]
127.0.0.1 bimonline.insites.be
127.0.0.1 ads.intellicast.com #[weather.com]
127.0.0.1 strtt.interfree.it #[W32.Iberio]
127.0.0.1 counter.internet.ge
127.0.0.1 indiads.com
127.0.0.1 images.indiads.com
127.0.0.1 servedby.indiads.com #[RealMedia]
127.0.0.1 popups.infostart.com #[eTrust.Popups.infostart.com]
127.0.0.1 www.imiclk.com
127.0.0.1 inexplorer.com
127.0.0.1 toolbar.inexplorer.com #[Win32/Parite.B]
127.0.0.1 www.inexplorer.com
127.0.0.1 www.inpopo.com #[W32.Validin]
127.0.0.1 oc.inspectorclick.com
127.0.0.1 trax.inspectorclick.com
127.0.0.1 v2.inspectorclick.com
127.0.0.1 v3.inspectorclick.com
127.0.0.1 instantbuzz.com #[NOD32.Win32/Adware.InstantBuzz]
127.0.0.1 www2.instantbuzz.com
127.0.0.1 www.instantbuzz.com #[Adware.ToolBar.InstantBuzz.a]
127.0.0.1 media.intelia.it
127.0.0.1 anm.intelli-direct.com #[IntelliTracker]
127.0.0.1 info.intelli-direct.com
127.0.0.1 oxfam.intelli-direct.com
127.0.0.1 tui.intelli-direct.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 intraviewer.net
127.0.0.1 www.intraviewer.net
127.0.0.1 newadserver.interfree.it #[Adcycle]
127.0.0.1 internet-explorer.name #[Trojan-Clicker.Win32.Agent.ip]
127.0.0.1 www.internet-explorer.name
127.0.0.1 www.interstats.nl
127.0.0.1 www.intrastats.com
127.0.0.1 channels.intwined.com #[Adware/ToolBar.ISearch.c]
127.0.0.1 search.intwined.com
127.0.0.1 www.intwined.com #[McAfee.Adware-SSF!Hosts]
127.0.0.1 www.invinc.com #[Troj/Dloader-J]
127.0.0.1 www.ipcounter.de
127.0.0.1 ad2.ip.ro
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipqwe.com #[Exploit.ANI]
127.0.0.1 content.ipro.com #[WebBug]
127.0.0.1 www.ipstat.com
127.0.0.1 adzones.ircspy.com
127.0.0.1 isecurepages.net #[Google Warning]
127.0.0.1 www.isecurepages.net #[IFrame.Exploit]
127.0.0.1 www.istats.nl
127.0.0.1 a.isohunt.com
127.0.0.1 adserver1.isohunt.com
127.0.0.1 ads.isoftmarketing.com
127.0.0.1 banman.isoftmarketing.com
127.0.0.1 ads1.itadnetwork.co.uk
127.0.0.1 itcompany.com #[SunBelt.Family Cyber Alert]
127.0.0.1 www.itcompany.com #[Symantec.Spyware.CyberAlert]
127.0.0.1 www.itemgame.net #[W32/HLLP.Philis.ar][server down?]
127.0.0.1 itisbest.info #[Spamdexing]
127.0.0.1 itnos.info
127.0.0.1 www.itrackpages.com
127.0.0.1 ilead.itrack.it
127.0.0.1 adserver.itsfogo.com
127.0.0.1 partnerfeed.itsfogo.com
127.0.0.1 www1.itsun.com
127.0.0.1 www8.itsun.com
127.0.0.1 ads.itv.com #[adbureau.net]
127.0.0.1 barafranca.iwarp.com #[Win32/Spy.ProAgent]
127.0.0.1 www.iwebmusic.com
127.0.0.1 iwebtunes.com #[FTC Action]
127.0.0.1 www.iwebtunes.com
127.0.0.1 ad.jamba.de
127.0.0.1 ad.jamba.net
127.0.0.1 ad.jamster.com
127.0.0.1 www.jcount.com
127.0.0.1 www.jellycounter.com
127.0.0.1 www.jethit.com
127.0.0.1 t1.jfglass.net #[Trojan.Booha]
127.0.0.1 dl.jiangmin.com #[Adware-BDSearch.dr]
127.0.0.1 jimmybuttons.com #[eTrust.Win32/Nirbot]
127.0.0.1 www.jm-my.com #[BackDoor-CXI]
127.0.0.1 ad.joetec.net
127.0.0.1 jointmediagroup.com #[Trojan-Spy.Win32.Delf.uc]
127.0.0.1 ads.jokaroo.com
127.0.0.1 jpedownload.joltid.com
127.0.0.1 banners.joost.com
127.0.0.1 ads.jossip.com
127.0.0.1 pastorale.jpn.org #[Win32/Spy.Banker.AHY]
127.0.0.1 www.joltid.com #[Adware.P2PNetworking][SPYW_PPNETWORK.B]
127.0.0.1 promotion.jpds.com
127.0.0.1 www.jprmthome.com #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.jstracker.com
127.0.0.1 ads.jt.org
