Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with this.


  • This topic is locked This topic is locked
25 replies to this topic

#1 ttomt

ttomt

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 30 September 2004 - 04:55 PM

Hello,

I think this may be new because I haven't seen reference to it anywhere.

First I scanned with Ad-Aware SE, Build 1.05. Clean. Spybot Clean.

When I go to a web site I get a logon screen like I have to Logon to a FTP site.
Asking for a User name and password. I'm getting these pop-ups on this site.

This started to happen after I down loaded AD-Aware SE Build 1.05 update from Majorgeeks.com.

This logon screen does not appear on all web sites I visit but most of them so far. I can't navigate any sites without first Xing out or clicking on Cancel. But that's not the end. When I do either of those I am redirected to another Logon screen with a different URL. After about four times clicking on cancel I finally get to the page I want.

Example: I click on Tek-Tips web site in my Favorites I get this Logon screen. I deleted the entry in my favorites and entered Tek-Tips in the address bar still get the Logon screen. I click on the Windows 2003 forum or any other forum. I get the Logon screen. In the forum I click on a question (Thread) before the page loads you guessed it a Logon screen. Now I go back to the forum before it loads the page another Logon screen.

The first Logon screen that always comes up is:
Connecting to pagead2.googlesyndication.com Then these will pop up. Here is a small list of others. It's endless.

They all have Connect to in the beginning.

.itxt.Vibrantmedis.com
.crs.Akamai.com
.Switch.atdmt.com
.Secure-us.imrworld.com
.toms.us.intell.txt.com
.www.tectads.biz
So on and so on.

I have Google as my home page. I changed it to Comcast's home page and I still get these Logon screens when I visit web sites.

My OS is XP SP2. I have XP's firewall turned off. I use Zone Alarm Free. I also have a Linksys router. I have the new IE Pop-up Blocker running. I have the Messenger Service turned off.

I updated five computers on my network/lab with AD-Aware SE in the same time frame. Four computers I down loaded the update to a folder and ran it from there. One I opened and ran from Majorgeeks and this is the one with the problem.

I ran Hijack This. I really don't know what to fix if anything. I ran it one time and fixed something and messed up a program I use and had to reload it again. So can you please check my log and tell me what to fix.



Thanks in advance.

HJT Log - ttomt

Logfile of HijackThis v1.98.2
Scan saved at 6:54:37 AM, on 9/26/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Migration\Migration.exe
C:\WINNT\GWHotKey.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis1982\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.attbi.com/cgi-bin/mywn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tom The Computer Guy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyDeskScheduler] C:\Program Files\Migration\Migration.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {315D1BD2-0165-48AE-9F91-9CC271704FBA} (LRNPrint Class) - file://D:\LRN Viewer\HTML\lrniehlp.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093024395137
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 30 September 2004 - 10:05 PM

Do you know what this is?
O4 - HKLM\..\Run: [SkyDeskScheduler] C:\Program Files\Migration\Migration.exe

Dont see anything else... Do you have a proxy enabled by accident?

The first thing I need you to do is download the file from here:

Getservices.zip - Get list of XP/2000/NT Services

Extract the file to the c:\ drive. Then navigate to the c:\getservices and double-click on the getservices.bat file. A notepad will open up. Please paste the contents of that notepad as a reply to this post along with a brand new hijackthis log.

#3 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 01 October 2004 - 08:51 AM

Thank you for the reply.

Some more info on this problem. As I am navigating this site I get these logon pop - up screens before I can see a page. I made a screen shot of this screen but I can't attach it because the file is to large.

The Sky Desk Scheduler is a online storage service and hard drive cloning service. Not a threat.

As far as I know I have no proxy enabled.

Here is the getservices.bat file.


PsService v1.1 - local and remote services viewer/controller
Copyright © 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AvgServ
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : AVG6 Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: Creative Service for CDROM Access
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\CTsvcCDA.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Creative Service for CDROM Access
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Fax
Enables you to send and receive faxes, utilizing fax resources available on this computer or on the network.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\fxssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fax
DEPENDENCIES : TapiSrv
: RpcSs
: PlugPlay
: Spooler
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: IISADMIN
Allows administration of Web and FTP services through the Internet Information Services snap-in
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\inetsrv\inetinfo.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IIS Admin
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: LocalSystem
COMMAND : reset.exe" /fail=%1%
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Run command DELAY: 1 seconds
: Run command DELAY: 1 seconds
: Run command DELAY: 1 seconds

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Iomega Activity Disk2
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME :
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Iomega Activity Disk2
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Iomega App Services
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\PROGRA~1\Iomega\System32\AppServices.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Iomega App Services
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 1
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: Service
: Distributed Transaction Coordinator
: 6
: 6
: es\Commo`
: 
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NVSvc
Provides system and desktop level support to the NVIDIA display driver
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\nvsvc32.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NVIDIA Display Driver Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PictureTaker
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME :
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : PictureTaker
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteRegistry
Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Registry
DEPENDENCIES : RPCSS
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
Provides notifications for AutoPlay hardware events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNMP
Includes agents that monitor the activity in network devices and report to the network console workstation.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\snmp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SNMP Service
DEPENDENCIES : EventLog
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNMPTRAP
Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\snmptrap.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SNMP Trap Service
DEPENDENCIES : EventLog
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\System32\dllhost.exe /Processid:{D0C3BDBE-D04B-4F0E-88DF-4283F2E7C03D}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TlntSvr
Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\tlntsvr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telnet
DEPENDENCIES : RPCSS
: TCPIP
: NTLMSSP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: vsmon
Monitors internet traffic and generates alerts for disallowed access.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\ZoneLabs\vsmon.exe -service
LOAD_ORDER_GROUP : TrueVector Group
TAG : 0
DISPLAY_NAME : TrueVector Internet Monitor
DEPENDENCIES : Afd
: RpcSs
: vsdatant
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.


TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: W3SVC
Provides Web connectivity and administration through the Internet Information Services snap-in
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\inetsrv\inetinfo.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : World Wide Web Publishing
DEPENDENCIES : IISADMIN
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WMDM PMSP Service
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\MsPMSPSv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMDM PMSP Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Wmi
Provides systems management information to and from drivers.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation Driver Extensions
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINNT\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: _IOMEGA_ACTIVE_DISK_SERVICE_
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Iomega\AutoDisk\ADService.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Iomega Active Disk
DEPENDENCIES : Iomega App Services
SERVICE_START_NAME: LocalSystem

Here is the new HijackThis log.

HJT log - ttomt

Logfile of HijackThis v1.98.2
Scan saved at 8:36:48 AM, on 10/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Migration\Migration.exe
C:\WINNT\GWHotKey.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis1982\HijackThis19802.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redire...onsumer&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://my.attbi.com/cgi-bin/mywn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Tom The Computer Guy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINNT\GWMDMpi.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyDeskScheduler] C:\Program Files\Migration\Migration.exe
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Startup: Registration-PCTV.lnk = C:\Program Files\Pinnacle\Pinnacle PCTV\ERegister\RegTool.exe
O4 - Global Startup: Pinnacle Scheduler.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O8 - Extra context menu item: &Check Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM (file missing)
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/ac...supportutil.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156/scanner/axscanner.cab
O16 - DPF: {315D1BD2-0165-48AE-9F91-9CC271704FBA} (LRNPrint Class) - file://D:\LRN Viewer\HTML\lrniehlp.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093024395137
O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://D:\Content\include\msSecUcd.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/A...eX/FileXfer.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dll
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 01 October 2004 - 09:47 AM

Do me a favor and post the image...you can upload the image here:

www.photobucket.com and then paste the link the image as a reply to this topic.

Also do you know what the service PictureTaker is? There is no binary path (fiename) which is odd.

#5 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 01 October 2004 - 11:34 AM

Here the info you wanted.

First, the logon screen I get is the same screen you would get logging on to a network or a passworded web site/ftp site. Here is the link to the screen shot.

As I stated, every time this pops up and I click cancel I get a new screen directed to another URL. This screen shot is the pop - up that comes first.

http://img.photobucket.com/albums/v466/ttomt/Pop-up.bmp

I'm looking to see what that picture taker service is all about. It is stopped and set to manual. So it is not running. I think it is part of the XP Power Toys. I down loaded it from Microsoft and only used Tweak UI so far. I am still checking.

Thanks

#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 01 October 2004 - 11:47 AM

Click on start, then run, and type:

notepad c:\windows\system32\drivers\etc\hosts and press enter.

Then copy and paste your hosts file to a reply to this

#7 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 01 October 2004 - 05:13 PM

Hello Grinler thanks again,

The HOST file is one of the things I checked before I posted my problem. I found noting that looks mysterious. My HOST file has a long list of garbage sites compiled by www.mvps.org/winhelp2002. All my lab computers have this same HOST file. None of them have this problem. Just this one. Maybe you can see something I didn't.

I can't trace that Picture taker in Services. It looks like it is a dead service. No program associated with it.




# This MVPS HOSTS file is a free download from: #
# http://www.mvps.org/winhelp2002/ #
# #
# Notes: the browser does not read this "#" symbol #
# You can create your own notes, after the # symbol #
# This *must* be the first line: 127.0.0.1 localhost #
# ********************************************************#
# ------------------Updated: 09-21-04---------------------#
# ********************************************************#
# Entries marked with Parasite or Trojan comments should #
# be placed in the Internet Explorer Restricted Zone. #
# http://mvps.org/winhelp2002/restricted.htm #
# #
# Entries with other comments are searchable via Google. #
# #
# Disclaimer: this file is free to use, however it is NOT #
# permitted to post on any other site without permission. #