127.0.0.1 www.justfreegames.com #[AdWare.Win32.Relevant.a]
127.0.0.1 925.vip.jx828.net #[HTML/Exploit.IframeBof]
127.0.0.1 jxdoe.com #[Win32/TrojanDownloader.Ani.Gen]
127.0.0.1 www.k265.com #[Adware.Borlan]
127.0.0.1 stat.katalysatormedia.no
127.0.0.1 kazantip-top.com
127.0.0.1 www.kazantip-top.com #[HTML/Exploit.VMLFill]
127.0.0.1 ads.webfever.kadserver.com
127.0.0.1 ads.deblok.net.kadserver.com
127.0.0.1 ads.zebest-3000.net.kadserver.com
127.0.0.1 countus.get.kadserver.com
127.0.0.1 geo113prod.kadserver.com
127.0.0.1 get.kadserver.com
127.0.0.1 scripts.kataweb.it
127.0.0.1 kazaalite.pl
127.0.0.1 www.kazaalite.pl #[MHTMLRedir.Exploit]
127.0.0.1 gavzad.keenspot.com
127.0.0.1 ad.kewlbox.com
127.0.0.1 a.keyrun.com #[Adware-TargetAD]
127.0.0.1 u.keyrun.com
127.0.0.1 union.keyrun.com
127.0.0.1 ww.keyrun.com
127.0.0.1 www1.keyrun.com
127.0.0.1 www.keyrun.com
127.0.0.1 banner.kiev.ua
127.0.0.1 kikclick.com #[Spamdexing]
127.0.0.1 adserve.kikizo.com
127.0.0.1 union.db.kingsoft.com #[PopupAds]
127.0.0.1 www.kiss-search.net
127.0.0.1 ebay.kisswin.com #[Adware.Kiswin]
127.0.0.1 kjsc.org #[Win32/Spy.Banker.ANV]
127.0.0.1 ads.kleinman.com #[Adcycle]
127.0.0.1 www.klikvipresources.com #[Spamdexing]
127.0.0.1 gfx.klipmart.com #[gfx.dvlabs.com]
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 ads.klixxx.com
127.0.0.1 www.km-nyc.com #[W32.Lecna.A]
127.0.0.1 click.kmindex.ru
127.0.0.1 counter.kmindex.ru
127.0.0.1 counting.kmindex.ru
127.0.0.1 www.kmindex.ru
127.0.0.1 www.knacads.com
127.0.0.1 xx.ko51.com #[Google.Warning]
127.0.0.1 images.kolmic.com
127.0.0.1 pics.kolmic.com #[Parking Service]
127.0.0.1 ads.komli.com
127.0.0.1 www.kompass-intl.com #[Win32/Adware.Toolbar.PowerSearch]
127.0.0.1 de.komtrack.com
127.0.0.1 koolbar.net #[Adware Bundler][ADW_KOOLBAR.A]
127.0.0.1 www.koolbar.net #[eTrust.AutoSearch]
127.0.0.1 sitestat.kpn-is.nl
127.0.0.1 kuaiso.com #[AdWare.Win32.Kuaiso.a]
127.0.0.1 toolsbar.kuaiso.com #[Adware.Kuaiso]
127.0.0.1 www.kuaiso.com
127.0.0.1 kustusch.com #[Javascript.Exploit]
127.0.0.1 www.kz163.net #[Win32/Virut]
127.0.0.1 alwaysforfriend.land.ru #[Trojan-Downloader.Win32.Banload.bdp]
127.0.0.1 www.animacoes.land.ru #[Downloader.Swif.B]
127.0.0.1 landinghall.com #[Spamdexing]
127.0.0.1 www.latinbusca.com #[Adware-CommanderNET]
127.0.0.1 ads.lawnsite.com
127.0.0.1 layer-ads.de
127.0.0.1 www.layer-ads.de
127.0.0.1 banner.lbs.km.ru
127.0.0.1 iframe.leadacceptor.com
127.0.0.1 leakedcelebvideos.com #[Win32/TrojanDownloader.Agent.BCZ]
127.0.0.1 www.leakedcelebvideos.com
127.0.0.1 lem0n.info
127.0.0.1 pubs.lemonde.fr
127.0.0.1 www.leopardsearch.com
127.0.0.1 ads.letemps.ch
127.0.0.1 www.letusearch.com #[Google.Warning]
127.0.0.1 ts1.lexmark.com
127.0.0.1 leythosthestalker.com
127.0.0.1 www.leythosthestalker.com
127.0.0.1 adserver.libero.it
127.0.0.1 adv-banner.libero.it
127.0.0.1 phpads.lime.com
127.0.0.1 link.ru
127.0.0.1 link.link.ru
127.0.0.1 www.linkads.net #[IE-SpyAd]
127.0.0.1 ads.linki.nl
127.0.0.1 www.linkads.de
127.0.0.1 linkbuddies.com
127.0.0.1 banners.linkbuddies.com
127.0.0.1 www.linkbuddies.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linksexchange.net
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 www.linkopp.net
127.0.0.1 click.linkstattrack.com #[SiteAdvisor.linkstattrack.com]
127.0.0.1 www.linkpal.biz #[Trojan.Win32.LowZones.dr]