127.0.0.1 localhost

#start of lines added by WinHelp2002
# [Misc Add-ons][A - Z]
127.0.0.1 downloads.aaa1screensavers.com #[Bargin Buddy]
127.0.0.1 abcsearch.com
127.0.0.1 admin.abcsearch.com
127.0.0.1 www3.abcsearch.com #[Browseraid]
127.0.0.1 www.abcsearch.com
127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
127.0.0.1 absoluagency.com #[Trojan.StartPage.H]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 actualnames.com #[Parasite.ActualNames][Spyware.ActualNames]
127.0.0.1 www.actualnames.com
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 adatom.com
127.0.0.1 aesp.adatom.com
127.0.0.1 adbest.com
127.0.0.1 adserv.adbonus.com
127.0.0.1 www.adbonus.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad3.adcept.net
127.0.0.1 www.adcept.net
127.0.0.1 adcomplete.com
127.0.0.1 www.adcomplete.com
127.0.0.1 www.adcopy.info
127.0.0.1 ads.adcorps.com
127.0.0.1 ads.addynamix.com
127.0.0.1 pt.server1.adexit.com
127.0.0.1 www.adexit.com
127.0.0.1 www.ad4ever.com
127.0.0.1 ads.adfuzz.com
127.0.0.1 adhearus.com
127.0.0.1 www2.adhost.com
127.0.0.1 www.addme.com
127.0.0.1 te.adlandpro.com
127.0.0.1 classic.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 www.adminder.com
127.0.0.1 adsfac.net
127.0.0.1 www.adonweb.com
127.0.0.1 www.adrelevance.com #[NetRatings]
127.0.0.1 media.adrevolver.com
127.0.0.1 adroar.com
127.0.0.1 ads.adroar.com
127.0.0.1 delta.adroar.com
127.0.0.1 iads.adroar.com #[Adware.AdRoar][ADW_ADROAR.A]
127.0.0.1 lists.adroar.com
127.0.0.1 www.adroar.com
127.0.0.1 ads.adsag.com
127.0.0.1 img.adsag.com
127.0.0.1 adserv.com
127.0.0.1 www.adserv.com
127.0.0.1 ads.adtomi.com
127.0.0.1 www.adtomi.com #[Adware.Adtomi]
127.0.0.1 www.adtoolsinc.com
127.0.0.1 www.adtrader.com
127.0.0.1 survey.advantageresearch.com
127.0.0.1 ad.adver.com.tw
127.0.0.1 ads.advertise.net
127.0.0.1 advertisingvision.com #[Adware.Advision]
127.0.0.1 www.advertisingvision.com
127.0.0.1 adviva.com
127.0.0.1 www.adviva.com
127.0.0.1 ads.adviva.net
127.0.0.1 adstats.adviva.net
127.0.0.1 tracker.affistats.com #[msvrl.dll]
127.0.0.1 www.affiliate.net #[Barnes & Noble]
127.0.0.1 www.affiliatefuel.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 affiliatetarget.com
127.0.0.1 www.affiliatetarget.com
127.0.0.1 fcds.affiliatetracking.net
127.0.0.1 our.affiliatetracking.net
127.0.0.1 www.affiliatetracking.net
127.0.0.1 www.affiliatetracking.com
127.0.0.1 partner.ah-ha.com #[Troj/Subsear-A][Adware-SSF.dr]
127.0.0.1 adserver.aim4media.com
127.0.0.1 adtest.aim4media.com
127.0.0.1 pops.aim4media.com
127.0.0.1 www.aim4media.com
127.0.0.1 crs.akamai.com
127.0.0.1 soap.alexa.com #[Spyware.Alexa][Alexa Toolbar]
127.0.0.1 www.alexa.com
127.0.0.1 allcheapsolutions.com #[Backdoor-CIE]
127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster]
127.0.0.1 bantam.ai.net
127.0.0.1 fiona.ai.net
127.0.0.1 ads.amazingmedia.com
127.0.0.1 bohema.amillo.net #[Trojan.Mitglieder.H]
127.0.0.1 ads.antionline.com
127.0.0.1 junior.apk.net
127.0.0.1 banner.arttoday.com
127.0.0.1 associmg.com #[amazon.com]
127.0.0.1 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
127.0.0.1 www.armbender.com #[UCSearch.ArmBender]
127.0.0.1 audiogalaxy.com
127.0.0.1 www.audiogalaxy.com #[Restricted Zone site]
127.0.0.1 adserving.autotrader.com
127.0.0.1 www.avatarresources.com #[AutoStartup]
127.0.0.1 www.avres.net
127.0.0.1 www.aweber.com
# B
127.0.0.1 bar.baidu.com #[Parasite.ClientMan]
127.0.0.1 www.baltictop.com
127.0.0.1 www.banner-mania.com
127.0.0.1 www.bannerspace.com #[Restricted Zone site]
127.0.0.1 www2.bannerspace.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 www5.bannerspace.com
127.0.0.1 www6.bannerspace.com
127.0.0.1 www7.bannerspace.com
127.0.0.1 bannerswap.com
127.0.0.1 www.bannerswap.com
127.0.0.1 www.bidclix.com
127.0.0.1 bidclix.net
127.0.0.1 www.bidclix.net
127.0.0.1 ads.bigfoot.com
127.0.0.1 bigtracker.com
127.0.0.1 bigticker.bighits.net
127.0.0.1 bounty.bighits.net
127.0.0.1 bighits.net #[Restricted Zone site]
127.0.0.1 www.bighits.net
127.0.0.1 counter.bizland.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.black-hole.co.uk #[Restricted Zone site]
127.0.0.1 www.blazehits.net #[gonnasearch.com]
127.0.0.1 ads.bluemongoose.com
127.0.0.1 ads.bmais.net #[bluemountain]
127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
127.0.0.1 a.boom.ro
127.0.0.1 s.boom.ro
127.0.0.1 www1.boomerank.com
127.0.0.1 boomerank.com
127.0.0.1 citi.bridgetrack.com #[Tracking Service]
127.0.0.1 rccl.bridgetrack.com
127.0.0.1 www.broadcastpc.tv #[Adware.Broadcastpc]
127.0.0.1 www.browserplugin.com #[WebHlprObj Class]
127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
127.0.0.1 browserwise.com #[Parasite.Xupiter][Xupiter.BrowserWise]
127.0.0.1 www.browserwise.com
127.0.0.1 ads.bugnet.com
127.0.0.1 www.buildtraffic.com
# C
127.0.0.1 casino-on-net.com
127.0.0.1 www.casino-on-net.com
127.0.0.1 ads.cbc.ca
127.0.0.1 ads.cc-dt.com
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 cc-dt.com
127.0.0.1 www.capital-systems.net #[Troj/Ovedil-B]
127.0.0.1 adverts.carltononline.com
127.0.0.1 ads.cars.com
127.0.0.1 www.cashforclicks.com
127.0.0.1 www.cashpile.com
127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]
127.0.0.1 mds.centrport.net
127.0.0.1 stats2.free.cgiserver.net #[server down?]
127.0.0.1 ad.chip.de
127.0.0.1 cl55.biz #[TROJ_AGENT.AD][CAX Object]
127.0.0.1 c.clickaire.com #[CWS trojan downloads]
127.0.0.1 classifieds1000.com
127.0.0.1 www.classifieds1000.com
127.0.0.1 ads4.clearchannel.com
127.0.0.1 clearfind.com
127.0.0.1 www.clearfind.com #[Restricted Zone site]
127.0.0.1 hop.clickbank.net #[Adware.Clickbank]
127.0.0.1 zzz.clickbank.net
127.0.0.1 clickedyclick.com
127.0.0.1 www.clickexchange.ru
127.0.0.1 click2boost.com
127.0.0.1 service.click2boost.com
127.0.0.1 secure.click2boost.com
127.0.0.1 www.click2boost.com
127.0.0.1 servedby.clickexperts.net
127.0.0.1 www.clicks2you.com
127.0.0.1 stats1.clicktracks.com
127.0.0.1 www.is1.clixgalore.com
127.0.0.1 www.clixgalore.com
127.0.0.1 www1.click-fr.com
127.0.0.1 www2.click-fr.com
127.0.0.1 www3.click-fr.com
127.0.0.1 www4.click-fr.com
127.0.0.1 www.clickhouse.com
127.0.0.1 www.clicks4u.com
127.0.0.1 www.clipgenie.com
127.0.0.1 comclick.com
127.0.0.1 ct2.comclick.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 ihm01.ct2.comclick.com
127.0.0.1 www.comclick.com #[Restricted Zone site]
127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][The Coolbar]
127.0.0.1 coolshader.com
127.0.0.1 c.coolshader.com #[Win32.Harnig]
127.0.0.1 www.coolshader.com
127.0.0.1 counted.com
127.0.0.1 bilbo.counted.com
127.0.0.1 www.counted.com
127.0.0.1 www.counterguide.com
127.0.0.1 counter4u.de
127.0.0.1 connectionzone.com
127.0.0.1 count.casino-trade.com
127.0.0.1 www.couponica.com
127.0.0.1 www.couponsandoffers.com #[Adware.TopMoxie]
127.0.0.1 data.coremetrics.com
127.0.0.1 twci.coremetrics.com
127.0.0.1 www.cpcads.com #[Parasite.SubSearch]
127.0.0.1 us.cqcounter.com
127.0.0.1 zz.cqcounter.com
127.0.0.1 1us.cqcounter.com
127.0.0.1 ads.crosswinds.net
127.0.0.1 megabyte.crosswinds.net
127.0.0.1 cyberbounty.com
127.0.0.1 js.cybermonitor.com
127.0.0.1 stat3.cybermonitor.com
127.0.0.1 cytron.com #[DailyWinner][Cytron]
127.0.0.1 www.cytron.com
# D
127.0.0.1 dailywinner.net #[Parasite.DailyWinner][ezcybersearch.com]
127.0.0.1 dw.dailywinner.net
127.0.0.1 www.dailywinner.net
127.0.0.1 ads.danni.com
127.0.0.1 www.dash.com
127.0.0.1 ads.date.com
127.0.0.1 banner.date.com
127.0.0.1 dbbsrv.com #[bserv.darkblue.com][Restricted Zone site]
127.0.0.1 freestuff.com.19828.fb.dbbsrv.com #[roar.com]
127.0.0.1 spyware.com.16871.fb.dbbsrv.com
127.0.0.1 webads.com.18345.fb.dbbsrv.com
127.0.0.1 collector.deepmetrix.com
127.0.0.1 geo.deepmetrix.com
127.0.0.1 www.deepmetrix.com
127.0.0.1 ad.ads.dk
127.0.0.1 tdkads.ads.dk
127.0.0.1 didtheyreadit.com #[email tracker]
127.0.0.1 www.didtheyreadit.com
127.0.0.1 counter.digits.com
127.0.0.1 www.discountbob.com #[Restricted Zone site][server down?]
127.0.0.1 www.divago.com #[Adware.Surfairy]
127.0.0.1 downloadalot.com
127.0.0.1 get.downloadalot.com
127.0.0.1 www.downloadalot.com #[Restricted Zone site]
127.0.0.1 doc-tracker.com
127.0.0.1 www.duenow.com
127.0.0.1 gfx.dvlabs.com
127.0.0.1 klipads.dvlabs.com
# E
127.0.0.1 e2give.com #[Adware-E2Give]
127.0.0.1 www.e2give.com
127.0.0.1 www.e-bannerx.com
127.0.0.1 adv1.eblocs.com
127.0.0.1 www.easycounter.com
127.0.0.1 banners.easydns.com
127.0.0.1 banner.easyspace.com
127.0.0.1 adserv1.ebates.com #[WebSavings]
127.0.0.1 www.ebates.com #[Adware.MoeMoney]
127.0.0.1 www.efinder.cc #[StartPage-DA]
127.0.0.1 epeople.com
127.0.0.1 errorpage404.com #[JS_TRAFFICHBAR.A]
127.0.0.1 www.errorpage404.com #[Parasite.TinyBar]
127.0.0.1 er.errorplace.com
127.0.0.1 www.errorplace.com
127.0.0.1 vipuk.escritorioactivo.com #[123Messenger Hijacker]
127.0.0.1 www.escorcher.com #[bogus antivirus spyware]
127.0.0.1 www.eshopads2.com
127.0.0.1 perso.estat.com
127.0.0.1 prof.estat.com
127.0.0.1 www.estat.com #[Restricted Zone site]
127.0.0.1 eu-adcenter.net
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 ugo.eu-adcenter.net #[evidence-eliminator.com]
127.0.0.1 www.euroklik.nl #[EasyBar][InstallerX Class]
127.0.0.1 engage.everyone.net
127.0.0.1 static.everyone.net
127.0.0.1 www.exchangead.com
127.0.0.1 exitexchange.com
127.0.0.1 count.exitexchange.com
127.0.0.1 images.exitexchange.com
127.0.0.1 www.exitexchange.com #[Restricted Zone site]
127.0.0.1 www.exittraffic.net
127.0.0.1 ezcybersearch.com
127.0.0.1 ads.ezcybersearch.com
127.0.0.1 ezcybersearch.mail.everyone.net
127.0.0.1 www.ezcybersearch.com #[Parasite.ezCyberSearch]
127.0.0.1 www.evidence-eliminator.com
127.0.0.1 www.ezhits4u.com #[EZHits4U.com]
# F
127.0.0.1 ads.fairfax.com.au
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 redirect.fairfax.com.au
127.0.0.1 campaigns.f2.com.au
127.0.0.1 www.fast2net.com
127.0.0.1 www.fastfind.org #[SubSearch][PowerSearch]
127.0.0.1 fasttrack.nu
127.0.0.1 www.fightpopups.net #[Adware.MessStopper]
127.0.0.1 adserver.filefront.com
127.0.0.1 www.filemix.net #[Surf+]
127.0.0.1 www.fineclicks.com
127.0.0.1 firstname.com
127.0.0.1 clicks.firstname.com
127.0.0.1 flashtrack.net
127.0.0.1 ads.flashtrack.net #[Parasite.FlashTrak]
127.0.0.1 coreg.flashtrack.net
127.0.0.1 www.flashtrack.net #[Adware.FlashEnhancer][KB312429]
127.0.0.1 flyinads.com
127.0.0.1 www.flyinads.com
127.0.0.1 ads.fool.com #[Motley Fool]
127.0.0.1 click.fool.com
127.0.0.1 ads.forbes.com
127.0.0.1 klipmart.forbes.com
127.0.0.1 www.ampira.com #[Fortunecity]
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.v3.com #[Fortunecity]
127.0.0.1 www2.fortunecity.com
127.0.0.1 ads.fp.sandpiper.net
127.0.0.1 ad.freefind.com
127.0.0.1 www.freehistorycleaner.com #[Adware.Fapi][ADW_HISCLEAN.A]
127.0.0.1 free-stats.com
127.0.0.1 www.free-stats.com
127.0.0.1 www.freewebsites.com
127.0.0.1 ads.free-windows-games.com
127.0.0.1 www.free-windows-games.com #[FavoriteMan][GamHelper]
127.0.0.1 pops.freeze.com #[[GamHelper]
# G
127.0.0.1 ads.gamespy.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 www.gebr-wachs.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 gd.geobytes.com #[obtains users location]
127.0.0.1 www.getsmart.com
127.0.0.1 getupdate.com
127.0.0.1 www.getupdate.com #[Adware.Getup]
127.0.0.1 gigex.com
127.0.0.1 media.gigex.com #[SpeedDelivery]
127.0.0.1 www.gigex.com
127.0.0.1 globesearch.com
127.0.0.1 www.globesearch.com #[Restricted Zone site][CWS]
127.0.0.1 goclick.com
127.0.0.1 earth.goclick.com
127.0.0.1 partner1.goclick.com
127.0.0.1 www.goclick.com
127.0.0.1 banner.goldenpalace.com #[redirects]
127.0.0.1 www.goldenwebawards.com #[server down?]
127.0.0.1 goldstats.net
127.0.0.1 www.goldstats.net
127.0.0.1 adincl.gopher.com #[InfoSpace]
127.0.0.1 ads.gorillanation.com #[Restricted Zone site]
127.0.0.1 adserver.gorillanation.com
127.0.0.1 gostats.com
127.0.0.1 c1.gostats.com
127.0.0.1 c2.gostats.com
127.0.0.1 webcounter.goweb.de
127.0.0.1 greatstartpage.com #[parasite downloads]
127.0.0.1 www.greatstartpage.com
127.0.0.1 dl.grokster.com
127.0.0.1 grokster.com #[Restricted Zone site][P2P]
127.0.0.1 www.grokster.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 www.g-wizzads.net
# H
127.0.0.1 hamster.com #[apps5.oingo.com]
127.0.0.1 ad0.haynet.com
127.0.0.1 www.hitboss.com
127.0.0.1 www.hit4hit.com
127.0.0.1 ads.hitcents.com
127.0.0.1 hithopper.com #[Adware.Hithopper]
127.0.0.1 www.hithopper.com
127.0.0.1 hitmodel.net
127.0.0.1 hit-now.com
127.0.0.1 loga.hit-parade.com
127.0.0.1 hit-parade.com
127.0.0.1 www.hitpointer.com
127.0.0.1 hitslink.com
127.0.0.1 counter.hitslink.com
127.0.0.1 counter2.hitslink.com
127.0.0.1 www2.hitslink.com
127.0.0.1 www.hitslink.com #[Restricted Zone site]
127.0.0.1 www.hiwire.com
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.home.net
127.0.0.1 banners.hotlinks.net
127.0.0.1 hotphrase.com
127.0.0.1 www.hotphrase.com #[Restricted Zone site]
127.0.0.1 hotsearch.com #[roar.com][Restricted Zone site]
127.0.0.1 www.hotsearch.com
127.0.0.1 hotsearchbar.com #[iiittt Class][SpiderSearch]
127.0.0.1 www.hotsearchbar.com
127.0.0.1 www.10s.com.br
127.0.0.1 cgi.hotstat.nl
127.0.0.1 viewstat.hotstat.nl
127.0.0.1 www.humanclick.com #[Restricted Zone site]
127.0.0.1 hc2.humanclick.com
127.0.0.1 www.hypertracker.com
# I
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.iboost.com
127.0.0.1 www.i-clicks.net
127.0.0.1 hits.icdirect.com
127.0.0.1 hitctr01.icdirect.com
127.0.0.1 image-catcher.com
127.0.0.1 stats.surfaid.ihost.com
127.0.0.1 ads.imdb.com #[amazon.com]
127.0.0.1 www.impregnable.net #[TrojanDownloader.Win32.VB.dw][Trojan.Win32.StartPage.kk]
127.0.0.1 stats.indextools.com
127.0.0.1 adserver.indieclick.com
127.0.0.1 campaign.indieclick.com
127.0.0.1 adcenter.in2.com
127.0.0.1 www10.indiads.com
127.0.0.1 ads.inet1.com
127.0.0.1 ads7.inet1.com
127.0.0.1 banners.inetfast.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.infospace.com
127.0.0.1 bvads.infospace.com
127.0.0.1 dpxml.infospace.com
127.0.0.1 xads.infospace.com
127.0.0.1 www.infospider.com
127.0.0.1 ads.intelihealth.com
127.0.0.1 ads.intermezzia.com
127.0.0.1 mjxads.internet.com
127.0.0.1 indiads.com
127.0.0.1 popups.infostart.com
127.0.0.1 infostart.com
127.0.0.1 c.intelliquest.com
127.0.0.1 www.intelli-tracker.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.ipstat.com
127.0.0.1 istarthere.com #[Troj/IEStart-C]
127.0.0.1 moviesponsor.istarthere.com
127.0.0.1 partners.istarthere.com
127.0.0.1 www.istarthere.com
127.0.0.1 adcycle.isoftmarketing.com
127.0.0.1 www.itrafficstar.com #[Restricted Zone site]
# J
127.0.0.1 www.jcount.com
127.0.0.1 affiliates.jeanharris.com
127.0.0.1 popup.jeanharris.com
127.0.0.1 ads.jpost.com
127.0.0.1 track.jpost.com
# K
127.0.0.1 banners.kanoodle.com
127.0.0.1 safe.kanoodle.com
127.0.0.1 webmail.kanoodle.com
127.0.0.1 www.kanoodle.com #[Restricted Zone site]
127.0.0.1 www1.kliks.nl
127.0.0.1 www2.kliks.nl
127.0.0.1 www.kliks.nl
127.0.0.1 kt3.kliptracker.com
127.0.0.1 kt4.kliptracker.com
127.0.0.1 www.kliptracker.com
127.0.0.1 stats.klsoft.com
127.0.0.1 www.kmindex.ru
# L
127.0.0.1 ad.leadcrunch.com
127.0.0.1 ts1.lexmark.com
127.0.0.1 www.linkcounter.com
127.0.0.1 linkexchange.ru
127.0.0.1 web.linkexchange.ru
127.0.0.1 www.linkexchange.ru
127.0.0.1 link4link.com
127.0.0.1 plus.link4link.com
127.0.0.1 www.links4trade.com
127.0.0.1 escati.linkopp.net
127.0.0.1 www.linkopp.net
127.0.0.1 js.livehelper.com #[Restricted Zone site]
127.0.0.1 newbrowse.livehelper.com
127.0.0.1 liveperson.net
127.0.0.1 server.iad.liveperson.net #[Restricted Zone site]
127.0.0.1 www.liveperson.com
127.0.0.1 adserv.lwmn.net
127.0.0.1 loadown.net #[warez site][Restricted Zone site]
127.0.0.1 locators.com #[object exploit]
127.0.0.1 toolbar.locators.com #[Locators Toolbar]
127.0.0.1 www.lords-of-havoc.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
127.0.0.1 luckyhomepage.com #[search.targetwords.com\1stblaze.com]
127.0.0.1 www.luckyhomepage.com #[Restricted Zone site]
127.0.0.1 adverts.lzio.com
127.0.0.1 newupdates.lzio.com
127.0.0.1 search.lzio.com
127.0.0.1 updates.lzio.com #[Downloader-LE][Adware.ZioCom]
# M
127.0.0.1 go.mailbits.com
127.0.0.1 mair.net #[Realtracker]
127.0.0.1 1.marketbanker.com
127.0.0.1 marnet.us #[Downloader-IU]
127.0.0.1 image.masterstats.com
127.0.0.1 link.masterstats.com
127.0.0.1 ads.affiliates.match.com
127.0.0.1 associmage.match.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 ads.mcafee.com
127.0.0.1 directads.mcafee.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 www.mediatickets.net
127.0.0.1 www.mt-download.com #[MediaTicketsInstaller Control]
127.0.0.1 ads.mediaturf.net
127.0.0.1 exit.megago.com
127.0.0.1 www.megago.com #[typo squatter]
127.0.0.1 www.megaseek.net #[Restricted Zone site]
127.0.0.1 www.memorywatcher.com #[TROJ_PEPER.A]
127.0.0.1 pubs.mgn.net #[Grolier Network]
127.0.0.1 micorsoft.com
127.0.0.1 www.micorsoft.com #[typo hijacker]
127.0.0.1 adserver.mindshare.de
127.0.0.1 www.mini-player.com #[5MOF Mini-Player]
127.0.0.1 banner.missingkids.com
127.0.0.1 ads.monster.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.a.in.monster.com
127.0.0.1 ads.monstermoving.com
127.0.0.1 cookie.monster.com
127.0.0.1 mp3today.net
127.0.0.1 www.mp3yes.com #[C2Media\LOP]
127.0.0.1 mpamexit.com
127.0.0.1 msgtag.com
127.0.0.1 img.msgtag.com #[Restricted Zone site]
127.0.0.1 www.msgtag.com
127.0.0.1 multi1.rmuk.co.uk
127.0.0.1 multimpp.com #[MultimppObj Class]
127.0.0.1 www.multimpp.com
127.0.0.1 mvtracker.com
127.0.0.1 www.mvtracker.com
127.0.0.1 mvr3d.net #[NavExcel\n-CASE]
127.0.0.1 mvr.us #[Parasite.NavExcel]
127.0.0.1 www.mvr.us
127.0.0.1 www.myaffiliateprogram.com
127.0.0.1 www.mydailyhoroscope.net #[Adware.Horoscope]
127.0.0.1 www.myemessenger.com
127.0.0.1 rm.myoc.com
127.0.0.1 myhitlogger.com
127.0.0.1 mypagefinder.com #[Parasite.MyPageFinder]
# N
127.0.0.1 hit.namimedia.com
127.0.0.1 ads.nandomedia.com
127.0.0.1 neededware.com #[Adware.NeededWare]
127.0.0.1 www.neededware.com
127.0.0.1 www6.netbroadcaster.com