127.0.0.1 linktarget.com
127.0.0.1 banner.linktech.cn
127.0.0.1 www.linkworth.com
127.0.0.1 ads.linuxjournal.com
127.0.0.1 www.ligue13.com #[Win32/Spy.Banker.BIG]
127.0.0.1 www.liveads.org
127.0.0.1 livecounter.net
127.0.0.1 www.livecounter.net
127.0.0.1 image.adv.livedoor.com
127.0.0.1 js.livehelper.com
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 ads.livescore.com
127.0.0.1 traffic.liveuniversenetwork.com
127.0.0.1 traffic.livevideo.com
127.0.0.1 broadent.vo.llnwd.net
127.0.0.1 lw.lnkworld.com
127.0.0.1 loadz.biz #[Javascript.Exploit]
127.0.0.1 omnituretrack.local.com
127.0.0.1 ads.locators.com
127.0.0.1 toolbar.locators.com #[AdWare.Win32.Locator.f]
127.0.0.1 www.lojastal.com.br #[Win32/Spy.Banker.ANV]
127.0.0.1 lol.to #[HTML/Exploit.Mht]
127.0.0.1 err.lolipop.jp
127.0.0.1 www.lookde5.com #[W32.Looked]
127.0.0.1 lookoutsoft.net #[SiteAdvisor.lookoutsoft.net]
127.0.0.1 screensavers.lookoutsoft.net
127.0.0.1 www.lookoutsoft.net #[AdWare.Win32.WinAD.b]
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 lolteens.in #[Haxdoor.Exploit]
127.0.0.1 lottery-news.info #[HTML/TrojanDownloader.Agent.NAB]
127.0.0.1 hexusads.fluent.ltd.uk
127.0.0.1 www.luxemil.com #[Google.Warning]
127.0.0.1 ads-apsa.lvz-online.de
127.0.0.1 www.lynxtrack.com
127.0.0.1 counter.lyricsdownload.com
127.0.0.1 www.lyricspy.com #[PluginAccess]
127.0.0.1 666.lyzh.com #[Trojan-PSW.Win32.Lineage.aec][TSPY_LINEAGE.WK]
127.0.0.1 m2k.ru
127.0.0.1 ad.m5prod.net
127.0.0.1 ad.m-adx.com
127.0.0.1 media.m-adx.com
127.0.0.1 www.macrcmedia.com #[Exploit.ANI]
127.0.0.1 www.macrcmedia.net
127.0.0.1 ads.madisonavenue.com
127.0.0.1 resource.madisonavenue.com
127.0.0.1 textads.madisonavenue.com
127.0.0.1 www.madrascements.com #[Win32/Spy.Banker.Big]
127.0.0.1 banner.magicboxcasino.com #[AdWare.Win32.Casino.w]
127.0.0.1 msn-sexoweb.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 humortadela.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 www.novogerador.mail15.com
127.0.0.1 www.uolcard.mail15.com #[Trojan-Spy.Win32.Banker.ark]
127.0.0.1 voegol.mail15.com #[Win32/Spy.Banker.ANV]
127.0.0.1 humortadela0.mail333.com #[Win32/Spy.Banker.AHY]
127.0.0.1 destino-gol.mail333.com #[Win32/Spy.Banker.BCK]
127.0.0.1 www.messengerbeta.mail333.com #[Win32/Spy.Banker.BCK]
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 ads.marketing-internet.com
127.0.0.1 marketing-know-how.com #[TR/Dldr.iBill.V]
127.0.0.1 adsnew.maktoob.com #[AdvertPro]
127.0.0.1 aw.masterstats.com
127.0.0.1 erotic.masterstats.com
127.0.0.1 image.masterstats.com
127.0.0.1 link.masterstats.com
127.0.0.1 vw.masterstats.com #[Ewido.TrackingCookie.Masterstats]
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.maxi-music.fr #[Win32/Spy.Banker.ANV]
127.0.0.1 ads.maxivip.fr
127.0.0.1 sitestat.mayoclinic.com
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com #[Tenebril.Tracking Cookie]
127.0.0.1 www2.md80.cn
127.0.0.1 www.md80.cn #[W32.Validin]
127.0.0.1 tracker.measuremap.com
127.0.0.1 mcmads.mediacapital.pt #[DoubleClick]
127.0.0.1 matrix.mediavantage.de
127.0.0.1 adland.medialand.ru
127.0.0.1 adnet.medialand.ru
127.0.0.1 content.medialand.ru
127.0.0.1 ads.mediamayhemcorp.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 acvs.mediaonenetwork.net
127.0.0.1 acvsrv.mediaonenetwork.net
127.0.0.1 ads1.mediaops.com.br
127.0.0.1 ad2.pl.mediainter.net