127.0.0.1 code.netbreak.com.au
127.0.0.1 www.netflip.com
127.0.0.1 partner.netmechanic.com
127.0.0.1 tracker.netmechanic.com
127.0.0.1 counter.netmore.net
127.0.0.1 ads.netsol.com
127.0.0.1 ads.newsint.co.uk
127.0.0.1 adq.nextag.com
127.0.0.1 www.noadware.net #[SCAM.Enigma.NoAdware]
127.0.0.1 ad.nobreak.com #[server down?]
127.0.0.1 nowbox.com
127.0.0.1 www.nowbox.com #[Parasite.NowBox]
127.0.0.1 mediatickets.nubela.net
127.0.0.1 www.nubela.net
127.0.0.1 nzads.net.nz
# O
127.0.0.1 www.okww.net #[Trojan.StartPage.C]
127.0.0.1 stat.onestat.com
127.0.0.1 www.onestat.com
127.0.0.1 one.ru
127.0.0.1 cnt.one.ru
127.0.0.1 stats0.one.ru
127.0.0.1 stats1.one.ru
127.0.0.1 stats2.one.ru
127.0.0.1 www.oneandonlynetwork.com #[Ticketmaster]
127.0.0.1 server1.opentracker.net
127.0.0.1 www.opinionlab.com
127.0.0.1 ccc00.opinionlab.com
127.0.0.1 rate.opinionlab.com
127.0.0.1 banner.orb.net
127.0.0.1 www.originalicons.com #[F1 Organizer Class]
127.0.0.1 geoads.osdn.com
127.0.0.1 tg-images.osdn.com
127.0.0.1 otx5.otxresearch.com
127.0.0.1 otx.ifilm.com #[OTXMedia.dll]
127.0.0.1 www.otxresearch.com #[OTXMovie Class]
127.0.0.1 adpopper.outblaze.com #[bargain-buddy.net]
# P
127.0.0.1 www.p3marketing.com #[Zapspot]
127.0.0.1 click.payserve.com
127.0.0.1 www.pc-test.net
127.0.0.1 ad1.peel.com
127.0.0.1 ad3.peel.com
127.0.0.1 ads.peel.com
127.0.0.1 ads5.peel.com
127.0.0.1 www.peel.com
127.0.0.1 www.peel.net
127.0.0.1 ads.pennyweb.com #[addynamix.com]
127.0.0.1 banners.pennyweb.com
127.0.0.1 ads.photosight.ru
127.0.0.1 phpadsnew.com
127.0.0.1 www.phpadsnew.com
127.0.0.1 pidorasam.net #[Backdoor.Berbew.J]
127.0.0.1 ads2.playnet.com
127.0.0.1 popfind.net #[Adware.Ddpop]
127.0.0.1 www.popupads.com
127.0.0.1 www.popupad.net
127.0.0.1 popupblockade.com #[Parasite.Httper]
127.0.0.1 www.popupblockade.com
127.0.0.1 popupmoney.com #[Restricted Zone site]
127.0.0.1 server01.popupmoney.com
127.0.0.1 www.popupmoney.com
127.0.0.1 popadstop.com #[Adware.PopAdStop]
127.0.0.1 www.popadstop.com
127.0.0.1 www.popunder.info #[TROJ_CHECKIN.B]
127.0.0.1 www.popupswappers.com
127.0.0.1 ad.popupswappers.com
127.0.0.1 www.popuptop.com
127.0.0.1 www2.portdetective.com
127.0.0.1 x0x0l.pp.ru #[BKDR_CCT.A]
127.0.0.1 www.praize.com #[Adware.Praize]
127.0.0.1 1.primaryads.com
127.0.0.1 www.privacyoutpost.com #[Troj/Regldr-A]
127.0.0.1 www.prtracker.com
127.0.0.1 www.profitzone.com #[ProfitZONE Adbar]
127.0.0.1 prolivation.com #[Restricted Zone site]
127.0.0.1 www.prolivation.com
127.0.0.1 ads.pro-market.net
127.0.0.1 www.promo.com.au
127.0.0.1 www.proxylist.biz
127.0.0.1 www.pstopper.com
127.0.0.1 ad.sma.punto.net
127.0.0.1 sma.punto.net
127.0.0.1 www.pureseeker.com #[C2Media\LOP]
127.0.0.1 www.pwallet.com #[Restricted Zone site]
# Q
127.0.0.1 rads01.quadrogram.com #[Adware.Quadro][Memwatcher.B][TROJ_PEPER.A]
127.0.0.1 adserv.quality-channel.de
127.0.0.1 www.quarterserver.de
127.0.0.1 questionmarket.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ch.questionmarket.com
127.0.0.1 survey.questionmarket.com
127.0.0.1 www.questionmarket.com
127.0.0.1 download.quickflicks.com #[Parasite.SVAPlayer]
127.0.0.1 www.qq886.com #[Backdoor.Semes]
# R
127.0.0.1 ramgo.com #[Restricted Zone site]
127.0.0.1 www.ramgo.com #[Win32.Startpage.B]
127.0.0.1 www.autoraskrutka.ru #[Spyware.Acext]
127.0.0.1 www.raskrutim.ru #[Spyware.Acext]
127.0.0.1 www.realclicks.com
127.0.0.1 www.relmaxtop.com
127.0.0.1 banner.relcom.ru
127.0.0.1 adservice.recon-networks.com
127.0.0.1 rightstats.com
127.0.0.1 www.rightstats.com
127.0.0.1 m.rmbclick.com
127.0.0.1 www.rgs-rostock.de #[Trojan.Mitglieder.C][Backdoor.Gaster]
# S
127.0.0.1 www.sandboxer.com #[Adware.Quadro][memorywatcher.com][Memwatcher.B]
127.0.0.1 www.savehits.com
127.0.0.1 st.sageanalyst.net
127.0.0.1 scorpionsearch.com #[W32.Adclicker.C.Trojan]
127.0.0.1 www.scorpionsearch.com #[x10.com][Trojan.Clicker.NetBuie a-b]
127.0.0.1 adsremote.scripps.com
127.0.0.1 counter.search.bg
127.0.0.1 searchalot.com
127.0.0.1 cards.searchalot.com
127.0.0.1 mail.searchalot.com
127.0.0.1 search.searchalot.com
127.0.0.1 web.searchalot.com
127.0.0.1 www.searchalot.com #[Adware-Tronix]
127.0.0.1 searchandclick.com
127.0.0.1 search.searchandclick.com
127.0.0.1 www.searchandclick.com #[Browseraid]
127.0.0.1 searchby.net
127.0.0.1 www.searchby.net #[Ultimate Popup Killer]
127.0.0.1 searchenhancement.com #[Parasite.SCBar]
127.0.0.1 adserv.searchenhancement.com
127.0.0.1 search.searchenhancement.com
127.0.0.1 www.searchenhancement.com
127.0.0.1 searchfst.com #[SFUtility Class][keywordsinc.com]
127.0.0.1 www.searchfst.com
127.0.0.1 search.search-exe.com
127.0.0.1 www.search-exe.com #[Restricted Zone site]
127.0.0.1 www.searchgauge.com
127.0.0.1 www.search-control.com #[TrojanDropper.Win32.Small.ig]
127.0.0.1 search-itnow.com #[Parasite.AdultLinks]
127.0.0.1 www.search-itnow.com
127.0.0.1 www.searchmachine.com
127.0.0.1 www.searchmagnifier.com
127.0.0.1 searchmiracle.com #[Adware.EliteBar]
127.0.0.1 install.searchmiracle.com
127.0.0.1 www.searchresult.net #[Parasite.IgetNet]
127.0.0.1 searchseekfind.com
127.0.0.1 ads.searchseekfind.com
127.0.0.1 tp.searchseekfind.com #[Trojan.Download.Chekin]
127.0.0.1 www.searchseekfind.com
127.0.0.1 browser.secondpower.com
127.0.0.1 download.secondpower.com
127.0.0.1 www1.secondpower.com
127.0.0.1 www3.secondpower.com #[KB320159]
127.0.0.1 www.secondpower.com
127.0.0.1 adserver.securityfocus.com
127.0.0.1 www.selfsurveys.com
127.0.0.1 www.seehits.com
127.0.0.1 www.sendtraffic.com
127.0.0.1 sesso.com
127.0.0.1 www.sesso.com #[VBS.Biscuit.A@mm]
127.0.0.1 quasar.sitegauge.com
127.0.0.1 tracker.sitescout.com
127.0.0.1 advertpro.sitepoint.com
127.0.0.1 www.sitestatslive.com
127.0.0.1 www.shadowcrew.com #[spam]
127.0.0.1 adserver.sharewareonline.com #[nictechnetworks.com]
127.0.0.1 www.shockcounter.com
127.0.0.1 shopathomeselect.com #[Parasite.ShopAtHomeSelect]
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 downloads.shopathomeselect.com
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 skeech.com
127.0.0.1 www.skeech.com #[Restricted Zone site]
127.0.0.1 smart2com.net #[Trojan.Autoproxy]
127.0.0.1 smart-browser.com
127.0.0.1 update.smart-browser.com #[Parasite.SmartBrowser]
127.0.0.1 www.smart-browser.com
127.0.0.1 smartclicks.net
127.0.0.1 www.smartclicks.net
127.0.0.1 smarter.com #[Restricted Zone site]
127.0.0.1 sidebar.smarter.com
127.0.0.1 www.smarter.com
127.0.0.1 ad.smni.com
127.0.0.1 ads.smni.com
127.0.0.1 static.smni.com
127.0.0.1 www.sodhell.com
127.0.0.1 www.sonyasys.com #[Downloader.Botten]
127.0.0.1 ads.spaceports.com
127.0.0.1 www1.spaex.com #[searchboss.com]
127.0.0.1 www.spedia.net
127.0.0.1 www.spyarsenal.com #[Spyware.DesktopSpy][Spyware.FamilyKeylog]
127.0.0.1 spyferret.com #[OnlinePcFix.SpyFerret]
127.0.0.1 www.spyferret.com
127.0.0.1 spyware.com #[roar.com]
127.0.0.1 www.ssppyy.com #[Spyware.Ssppyy]
127.0.0.1 www.s-tracking.com
127.0.0.1 c1.statcounter.com
127.0.0.1 www.statcounter.com
127.0.0.1 js.statistici.ro
127.0.0.1 log.statistici.ro
127.0.0.1 s.statistici.ro
127.0.0.1 www.statomatic.com
127.0.0.1 reg.stats4all.com
127.0.0.1 stats4you.com
127.0.0.1 www.stats4you.com
127.0.0.1 ctgbn.stellaremperor.com #[Backdoor.Alets]
127.0.0.1 clix.superclix.de
127.0.0.1 www.superlogy.com
127.0.0.1 sqwire.com #[Adware.Sqwire][Xupiter.Sqwire]
127.0.0.1 www.sqwire.com #[Parasite.Xupiter][Adware-PornKings]
127.0.0.1 rd1.surfernetwork.com #[SurferNETWORK Plugin]
127.0.0.1 www.surfernetwork.com
127.0.0.1 www2.surveyfocus.com
127.0.0.1 www.surveynetworks.com
127.0.0.1 www.surveysite.com
127.0.0.1 www2.survey-poll.com #[microsoft]
127.0.0.1 swift-look.com #[phishing exploit]
127.0.0.1 adpick.switchboard.com
127.0.0.1 adtag.sympatico.ca
127.0.0.1 www.syspage.com #[pop-up scam]
127.0.0.1 www.sysupdates.com
127.0.0.1 www.sysupdates2.com #[TopMoxie]
# T
127.0.0.1 ad.uk.tangozebra.com
127.0.0.1 targetsearch.info #[Trojan.StartPage.H]
127.0.0.1 adult.targetsearch.info
127.0.0.1 go.targetsearch.info
127.0.0.1 tat-neftbank.ru #[Backdoor.Berbew.H]
127.0.0.1 www.tech-marketresearch.com
127.0.0.1 www.textads.biz
127.0.0.1 a.tfag.de
127.0.0.1 ak.tfag.de
127.0.0.1 theaffiliateprogram.com
127.0.0.1 myaffiliateprogram.com
127.0.0.1 www.the-counter.net
127.0.0.1 adbot.theonion.com
127.0.0.1 www.thepokerclub.com #[SecurityRisk.ClubPoker]
127.0.0.1 thesearchmall.com #[Adware.SearchMall]
127.0.0.1 www.thesearchmall.com
127.0.0.1 tnc4u.com #[Parasite.DownloadPlus]
127.0.0.1 new.tnc4u.com
127.0.0.1 www.tnc4u.com #[Adware.DownloadPlus]
127.0.0.1 www.toilet.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 tooncomics.com #[IEDLL.ToonComics][here4search.com]
127.0.0.1 www.tooncomics.com #[Downloader.Tooncom][CWS.Aff.Tooncomics]
127.0.0.1 log.trafic.ro
127.0.0.1 tool4ame.com #[TROJ_GOLID.A][Adware.IAGold]
127.0.0.1 two.toolbar.cc #[Spyware.Manan][Parasite.ToolbarCC]
127.0.0.1 www.toolshack.com
127.0.0.1 ads.toplayerserver.com
127.0.0.1 www1.toplayerserver.com
127.0.0.1 www.toplayerserver.com
127.0.0.1 topmoxie.com