127.0.0.1 servedby.mediaplace.tv #[ad.firstadsolution.com]
127.0.0.1 media-servers.net
127.0.0.1 search.mediatarget.com
127.0.0.1 ads.mediaturf.net #[McAfee.Cookie-Mediaturf]
127.0.0.1 adv.medscape.com #[ads.webmd.com]
127.0.0.1 megabablo.info
127.0.0.1 www.megastats.com
127.0.0.1 exit.megago.com #[SpySweeper.Spy.Cookie]
127.0.0.1 www.megago.com #[typo squatter]
127.0.0.1 www.mercuras.com
127.0.0.1 reklama.metacafe.com
127.0.0.1 adserv2.meritdesigns.com
127.0.0.1 ads.metropol.dk
127.0.0.1 automagazine.metriweb.be
127.0.0.1 hln-frinfos.metriweb.be
127.0.0.1 levif.metriweb.be
127.0.0.1 line01.metriweb.be #[Ad-Aware.Tracking Cookie]
127.0.0.1 line02.metriweb.be
127.0.0.1 line03.metriweb.be
127.0.0.1 line04.metriweb.be #[SpySweeper.Spy Cookie]
127.0.0.1 line05.metriweb.be
127.0.0.1 line06.metriweb.be
127.0.0.1 line07.metriweb.be #[Panda.Spyware:Cookie]
127.0.0.1 line08.metriweb.be
127.0.0.1 line09.metriweb.be
127.0.0.1 line10.metriweb.be
127.0.0.1 line11.metriweb.be
127.0.0.1 line12.metriweb.be
127.0.0.1 line13.metriweb.be
127.0.0.1 line14.metriweb.be
127.0.0.1 line15.metriweb.be
127.0.0.1 line16.metriweb.be
127.0.0.1 line17.metriweb.be
127.0.0.1 line18.metriweb.be
127.0.0.1 line19.metriweb.be
127.0.0.1 line20.metriweb.be
127.0.0.1 line24.metriweb.be
127.0.0.1 line26.metriweb.be
127.0.0.1 line32.metriweb.be
127.0.0.1 rtbf09.metriweb.be
127.0.0.1 skynet-news.metriweb.be
127.0.0.1 zattevrienden.metriweb.be
127.0.0.1 m-gallery.org #[Javascript.Exploit]
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 www.mgshareware.com #[Adware Bundler][Parasite.MySearch]
127.0.0.1 w.mh8888.cn
127.0.0.1 microsoftout.com #[Phish.site]
127.0.0.1 ads.milenio.com
127.0.0.1 www.milesdebanners.com
127.0.0.1 adc1.mingpao.com
127.0.0.1 ads.mininova.org
127.0.0.1 ads.miniclip.com #[eur56deliv.247realmedia.com]
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 counter.mirohost.net
127.0.0.1 miron555.org #[Javascript.Exploit]
127.0.0.1 misofthelp.com
127.0.0.1 www.misofthelp.com #[Google Warning]
127.0.0.1 banner.missbingo.com #[AdWare.Win32.Casino.ae]
127.0.0.1 banner.missingkids.com
127.0.0.1 misterbanner.com
127.0.0.1 ads.mixi.jp
127.0.0.1 img.ads.mixi.jp
127.0.0.1 www.mlclick.com
127.0.0.1 vod.mmdy.org #[McAfee.StartPage-JN!CC32C55]
127.0.0.1 www.mmoi.cn #[Javascript.Exploit]
127.0.0.1 timeout.mmy88.cn #[Google.Warning]
127.0.0.1 www.mnogotrafa.net #[Spamdexing]
127.0.0.1 banners.mobilesidewalk.com
127.0.0.1 ads.mobygames.com
127.0.0.1 smile.modchipstore.com
127.0.0.1 survey2.modernmindsoftware.com
127.0.0.1 banners.mojoflix.com
127.0.0.1 ad.mokead.com #[Trojan.Daekom]
127.0.0.1 w5.mokead.com
127.0.0.1 www.mokead.com #[W32/DLoader.VZN]
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com #[SunBelt.AdServer.Monster.com]
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com #[SunBelt.cookie.monster]
127.0.0.1 www.moratoriumx.net #[JS/TrojanDownloader.Agent.BI]
127.0.0.1 m1.webstats.motigo.com
127.0.0.1 www.motioncodecs.com #[Win32/TrojanDownloader.Mediket]
127.0.0.1 www.movies.net.cn #[AdWare.Win32.AdBlaster.b]
127.0.0.1 www.mp3downloadhq.com #[SiteAdvisor.mp3downloadhq.com]
127.0.0.1 mp3today.net
127.0.0.1 mpamexit.com
127.0.0.1 ads.mrtones.com
127.0.0.1 msedulearner.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 69.66.0.20
DNS Server Search Order: 69.66.1.20