127.0.0.1 www.topmoxie.com #[Etraffic]
127.0.0.1 toprebates.com #[webrebates]
127.0.0.1 www.toprebates.com
127.0.0.1 stat.toprefsys.com
127.0.0.1 www.top-search.com #[Adware-SSF.dr]
127.0.0.1 ad.topstat.com
127.0.0.1 nl.topstat.com #[Restricted Zone site]
127.0.0.1 s26.topstat.com
127.0.0.1 xl.topstat.com
127.0.0.1 ads.track-star.com
127.0.0.1 adserver.track-star.com
127.0.0.1 geo2.track-star.com
127.0.0.1 www.track-star.com
127.0.0.1 tradeexit.com
127.0.0.1 www.tradeexit.com #[Parasite.Winupie]
127.0.0.1 trafficg.com #[Restricted Zone site]
127.0.0.1 www.trafficg.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 images.trafficmp.com
127.0.0.1 www.trafficflame.com
127.0.0.1 trafficfile.com
127.0.0.1 www.trafficfile.com
127.0.0.1 trackyourstats.com
127.0.0.1 trafficmarketplace.com
127.0.0.1 get.trafficmultiplier.com
127.0.0.1 go.trafficmultiplier.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 a.tribalfusion.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 ads.tucows.com
127.0.0.1 counts.tucows.com
127.0.0.1 cookie.tucows.com
127.0.0.1 google.tucows.com
127.0.0.1 www.turbomemorycharger.com #[Adware.Fapi]
# U
127.0.0.1 users.ucmore.com #[Parasite.UCmore]
127.0.0.1 www.ucmore.com
127.0.0.1 ads.ucomics.com
127.0.0.1 image.ugo.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 www.ukbanners.com
127.0.0.1 www.ultimatepopupkiller.com #[Restricted Zone site]
127.0.0.1 ultimatecounter.com
127.0.0.1 www.ultimatecounter.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 ads.unlimitedbanners.com
127.0.0.1 ads1.updated.com
127.0.0.1 url.biz.ua #[Download.Ject.B]
127.0.0.1 config.url404.com #[Parasite.Httper]
127.0.0.1 urlblaze.com #[Adware.TurboDownload]
127.0.0.1 www.urlblaze.com
127.0.0.1 www.urlblaze.net #[IEDriver][ADW_RULEDOR.C]
127.0.0.1 usachoice.net
# V
127.0.0.1 ads.valuead.com #[Restricted Zone site]
127.0.0.1 adnetintads.valuead.com
127.0.0.1 banners.valuead.com
127.0.0.1 cs.valuead.com
127.0.0.1 servedby.valuead.com
127.0.0.1 servedfor.valuead.com #[server down?]
127.0.0.1 ad.valuehost.ru
127.0.0.1 spinbox.versiontracker.com
127.0.0.1 ads.vesperexchange.com
127.0.0.1 www.vesperexchange.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 dns2010.vicp.net #[Backdoor.Tumag]
127.0.0.1 uygurman.vicp.net #[Trojan.Riler][Troj/Riler-B]
127.0.0.1 www.vikord.com #[Download.Ject.C]
127.0.0.1 visit-link.com
127.0.0.1 images2.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 www.vstats.net
127.0.0.1 ads.vnuemedia.com
127.0.0.1 sevenc.vze.com #[VBS.Powcox@mm]
# W
127.0.0.1 www.w3exit.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 wazam.com
127.0.0.1 www.wazam.com #[Parasite.Wazam]
127.0.0.1 wcft.net #[Parasite.LinkReplacer]
127.0.0.1 www.wcft.net
127.0.0.1 ads.webattack.com
127.0.0.1 webcounter.com
127.0.0.1 www.webcounter.com
127.0.0.1 www.weblink.ru
127.0.0.1 adv.webmd.com
127.0.0.1 webhits.de
127.0.0.1 banners.webmasterplan.com
127.0.0.1 stat.webmedia.pl
127.0.0.1 www.wenksdisdkjeilsow.com #[AutoStartup][Download.Trojan]
127.0.0.1 bannervip.web1000.com
127.0.0.1 ads.webads360.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 orders.webpower.com
127.0.0.1 img.webring.com
127.0.0.1 img1.webring.com
127.0.0.1 ads.webshots.com
127.0.0.1 websponsors.com
127.0.0.1 a.websponsors.com
127.0.0.1 ads.websponsors.com
127.0.0.1 g.websponsors.com
127.0.0.1 www.websponsors.com
127.0.0.1 www.webstars2000.com
127.0.0.1 hits.webstat.com
127.0.0.1 wetrack.it
127.0.0.1 st.wetrack.it
127.0.0.1 partner1.whatsfind.com
127.0.0.1 www.whatsfind.com #[HTML_STARTPAGE.C]
127.0.0.1 window1.com
127.0.0.1 adserv.windowenhancer.com #[Adware.WindowEnhancer]
127.0.0.1 search.windowenhancer.com #[Parasite.SCBar]
127.0.0.1 www.windowenhancer.com
127.0.0.1 ads.winhelp2002.com
127.0.0.1 ads.winsite.com
127.0.0.1 winstream.com #[Parasite.Searchex]
127.0.0.1 www.winstream.com
127.0.0.1 clicktrack.wnu.com
127.0.0.1 www.wowweb.net #[Adware.WWWBar]
127.0.0.1 www.wurldmedia.com #[Adware.Wurldmedia][WurldMedia][KB321923]
# X
127.0.0.1 x0x.biz
127.0.0.1 www.x0x.biz #[Backdoor.Berbew.D]
127.0.0.1 xtra.co.nz
127.0.0.1 nedstats.xs4all.nl
127.0.0.1 ads.xtra.co.nz
127.0.0.1 xxor.biz #[mt-download.com]
127.0.0.1 10.xxor.biz
127.0.0.1 www.xxor.biz
# Y
127.0.0.1 bs.yandex.ru
127.0.0.1 counter.yadro.ru
127.0.0.1 yourspecialoffers.com #[FavoriteMan]
127.0.0.1 www.yourspecialoffers.com
127.0.0.1 ysearchus.com #[Parasite.TinyBar]
127.0.0.1 www.ysearchus.com
# Z
127.0.0.1 zuvio.com #[UCSearch.ucUCSearch]
127.0.0.1 www.zuvio.com #[Adware.OpenSite][OpenSite]
127.0.0.1 bannerads.zwire.com
# [Misc]
127.0.0.1 www.123counts.com #[hitslink.com]
127.0.0.1 www.123mania.com #[SrchHook Class]
127.0.0.1 123stat.com
127.0.0.1 1234.2bro.com #[Adware.Satbo]
127.0.0.1 www.241hits.com
127.0.0.1 www.3dstats.com
127.0.0.1 download.35mb.com #[impregnable.net]
127.0.0.1 www.35mb.com #[download_35mb_com.applet]
127.0.0.1 1000stars.ru
127.0.0.1 xxxwwwjjjhd.20forfree.com #[W32.Autex.Worm]
127.0.0.1 www.xxxwwwjjjhd.20forfree.com
127.0.0.1 ad.37.com
127.0.0.1 2jm.com
127.0.0.1 7adpower.com
127.0.0.1 www.7adpower.com #[Svezia.Dialer][VacPro.UserControl1]
127.0.0.1 7am.com
127.0.0.1 www.777search.com #[LOP]
127.0.0.1 ad2.163.com
127.0.0.1 popme.163.com
127.0.0.1 smtp.163.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 ajim.delphibbs.com #[Trojan.PSW.Ajim_bbs]
127.0.0.1 14713804A.l2m.net #[LiveTechnology]
127.0.0.1 banner.50megs.com
127.0.0.1 guannan.3322.net #[Restricted Zone site]
127.0.0.1 www.fan8.com
127.0.0.1 banners.dot.tk
127.0.0.1 topsites.us #[Parasite.eStart]
127.0.0.1 0-ol1oiz-xolxii1-oxli10ozl1l1-o-l-11-iizxp-l-0o-oll11iz0oil-ol.com
# [123Banners][123Greetings.com][TROJ_NALDEM.A][Trojan.Naldem]
127.0.0.1 www.123banners.com
127.0.0.1 control.123banners.com
127.0.0.1 ftp.123banners.com
127.0.0.1 ftp.control.123banners.com #[server down?]
127.0.0.1 123go.com
127.0.0.1 ns1.123go.net
# [180solutions][Adware.Ncase][KB317714]
127.0.0.1 n-case.com
127.0.0.1 www.n-case.com
127.0.0.1 180solutions.com #[KB320162][NCase]
127.0.0.1 ads.180solutions.com
127.0.0.1 ax.180solutions.com #[180SAInstaller Class]
127.0.0.1 bis.180solutions.com #[nCaseInstaller Class]
127.0.0.1 bisads.180solutions.com
127.0.0.1 ping.180solutions.com
127.0.0.1 www.180solutions.com #[Parasite.nCase]
127.0.0.1 www.180searchassistant.com #[Adware.180Search]
127.0.0.1 www.surfassistant.com #[Adware.SurfAssistant]
127.0.0.1 infinity.zango.com #[ZangoInstaller Class]
127.0.0.1 showtimes.zango.com
127.0.0.1 www.zango.com
127.0.0.1 www.zangoshowtimes.com
# [3721.COM][Parasite.CnsMin][Adware.Wengs]
127.0.0.1 address.3721.com
127.0.0.1 agent.3721.com
127.0.0.1 assistant.3721.com
127.0.0.1 cns.3721.com
127.0.0.1 cnsmin.3721.com
127.0.0.1 corp.3721.com
127.0.0.1 dir.3721.com
127.0.0.1 download.3721.com
127.0.0.1 express.3721.com
127.0.0.1 img.3721.com
127.0.0.1 magic.3721.com
127.0.0.1 mark.3721.com
127.0.0.1 meta.3721.com
127.0.0.1 msearch.3721.com
127.0.0.1 sbox.3721.com
127.0.0.1 shanghai.3721.com
127.0.0.1 sina.3721.com
127.0.0.1 user.3721.com
127.0.0.1 wap.3721.com
127.0.0.1 www.3721.com #[Adware.Chinet]
127.0.0.1 yahoo.3721.com
127.0.0.1 3721.com
127.0.0.1 download.feiyang.com
# [411 Web Directory]
127.0.0.1 adtracker.411web.com
127.0.0.1 hits.411web.com
127.0.0.1 overture.411web.com
127.0.0.1 static.411web.com
127.0.0.1 xml.411web.com
127.0.0.1 letssearch.com #[Parasite.BrowserAid][server down?]
127.0.0.1 search.letssearch.com
127.0.0.1 search2.letssearch.com
127.0.0.1 www.letssearch.com #[BrowserAid.LetsSearch]
# [7Search.com Networks][EMERgency 24, Inc][Track.SevenSearch]
127.0.0.1 7search.com #[Parasite.7FaSSt Search]
127.0.0.1 www.7search.com
127.0.0.1 fstrack.7search.com
127.0.0.1 impression.7search.com
127.0.0.1 img.7meta.com
127.0.0.1 www.7metasearch.com
127.0.0.1 bannerx.adtactics.com
127.0.0.1 adtactics.com
127.0.0.1 www.adtactics.com
127.0.0.1 ajokeaday.com
127.0.0.1 bannersxchange.com
127.0.0.1 img.bannersxchange.com
127.0.0.1 www.linkstoyou.com
127.0.0.1 www.payperranking.com
127.0.0.1 www.pay-per-search.com
127.0.0.1 paypertext.com
127.0.0.1 predictivesearch.com
127.0.0.1 tracking.roispy.com
127.0.0.1 www.roispy.com
127.0.0.1 tracking.spiderbait.com
127.0.0.1 www.spiderbait.com
127.0.0.1 advertisingagent.com
# [About.com]
127.0.0.1 clicks.about.com
127.0.0.1 f.about.com
127.0.0.1 home.about.com
127.0.0.1 js.get.about.com
127.0.0.1 images.about.com
127.0.0.1 lunafetch.about.com
127.0.0.1 pixel3.about.com
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 statistics.s5.com
127.0.0.1 ad.aboutwebservices.com
# [Abroad Software SRL]
127.0.0.1 abroadsoftware.com #[EzSearchBar]
127.0.0.1 allsubtitles.exits.ro
127.0.0.1 best.exits.ro
127.0.0.1 books.exits.ro
127.0.0.1 www.exits.ro
127.0.0.1 superwebsearch.com #[Parasite.ILookup][Adware.ILookup]
127.0.0.1 www.superwebsearch.com
# [Accipiter Solutions][Restricted Zone site]
127.0.0.1 adops.adbureau.net
127.0.0.1 cbronline.adbureau.net
127.0.0.1 etype.adbureau.net
127.0.0.1 www.adbureau.net
127.0.0.1 accipiter.speedera.net