HKLM\SYSTEM\CCS\Services\Tcpip\..\{92AA402F-3C3A-4E9F-9335-6AF59B245CC9}: NameServer=69.66.0.20 69.66.1.20
HKLM\SYSTEM\CS2\Services\Tcpip\..\{92AA402F-3C3A-4E9F-9335-6AF59B245CC9}: NameServer=69.66.0.20 69.66.1.20


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
I had to cut some of the hosts, because it kept saying the post was too long. Sorry.

Hello

Download and Run ComboFix

• Download this file from below:
  
  Here
  
• Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Hi,

Ran ComboFix. Here's the log, and the new HJT log.

ComboFix 07-08-16.3 - "Douglas" 2007-08-17 9:07:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.88 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-17 09:05 51,200 --a--c--- C:\WINDOWS\nircmd.exe
2007-08-14 22:02 2,204 --a--c--- C:\WINDOWS\system32\tmp.reg
2007-08-14 16:54 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-17 00:12 --------- d----c--- C:\DOCUME~1\Douglas\APPLIC~1\MailWasher
2007-08-13 15:15 --------- d----c--- C:\Program Files\SpywareBlaster
2007-08-02 18:07 --------- d----c--- C:\Program Files\stickies
2007-07-02 09:24 --------- d----c--- C:\DOCUME~1\Douglas\APPLIC~1\MailFrontier
2007-06-28 18:41 --------- d----c--- C:\DOCUME~1\Douglas\APPLIC~1\AdobeUM
2007-06-26 01:08 1104896 --a--c--- C:\WINDOWS\system32\msxml3.dll
2007-06-19 08:31 282112 --a--c--- C:\WINDOWS\system32\gdi32.dll
2007-06-13 05:23 1033216 --a--c--- C:\WINDOWS\explorer.exe
2007-05-17 06:28 549376 -----c--- C:\WINDOWS\system32\oleaut32.dll
1998-08-24 12:09 10000 --a--c--- C:\WINDOWS\inf\unregpn.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SYSWB6"="SYSWB6" []
"nwiz"="nwiz.exe" [2005-06-15 17:20 C:\WINDOWS\system32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 17:20]
"Dit"="Dit.exe" [2002-08-28 14:43 C:\WINDOWS\Dit.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2002-02-20 22:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-04 13:18]
"hplampc"="C:\WINDOWS\system32\hplampc.exe" [2002-01-17 11:40]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 03:50]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"PopUpStopperProfessional"="C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe" [2005-06-01 17:09]