# [AD-BLASTER.COM][Restricted Zone site]
127.0.0.1 ad-blaster.com
127.0.0.1 www.ad-blaster.com
127.0.0.1 promote4profit.com
127.0.0.1 www.promote4profit.com
# [ADDFREESTATS][3DSTATS][Tracking Service][Restricted Zone site]
127.0.0.1 addfreestats.com
127.0.0.1 top.addfreestats.com
127.0.0.1 www.addfreestats.com
127.0.0.1 www.3dstats.com
127.0.0.1 www1.addfreestats.com
127.0.0.1 www3.addfreestats.com
# [Adlogix Media Group]
127.0.0.1 adlogix.com #[InPop.InControl][IEEnhancer]
127.0.0.1 lasagne.adlogix.com
127.0.0.1 publisher.adlogix.com
127.0.0.1 traffic.adlogix.com
127.0.0.1 trafficsource.adlogix.com
127.0.0.1 www.adlogix.com
127.0.0.1 getpopped.com
127.0.0.1 www.getpopped.com
127.0.0.1 hitgo.com #[IPU][InPop.InControl]
127.0.0.1 www.hitgo.com
127.0.0.1 popmonster.com #[IEFeature Class]
127.0.0.1 www.popmonster.com #[TROJ_POPMON.A]
127.0.0.1 popnav.com #[Adware-PopMonster][ADW_SECTHOUGHT.A][server down?]
127.0.0.1 www.popnav.com
127.0.0.1 r2.trafficserverstats.com
# [AdOrigin Corp][Restricted Zone site]
127.0.0.1 ads.adorigin.com
127.0.0.1 dev.adorigin.com
127.0.0.1 www.adorigin.com
127.0.0.1 blowsearch.com
127.0.0.1 msxml.blowsearch.com
127.0.0.1 web.blowsearch.com #[infospace.com]
127.0.0.1 www.blowsearch.com
# [Adteractive]
127.0.0.1 cb.adprofile.net
127.0.0.1 content.adprofile.net
127.0.0.1 tx.adprofile.net
127.0.0.1 w2-ver.adprofile.net
127.0.0.1 adteractive.com
127.0.0.1 www.adteractive.com
# [Adtegrity.com, Inc]
127.0.0.1 adtegrity.com
127.0.0.1 www.adtegrity.com
127.0.0.1 webalize.com #[SearchCentrix][VisiCom.SearchCentric]
127.0.0.1 toolbar.webalize.com #[downloads.searchcentrix.com]
127.0.0.1 www.webalize.com #[Visicom Media Toolbar]
127.0.0.1 webalize.net
127.0.0.1 www.webalize.net
127.0.0.1 webalize.mygeek.com
# [Advertisement Banners.com][Restricted Zone site]
127.0.0.1 advertisementbanners.com
127.0.0.1 ads.specificclick.com
127.0.0.1 www.specificclick.com
127.0.0.1 specificpop.com
127.0.0.1 ads.specificpop.com
127.0.0.1 banners.specificpop.com
127.0.0.1 www.specificpop.com
# [AJRotator][Tracking Service][Restricted Zone site]
127.0.0.1 image.adjuggler.com
127.0.0.1 rotator.adjuggler.com
127.0.0.1 www.adjuggler.com
127.0.0.1 thruport.com
127.0.0.1 adj54.thruport.com
127.0.0.1 imageserver1.thruport.com
127.0.0.1 www.thruport.com
# [Alset Inc][Adware.HelpExpress]
127.0.0.1 alset.com #[WIN32/HXDL AL]
127.0.0.1 www.alset.com
127.0.0.1 aveo.com
127.0.0.1 www.aveo.com
# [Asher Nahmias]
127.0.0.1 allcybersearch.com #[REG_STARTPAGE.A]
127.0.0.1 www.allcybersearch.com
127.0.0.1 amigeek.com
127.0.0.1 www.amigeek.com
127.0.0.1 clickyestoenter.net
127.0.0.1 www.clickyestoenter.net
127.0.0.1 www.gay50.com
127.0.0.1 gocybersearch.com
127.0.0.1 www.gocybersearch.com
127.0.0.1 www.hotelxxxcams.com
127.0.0.1 hotpopup.com
127.0.0.1 search.hotpopup.com
127.0.0.1 www.hotpopup.com
127.0.0.1 hotsearchbox.com #[JAVA_STARTPAGE.F]
127.0.0.1 www.hotsearchbox.com
127.0.0.1 i--search.com
127.0.0.1 www.i--search.com
127.0.0.1 jethomepage.com #[JS.Exception.Exploit]
127.0.0.1 www.jethomepage.com #[Troj/JetHome-B]
127.0.0.1 jetseeker.com #[CWS.Bootconf]
127.0.0.1 www.jetseeker.com
127.0.0.1 searchxl.com #[tinybar.com][CWS]
127.0.0.1 www.searchxl.com #[SearchXl]
127.0.0.1 tinybar.com
127.0.0.1 www.tinybar.com #[Parasite.TinyBar]
127.0.0.1 topsearcher.com #[JV/Goplanet]
127.0.0.1 www.topsearcher.com #[Troj/JetHome-J]
127.0.0.1 trixscripts.com
127.0.0.1 www.trixscripts.com
127.0.0.1 zeropopup.com #[Parasite.ZeroPopUp]
127.0.0.1 www.zeropopup.com #[Tellafriend.Trojan]
127.0.0.1 znext.com #[JS_TRAFFICHBAR.A][Parasite.TinyBar]
127.0.0.1 www.znext.com #[Parasite.ZeroPopUp][App/P0P-A]
# [Adpowerzone.com][Parasite.Pugi]
127.0.0.1 adpowerzone.com #[SearchExplorerBar]
127.0.0.1 ads.adpowerzone.com
127.0.0.1 easy.adpowerzone.com
127.0.0.1 tb.adpowerzone.com
127.0.0.1 tb-static.adpowerzone.com #[Adware.Websearch]
127.0.0.1 www.adpowerzone.com #[Adware.Searchexplorer]
# [AdsInContext][Adgoblin/Adsincontext]
127.0.0.1 adserver.adsincontext.com
127.0.0.1 ns1.adsincontext.com
127.0.0.1 srv01.adsincontext.com
127.0.0.1 srv02.adsincontext.com
127.0.0.1 srv03.adsincontext.com
127.0.0.1 srv04.adsincontext.com
127.0.0.1 srv05.adsincontext.com
127.0.0.1 srv07.adsincontext.com
127.0.0.1 adgoblin.com #[Adware.AdGoblin]
127.0.0.1 crossroad.adgoblin.com
127.0.0.1 www.adgoblin.com #[AdGoblin.foontext]
# [AD TECH AG][Adtech.de][Tracking Service][Restricted Zone site]
127.0.0.1 adforce.adtech.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adserv003.adtech.de
127.0.0.1 imageserv.adtech.de
127.0.0.1 livingnet.adtech.de
# [Advertising.com][Tracking Service]
127.0.0.1 cdn1.adsdk.com
127.0.0.1 cdn2.adsdk.com #[VirtualBouncer]
127.0.0.1 advertising.com
127.0.0.1 adserve.advertising.com
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 demo.advertising.com
127.0.0.1 opera1-servedby.advertising.com
127.0.0.1 servedby.advertising.com
127.0.0.1 rd.advertising.com
127.0.0.1 wap.advertising.com
127.0.0.1 www.advertising.com
127.0.0.1 clk4.com
127.0.0.1 www.clk4.com
127.0.0.1 www.contextualclicks.com
127.0.0.1 fastseeker.com #[Adware.FastSeek]
127.0.0.1 www.fastseeker.com
127.0.0.1 spyblast.com #[Parasite.SpyBlast]
127.0.0.1 www.spyblast.com #[SBFullInst Control]
# [Advertising Concepts][Restricted Zone]
127.0.0.1 directcoupons.com
127.0.0.1 lists.directcoupons.com
127.0.0.1 news.directcoupons.com #[server down?]
127.0.0.1 directleads.com
127.0.0.1 track.directleads.com
127.0.0.1 ads.directstuff.com
127.0.0.1 directtrack.com
127.0.0.1 offersquest.directtrack.com
127.0.0.1 www.directtrack.com
# [Affiliation Networks][Tracking Service]
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 t.ign.com
127.0.0.1 tracker.ign.com
127.0.0.1 adserver.snowball.com
127.0.0.1 polls.snowball.com
127.0.0.1 scripts.snowball.com
127.0.0.1 t.snowball.com
127.0.0.1 tracker.snowball.com
# [Altnet][Adware.BDE][Adware.Topsearch]
127.0.0.1 altnet.com
127.0.0.1 media.altnet.com
127.0.0.1 ts.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 brilliantdigital.com #[Parasite.BDE]
127.0.0.1 st.brilliantdigital.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 b3d.com
127.0.0.1 www.b3d.com
127.0.0.1 bde3d.com
# [Applied Technologies Internet][Tracking Service][Restricted Zone site]
127.0.0.1 xiti.com
127.0.0.1 gestion.xiti.com
127.0.0.1 www.xiti.com
127.0.0.1 loga.xiti.com
127.0.0.1 logc13.xiti.com
127.0.0.1 logv3.xiti.com
127.0.0.1 logv20.xiti.com
127.0.0.1 logp.xiti.com
127.0.0.1 trafic.xiti.com
# [Apropos AdIntelligence][PeopleOnPage][ADW_POPBAR.A]
127.0.0.1 adintelligence.net
127.0.0.1 acc.adintelligence.net
127.0.0.1 adchannel.adintelligence.net
127.0.0.1 creatives.adintelligence.net
127.0.0.1 download.adintelligence.net #[SysAI]
127.0.0.1 www.adintelligence.net
127.0.0.1 adv.peopleonpage.com
127.0.0.1 app.peopleonpage.com
127.0.0.1 download.peopleonpage.com #[POP Loader]
127.0.0.1 envolo.peopleonpage.com
127.0.0.1 img.peopleonpage.com
127.0.0.1 srv.peopleonpage.com
127.0.0.1 www.peopleonpage.com #[Apropos.bho][PeopleOnPage.Apropos]
# [aQuantive Inc][Avenue A][Restricted Zone site]
127.0.0.1 image.avenuea.com
127.0.0.1 www.avenuea.com
127.0.0.1 www.atdmt.com
127.0.0.1 click.atdmt.com
127.0.0.1 clk.atdmt.com
127.0.0.1 spd.atdmt.com
127.0.0.1 spe.atdmt.com
127.0.0.1 switch.atdmt.com
127.0.0.1 view.atdmt.com
127.0.0.1 atlasdmt.com
127.0.0.1 www.atlasdmt.com
127.0.0.1 www.avenueainc.com
# [Avenue Media]
127.0.0.1 active-alert-server.com
127.0.0.1 www.active-alert-server.com
127.0.0.1 amnv.net
127.0.0.1 www.amnv.net
127.0.0.1 avenuemedia.com
127.0.0.1 www.avenuemedia.com
127.0.0.1 climaxbucks.com #[ClimaxBucks.InternetOptimizer]
127.0.0.1 cdn.climaxbucks.com
127.0.0.1 mt1.climaxbucks.com
127.0.0.1 mt23.climaxbucks.com
127.0.0.1 xbs.climaxbucks.com
127.0.0.1 www.climaxbucks.com
127.0.0.1 xbs.cocktailcash.com
127.0.0.1 cocktailcash.com
127.0.0.1 www.cocktailcash.com
127.0.0.1 ads.internet-optimizer.com #[Parasite.Internet Optimizer]
127.0.0.1 internet-optimizer.com #[Downloader.Dyfcia.F]
127.0.0.1 www.internet-optimizer.com #[Adware.NetOptimizer]
127.0.0.1 www.lunasearch.com
127.0.0.1 movies-etc.com
127.0.0.1 cdn.movies-etc.com
127.0.0.1 www.movies-etc.com
127.0.0.1 yoogee.com #[Parasite.Internet Optimizer]
127.0.0.1 www.yoogee.com
# [Azoogle.com INC]
127.0.0.1 c.azjmp.com
127.0.0.1 images.azoogleads.com
127.0.0.1 www.azoogleads.com
127.0.0.1 www.giftfox.com
127.0.0.1 images.imgehost.com
127.0.0.1 c.qckjmp.com
# [Aztec Marketing][Parasite.ILookup]
127.0.0.1 google.begin2search.com
127.0.0.1 toolbar.begin2search.com
127.0.0.1 www.begin2search.com #[iiittt Class]
127.0.0.1 click2findnow.com
127.0.0.1 www.click2findnow.com
127.0.0.1 i-lookup.com #[Adware.ILookup][server down?]
127.0.0.1 casinobuilder.i-lookup.com
127.0.0.1 domain.i-lookup.com
127.0.0.1 www.domain.i-lookup.com
127.0.0.1 query.i-lookup.com
127.0.0.1 search2.i-lookup.com
127.0.0.1 sqwire.i-lookup.com
127.0.0.1 toolbar.i-lookup.com
127.0.0.1 toolbar2.i-lookup.com #[Inst Class]
127.0.0.1 www.i-lookup.com #[JS/Exploit-DialogArg.b]
127.0.0.1 www2.i-lookup.com
# [Actif Oiseau Alerte S.A.]
127.0.0.1 www.eaffiliateinc.com
127.0.0.1 globalwebsearch.com #[Parasite.ILookup]
127.0.0.1 toolbar.globalwebsearch.com #[I-Lookup.GWS]
127.0.0.1 toolbar2.globalwebsearch.com #[iiittt Class]
127.0.0.1 www.globalwebsearch.com #[Adware.ILookup]
127.0.0.1 hotwebsearch.com
127.0.0.1 www.hotwebsearch.com
127.0.0.1 www.toonxxxfantasies.com
127.0.0.1 worldanywhere.com
127.0.0.1 toolbar.worldanywhere.com
127.0.0.1 www.worldanywhere.com
# [Bell Globemedia Interactive Inc]
127.0.0.1 adcounter.theglobeandmail.com
127.0.0.1 adrates.theglobeandmail.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads1.theglobeandmail.com
127.0.0.1 visit.theglobeandmail.com
127.0.0.1 www1.theglobeandmail.com
# [BLOKE.COM][Restricted Zone site]
127.0.0.1 adbot.com
127.0.0.1 w1.adbot.com
127.0.0.1 www.adbot.com
127.0.0.1 counter.bloke.com
127.0.0.1 www1.counter.bloke.com
127.0.0.1 www3.counter.bloke.com
127.0.0.1 www4.counter.bloke.com
127.0.0.1 www5.counter.bloke.com
127.0.0.1 www6.counter.bloke.com
127.0.0.1 www7.counter.bloke.com
127.0.0.1 counterbot.com
127.0.0.1 cb1.counterbot.com
# [Bluestreak][Tracking Service][Restricted Zone site]
127.0.0.1 ak.bluestreak.com
127.0.0.1 ca1.bluestreak.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 www.bluestreak.com
# [BONZI][Adware.Bonzi]
127.0.0.1 download.bonzi.com
127.0.0.1 images.bonzi.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.bonzibuddy.com
# [BraveNet][Tracking Service][Restricted Zone site]
127.0.0.1 bravenet.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 images.bravenet.com
127.0.0.1 linktrack.bravenet.com
127.0.0.1 pub1.bravenet.com
127.0.0.1 www.bravenet.com
# [BruggeNet][Trojan.Adclicker]
127.0.0.1 belgiandip.com #[ITS Protocol exploit]
127.0.0.1 www.belgiandip.com
127.0.0.1 fassia.net #[Parasite.AutoSearch]
127.0.0.1 www.fassia.net
127.0.0.1 flipperkeys.com
127.0.0.1 www.flipperkeys.com
127.0.0.1 www.illtemperedguppys.com
127.0.0.1 manipulatingtheicesurface.com
127.0.0.1 www.manipulatingtheicesurface.com
127.0.0.1 www.no-beba-el-agua.com
127.0.0.1 smokeandapancake.org #[Adware.Winpup]
127.0.0.1 www.smokeandapancake.org #[AdClicker-O][Troj/Psyme-C]
127.0.0.1 www.undergroundlair.net #[Troj/AdClick-N]
127.0.0.1 www2.undergroundlair.net
127.0.0.1 www.00z70az77mnsa-00swj1zzprh.com #[www2.undergroundlair.net]
127.0.0.1 www.funcionamiento-con-la-tijera.com #[undergroundlair.net]
# [BurstMedia][Tracking Service][Restricted Zone site]
127.0.0.1 burstmedia.com
127.0.0.1 web.burstmedia.com
127.0.0.1 roscoe.burstmedia.com
127.0.0.1 ads.burstnet.com
127.0.0.1 gifs.burstnet.com
127.0.0.1 sj.burstnet.com
127.0.0.1 www.burstnet.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www3.burstnet.com
127.0.0.1 www4.burstnet.com
127.0.0.1 www5.burstnet.com
127.0.0.1 www6.burstnet.com
127.0.0.1 www.burstnet.akadns.net
# [Casale Media]
127.0.0.1 casalemedia.com
127.0.0.1 as.casalemedia.com
127.0.0.1 asg01.casalemedia.com
127.0.0.1 asg02.casalemedia.com
127.0.0.1 asg03.casalemedia.com
127.0.0.1 asg04.casalemedia.com
127.0.0.1 asg05.casalemedia.com
127.0.0.1 asg06.casalemedia.com
127.0.0.1 asg07.casalemedia.com
127.0.0.1 asg08.casalemedia.com
127.0.0.1 asg09.casalemedia.com
127.0.0.1 asg10.casalemedia.com
127.0.0.1 aslg01.casalemedia.com
127.0.0.1 aslg02.casalemedia.com
127.0.0.1 aslg03.casalemedia.com
127.0.0.1 aslg04.casalemedia.com
127.0.0.1 aslg05.casalemedia.com
127.0.0.1 aslg06.casalemedia.com
127.0.0.1 aslg07.casalemedia.com
127.0.0.1 aslg08.casalemedia.com
127.0.0.1 aslg09.casalemedia.com
127.0.0.1 aslg10.casalemedia.com
127.0.0.1 c.casalemedia.com
127.0.0.1 i.casalemedia.com
127.0.0.1 is.casalemedia.com
127.0.0.1 isg01.casalemedia.com
127.0.0.1 isg02.casalemedia.com
127.0.0.1 isg03.casalemedia.com
127.0.0.1 isg04.casalemedia.com
127.0.0.1 isg05.casalemedia.com
127.0.0.1 www.casalemedia.com
127.0.0.1 www.noadwarenow.com
127.0.0.1 www.spywarestormer.com #[CInstall Class]
# [c2 Media Ltd][Download.Adware.Lop][C2.lop]
127.0.0.1 active-max.com
127.0.0.1 search.active-max.com
127.0.0.1 www.active-max.com
127.0.0.1 allaboutsearching.com
127.0.0.1 www.allaboutsearching.com
127.0.0.1 amazingautossearch.com
127.0.0.1 www.amazingautossearch.com
127.0.0.1 contexualsearch.com
127.0.0.1 www.contexualsearch.com
127.0.0.1 www.dialup2.com
127.0.0.1 ecpm.com
127.0.0.1 www.ecpm.com
127.0.0.1 find-quick.com
127.0.0.1 www.find-quick.com
127.0.0.1 look-today.com
127.0.0.1 www.look-today.com
127.0.0.1 lop.com
127.0.0.1 ao.lop.com
127.0.0.1 ayb.lop.com
127.0.0.1 bins.lop.com
127.0.0.1 k17177.bins.lop.com
127.0.0.1 img.lop.com
127.0.0.1 sue.lop.com
127.0.0.1 srch.lop.com #[Parasite.LOP]
127.0.0.1 www1.lop.com
127.0.0.1 www.lop2.com
127.0.0.1 www.lop.com
127.0.0.1 maxexp.com
127.0.0.1 www.mp3search.com
127.0.0.1 mysearchnow.com
127.0.0.1 search200.com
127.0.0.1 www.search200.com
127.0.0.1 search.mysearchnow.com
127.0.0.1 www.mysearchnow.com
127.0.0.1 netsearchsoft.com
127.0.0.1 www.netsearchsoft.com
127.0.0.1 omegasearch.com
127.0.0.1 www.omegasearch.com
127.0.0.1 prosearching.com
127.0.0.1 www.prosearching.com
127.0.0.1 www.rub.to
127.0.0.1 sbvr.com
127.0.0.1 www.sbvr.com
127.0.0.1 searchexe.com
127.0.0.1 www.searchexe.com
127.0.0.1 searchweb2.com
127.0.0.1 www.searchweb2.com
127.0.0.1 spawnet.com
127.0.0.1 www.spawnet.com
127.0.0.1 tdmy.com #[TrojanDownloader.Win32.Swizzor.h]
127.0.0.1 tefs.com
127.0.0.1 tfil.com
127.0.0.1 www.tfil.com
127.0.0.1 tdko.com
127.0.0.1 www.tdko.com
127.0.0.1 wfix.com #[super-spider.com]
127.0.0.1 installdollars.com #[affiliate]
# [Cyril Paciullo][Messenger Plus!]
127.0.0.1 download.msgplus.net
127.0.0.1 files.msgplus.net
127.0.0.1 plugins.msgplus.net
127.0.0.1 www.msgplus.net
127.0.0.1 www.msgpluszone.com
127.0.0.1 www.patchou.com
127.0.0.1 www.lyricsdomain.com #[affiliate]
127.0.0.1 www.negativebeats.com #[Downloader.Small][affiliate]
# [CA Web Designs][Tracking Service][Restricted Zone site]
127.0.0.1 clickxchange.com
127.0.0.1 caweb1.clickxchange.com
127.0.0.1 caweb2.clickxchange.com
127.0.0.1 www.clickxchange.com
# [CDT Inc][NetVision][Adware.CDT][Parasite.ISTbar]
127.0.0.1 public.americandaytrading.com
127.0.0.1 blazefind.com #[IE SearchBar]
127.0.0.1 omniscient.blazefind.com #[TROJ_BLAZEFIND.A]
127.0.0.1 xml.blazefind.com
127.0.0.1 www.blazefind.com #[Adware.BlazeFind]
127.0.0.1 cdtnet.net
127.0.0.1 anne.cdtnet.net
127.0.0.1 caroline.cdtnet.net
127.0.0.1 flingstone.com #[TROJ_WINFAVS.A]
127.0.0.1 redirect.flingstone.com
127.0.0.1 static.flingstone.com #[brdg Class]
127.0.0.1 www.flingstone.com #[Adware.WinFavorites.B]
127.0.0.1 www2.flingstone.com #[brdg Class][Win32/Bryss.Spy.Trojan]
127.0.0.1 homepagecash.com
127.0.0.1 www.homepagecash.com
127.0.0.1 loudcash.com
127.0.0.1 partners.loudcash.com
127.0.0.1 www.loudcash.com
127.0.0.1 searchbarcash.com
127.0.0.1 public.searchbarcash.com #[WinFavorites][DownloadUL Class]
127.0.0.1 www.searchbarcash.com #[Parasite.TinyBar]
127.0.0.1 searchbrowser.com
127.0.0.1 findwhatevernow.searchbrowser.com
127.0.0.1 skoobidoo.com
127.0.0.1 www.skoobidoo.com
127.0.0.1 www2.skoobidoo.com #[Downloader.MSCache]
127.0.0.1 public.windupdates.com
127.0.0.1 www.windupdates.com
127.0.0.1 counterstrike.server.us #[Downloader.CDT]
# [CJB Management][Backdoor.Ptsnoop]
127.0.0.1 bannerexchange.cjb.net
127.0.0.1 coder3862004.cjb.net #[Trojan.Bansap]
127.0.0.1 pop.mircx.com #[Trojan.Bansap]
127.0.0.1 searchwww.com
127.0.0.1 search.searchwww.com #[Parasite.SearchWWW]
127.0.0.1 vbs.searchwww.com
127.0.0.1 www.searchwww.com
# [Click Enterprises]
127.0.0.1 dafinder.com
127.0.0.1 www2.dafinder.com
127.0.0.1 www3.dafinder.com
127.0.0.1 adult.getmoviesonline.com
127.0.0.1 www.getmoviesonline.com
127.0.0.1 ourlinklist.com
127.0.0.1 searchaccurate.com #[Parasite.TinyBar]
127.0.0.1 www.searchaccurate.com
# [CNN\Time Warner\AOL]
127.0.0.1 ads.web.aol.com
127.0.0.1 affiliate.aol.com
127.0.0.1 aim.aol.com
127.0.0.1 dynamic.aol.com
127.0.0.1 free.aol.com
127.0.0.1 usaol.com
127.0.0.1 ar.atwola.com
127.0.0.1 ads.newline.aol.com
127.0.0.1 p.specialoffers.aol.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adremote.timeinc.net
# [CNET.COM][Ad Servers]
127.0.0.1 adimg.cnet.com
127.0.0.1 remotead-internal.cnet.com
127.0.0.1 remotead.cnet.com
127.0.0.1 ads.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adlog.com.com
# [Commission Junction][Tracking Service][Restricted Zone site]
127.0.0.1 cj.com
127.0.0.1 www.cj.com
127.0.0.1 www.commission-junction.com
127.0.0.1 qksrv.com
127.0.0.1 www.qksrv.net
127.0.0.1 www.qksz.net
# [Comodo Research Labs][Restricted Zone site]
127.0.0.1 secure.comodo.net
127.0.0.1 www.comodo.net #[certificate issuer]
127.0.0.1 www.instantssl.com
127.0.0.1 trusttoolbar.com
127.0.0.1 www.trusttoolbar.com
# [CommonName Limited][Adware.CommonName][Parasite.CommonName]
127.0.0.1 commonname.com
127.0.0.1 www.commonname.com
127.0.0.1 commonnames.com
127.0.0.1 www.commonnames.com
127.0.0.1 xpsn.com
127.0.0.1 www.xpsn.com
# [