C:\Documents and Settings\Douglas\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2005-10-02 19:52:56]
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2004-10-26 12:02:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
CallWave.lnk - C:\DOCUME~1\Douglas\My Documents\My Downloads\Callwave11\IAM.exe [2002-12-11 16:09:33]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CWShredder Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SoundMan"=SOUNDMAN.EXE
"nwiz"=nwiz.exe /install
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
"hplampc"=C:\WINDOWS\system32\hplampc.exe

R0 MrFilter;EasyWrite Driver;C:\WINDOWS\system32\drivers\MrFilter.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 kid_sys;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\drivers\KID_SYS.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R3 Intels51;Creatix V.9X DSP Data Fax Modem;C:\WINDOWS\system32\DRIVERS\ctxs51.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 snpstd2;USB PC Camera (SN9C103);C:\WINDOWS\system32\DRIVERS\snpstd2.sys
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 hidgame;Microsoft Hid to Joystick Port Enabler;C:\WINDOWS\system32\DRIVERS\hidgame.sys
S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys
S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys
S3 ntxpusb;Gravis USB device driver;C:\WINDOWS\system32\drivers\ntxpusb.sys
S3 WmAdiHid;Logitech WingMan Digital Devices Driver;C:\WINDOWS\system32\drivers\WmAdiHid.sys
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys


Contents of the 'Scheduled Tasks' folder
2007-01-06 23:54:23 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-17 09:11:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-17 9:14:11

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 9:20:30 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\SYSWB6.exe
C:\WINDOWS\Dit.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
C:\WINDOWS\system32\Winkb6.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\Callwave11\IAM.exe
C:\Program Files\stickies\stickies.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SYSWB6] SYSWB6
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: CallWave.lnk = C:\Documents and Settings\Douglas\My Documents\My Downloads\Callwave11\IAM.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120013803375
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hi

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tr...Transporter.cab?
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.5.0) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

I see that Viewpoint Media Player is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto‑updating for the Viewpoint Manager ‑‑ the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components (Viewpoint, Viewpoint Manager, Viewpoint Media Player):

1. Click Start, point to Settings, and then click Control Panel.
2. In Control Panel, double-click Add or Remove Programs.
3. In Add or Remove Programs, highlight Viewpoint Media Player, click Remove.

Make sure AVG is up to date before proceeding

Run a scan with AVG.

• Click on Scanner
  • Click on the Settings tab, and set the following settings.
    • How to act
      • Click on Recommended actions, and set to Quarantine.
    • How to scan
      • Check all options.
    • Possibly unwanted software.
      • Check all options.
    • Reports
      • Check Do not automatically generate reports after every scan.
    • What to scan
      • Check Scan every file.
  • Click on the Scan tab.
    • Click on Complete System Scan and the scan will begin.
    • When the scan has finished
      • Make sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
      • At the bottom of the window click on the Apply all Actions button.

Note: Don't save the report before you hit the Apply action button.

Close AVG Anti-Spyware.

AVG will save a report in the following location C:\Program Files\Grisoft\AVG anti-spyware 7.5\Reports

Post back with the AVG report and a new HijackThis log. And let me know how your computer is behaving now.

Hi,
Here's a copy of the AVG scan report and a new HJT log. I also went ahead and removed the 'Viewpoint Media Player'. So far, the computer is working fine. The flashing icon and all the warning boxes are gone.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:51:42 PM 8/17/2007

+ Scan result:



C:\Documents and Settings\Douglas\My Documents\My Videos\CartoonInstall.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Downloads\weblock.exe/WeUninstall.exe -> Backdoor.Graybird : Cleaned with backup (quarantined).
C:\Documents and Settings\Douglas\My Documents\My Downloads\WeBlocker\WeBlockerII\weblock.exe/WeUninstall.exe -> Backdoor.Graybird : Cleaned with backup (quarantined).
C:\Documents and Settings\Douglas\My Documents\My Downloads\WeBlocker\weblock.exe/WeUninstall.exe -> Backdoor.Graybird : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WeUninstall.exe -> Backdoor.Graybird : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Dropper.Small.hx : Cleaned with backup (quarantined).
C:\WINDOWS\system32\notepad.exe.bak -> Dropper.Small.hx : Cleaned with backup (quarantined).
C:\Documents and Settings\Douglas\My Documents\My Jokes\Maytag Washing Machine.exe -> Not-A-Virus.BadJoke.Win32.Train : Cleaned with backup (quarantined).
:mozilla.55:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.138:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.246:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.227:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.324:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.259:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.217:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.46:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.47:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.48:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.49:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.50:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.51:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.52:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.293:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.325:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.59:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.60:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.62:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.115:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.116:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.175:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.176:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.177:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.178:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.179:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.180:C:\Documents and Settings\Douglas\Application Data\Mozilla\Firefox\Profiles\hg61w9u8.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 6:03:03 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\SYSWB6.exe
C:\WINDOWS\Dit.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Winkb6.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\Callwave11\IAM.exe
C:\Program Files\stickies\stickies.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Douglas\My Documents\My Downloads\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O1 - Hosts: 204.244.184.143 SafeWeb.com
O1 - Hosts: 204.244.184.143 WWW.SafeWeb.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SYSWB6] SYSWB6
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\PopUpStopperProfessional.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: CallWave.lnk = C:\Documents and Settings\Douglas\My Documents\My Downloads\Callwave11\IAM.exe
O8 - Extra context menu item: Add to filterlist (WebWasher) - http://-Web.Washer-/ie_add
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120013803375
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92AA402F-3C3A-4E9F-9335-6AF59B245CC9}: NameServer = 69.66.0.20 69.66.1.20
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hi mrgroovitude

The AVG I had you download is only a 30-day trial of the full product after which time, if you opt not to subscribe it reverts to a simple on-demand scanner. You already have Spybot S&D so disabling the AVG Guard is recommended, as they may conflict with each other. I would also suggest re-immunising with Spybot S&D and enabling the TeaTimer function.

[list[[*]Open AVG Anti-spyware
[*]Click Infections at the top
[*]Click on Select All
[*]Now click Remove Finally and press Yes at the prompt.
[*]Close AVG-Anti-Spyware[/list]

Delete the Combofix icon and the Smitfraudfix folder from your Desktop.

Navigate to and delete the following files and/or folders (if they are present):

Folders:
C:\Combofix
C:\Qoobox

Delete the older versions of Java and download the newest.
Please follow these steps to remove older version Java components.

1. Close any programmes you may have running, ESPECIALLY your web browser
2. Click Start > Control Panel.
3. Click Add/Remove Programs.
4. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
5. Click the Remove or Change/Remove button.
6. Repeat as many times as necessary to remove all versions of Java.
7. Reboot your computer once all Java components are removed.

Then download the latest version of Java Runtime Environment (JRE) (4th one down the list), which is JRE6u2, and click Yes at the page warning, then accept the Licence Agreement before downloading the Offline file.

I would advise updating Adobe Reader, as the latest version clears up any vulnerabilities of previous versions.
First uninstall the version you have on your computer then download and install Adobe Reader 8.1.

This is my usual speech for when you are clean, which you appear to be.

Please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore.
It's also a good idea to Flush your System Restore points after ridding yourself of malware:

• Click Start | Help and Support | Undo changes to your computer with System Restore.
• Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
• Close the Help and Support Center box.
• Click Start | Run and type Cleanmgr
• Select (C: ) then click OK.
• Click the More Options tab.
• Click Clean Up in the System Restore Section.

This will remove all previous restore points except the newly created one.

Here are some free programs, I recommend.

Spybot Search and Destroy
Download it from here . Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install Spyware Guard
Download it from here
Find here the tutorial on how to use Spyware Guard here

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here


Make sure your Windows is ALWAYS up to date!

An unpatched Windows is vulnerable and even with the "best" Antivirus and Firewall installed, malware will find its way through.
So visit http://windowsupdate.microsoft.com/ to download and install the latest updates.


Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?"


Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Thanks Scotty,

Things always get a little hectic here on the weekends. I removed the old versions of JAVA and Adobe, and downloaded the most current versions. Reset the system restore and updated all my anti virus and spyware programs. The computer is working great once again. Thanks again!!

Blessings,
Doug

You are welcome.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.