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 01 October 2004 - 06:50 PM

Is that a fragment of the hosts file or the full thing?

Well if it is being controlled we should be able to see it as there will be a strange programming listening on a port on your computer. Please do the following:

Download this file:

http://www.bleepingcomputer.com/files/forensics/Fport.exe

Save it to the c:\ drive.

Then click on start, run, and type cmd and press the ok button.

At the cmd prompt, type the following:

cd \ and press enter

fport > fport.txt and press enter.

notepad fport.txt and press enter.

Copy and paste the contents of the notepad to a reply to this message.

#9 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 02 October 2004 - 07:02 AM

Hello,

That's the whole HOST file and the list keeps on growing.

Here is the info you requested.

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
1464 inetinfo -> 80 TCP C:\WINNT\System32\inetsrv\inetinfo.exe
840 -> 135 TCP
4 System -> 139 TCP
1464 inetinfo -> 443 TCP C:\WINNT\System32\inetsrv\inetinfo.exe
4 System -> 445 TCP
1464 inetinfo -> 1028 TCP C:\WINNT\System32\inetsrv\inetinfo.exe
2084 -> 1030 TCP
0 System -> 1438 TCP
0 System -> 1439 TCP

2084 -> 123 UDP
0 System -> 123 UDP
0 System -> 137 UDP
0 System -> 138 UDP
1464 inetinfo -> 161 UDP C:\WINNT\System32\inetsrv\inetinfo.exe
840 -> 445 UDP
1464 inetinfo -> 500 UDP C:\WINNT\System32\inetsrv\inetinfo.exe
4 System -> 1332 UDP
4 System -> 3456 UDP
1464 inetinfo -> 4500 UDP C:\WINNT\System32\inetsrv\inetinfo.exe

#10 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 02 October 2004 - 08:09 AM

Hello Grinler, Some more info.

I checked that Info I got from that little utility you had me run.

The default web site is running. I never set it up or started it. I don't use IIS on this machine. I paused it and the Pop - up logon screens stopped.

Now what caused this? I just wanted you to know what I found.

#11 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 03 October 2004 - 10:06 AM

Grinler I have more Info:

The two entries below in the Hijack This log is used by Comcast my ISP for registration purposes. No need to keep it so I got rid of them.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r5.attbi.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.r5.attbi.com

The Picture Taker service was something used with a Web-cam app. I no longer use the web-cam or have the app. installed.

Now that's said and done we know how to stop these annoying Logon screens but what is causing them and how did the default web site get started in IIS?

Looking forward to hearing from you after you analyze the fport log.

Thanks ttomt

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 03 October 2004 - 04:30 PM

Ok.. I had a feeling you were running something on port 80 (http) which is what was causing the logins. Not sure why yet though..

Are the logon prompts still happening now that IIS is off?


I want you to rename your hosts file to hosts.bak and see if that stops the logon prompts

#13 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 04 October 2004 - 07:25 AM

With Default Web site stooped the Logon screens stop. I start the Default Web site and the screens returned.

I changed my HOSTS file to HOSTS.bak with Default Web site started, no more Logon screens.

I stopped the Default Web site with the HOSTS file still changed to HOSTS.bak no more logon screens.

A little more info. I Loaded IIS on another XP PRO computer on my network lab and it looks like the Default Web Site is started by default. It has the same HOSTS file as this problem computer and all the other computers. No Login prompts on any web sites visited.

Something is hidden really good here on this machine that's causing this.

When we find what is causing this I'm going to remove IIS. I have no need for a web server. I don't know how or when it was loaded on this machine. I saw it in Administrative Tolls for a long time but it never gave me problems till now. Also I had no idea it is was running. It looks like when the IIS component is loaded the default web site is started by default. Really great for security.

No one has ever been in this computer except for Gateway. A Gateway tech used Remote Assistance to fix a problem about 2 years ago. Then I shut down Remote Assistance. I have Remote Desktop off.

#14 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,504 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:07 PM

Posted 04 October 2004 - 03:09 PM

With IIS on , and you open a web browser and browse to that computers IP address, do you get a logon prompt?

#15 ttomt

ttomt
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:07 AM

Posted 04 October 2004 - 04:25 PM

I will try that. Yes I do get the logon prompt..

If I enter my username and password I get the Win XP Your Web service is now running page. If I do it from another computer I get the Under Construction page.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users