I downloaded a file converting program that was recommmended on a blog (big mistake, I know) and afterwards noticed a new search engine in my list (Conduit). I had already uninstalled the program because I didn't like the way it tried to get me to add other programs during the installation.
So I started an MBAM full scan before I went to bed last night. This morning it found the following items and gave instructions to restart the computer to fully remove the threat. I also got a flag from Scotty that MBAM made a start up change. It also said that was normal for updates and it would only run once, so I allowed it. On restart, my homepage had been hijacked by the Conduit search page, even though I have settings that should have prevented any home page changes. Also, my MSE icon no longer appears on my task bar, although I can open the panel from the programs menu. Other icons are also missing.
There was another Scotty alert to another start up program that I chose the block link for (a gibberish type of .exe) and the panel disappeared. I cannot open Win Patrol now.
=============================================================
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.12.26.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Helena :: LIBRARY [administrator]
12/25/2013 11:58:19 PM
mbam-log-2013-12-25 (23-58-19).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 487335
Time elapsed: 1 hour(s), 57 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP22E77BD7-650C-44D0-8F1A-69F52A047C6E&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\Documents and Settings\Helena\Local Settings\Temp\nsa3DF.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Helena\Local Settings\Temp\nsd3D6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Helena\Local Settings\Temp\nsl442.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Helena\Local Settings\Temp\nsm3D3.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Helena\Local Settings\Temp\nsn3D9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Helena\Local Settings\Temp\nsu3DC.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Helena\Local Settings\Temp\nsw3D0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Helena\Local Settings\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
(end)
===========DDS
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Helena at 9:43:12 on 2013-12-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2488 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUMENTS AND SETTINGS\Helena\Desktop\DESKTOPSV1.01.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SAMSUNG\PANELMGR\SSMMGR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [Sysinternals Desktops] c:\documents and settings\helena\desktop\DESKTOPSV1.01.EXE
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMGR.EXE /autorun
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTASK.EXE" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341421229820
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FCBBB7EF-0AD9-4176-92AF-EC81C597E983} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
Hosts: 0.0.0.0 abcstats.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\helena\application data\mozilla\firefox\profiles\lfoq4mi4.default\
FF - prefs.js: browser.search.selectedEngine - Conduit Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP22E77BD7-650C-44D0-8F1A-69F52A047C6E&SSPV=
FF - component: c:\documents and settings\helena\application data\mozilla\firefox\profiles\lfoq4mi4.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\documents and settings\helena\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\helena\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\helena\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 214696]
R1 MpKsl58fa3e5e;MpKsl58fa3e5e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5996ccbc-e380-4a5d-9270-d740ffbb0d6b}\MpKsl58fa3e5e.sys [2013-12-26 40392]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-10 399416]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S3 DLKRT32;D-Link DGE-530T Gigabit Ethernet Adapter Driver;c:\windows\system32\drivers\DLKRT32.sys [2013-10-12 598160]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 RapportIaso;RapportIaso;\??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys --> c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-10 993848]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [2009-9-22 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [2009-8-27 20992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-26 15:26:03 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5996ccbc-e380-4a5d-9270-d740ffbb0d6b}\offreg.dll
2013-12-26 15:26:03 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5996ccbc-e380-4a5d-9270-d740ffbb0d6b}\MpKsl58fa3e5e.sys
2013-12-26 15:20:21 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5996ccbc-e380-4a5d-9270-d740ffbb0d6b}\mpengine.dll
2013-12-25 18:56:49 -------- d-----w- c:\windows\system32\tfc
2013-12-25 18:55:35 -------- d-----w- c:\program files\Video-Saver
2013-12-25 16:03:18 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-25 05:36:16 -------- d-----w- c:\documents and settings\helena\local settings\application data\Wondershare
2013-12-25 05:36:13 -------- d-----w- c:\program files\common files\Wondershare
2013-12-25 05:35:31 185344 ----a-w- c:\windows\system32\framedyn.dll
2013-12-25 05:22:22 -------- d-----w- c:\documents and settings\helena\local settings\application data\WMTools Downloaded Files
2013-12-02 16:14:32 -------- d-----w- c:\program files\FBBackup3
.
==================== Find3M ====================
.
2013-12-19 22:21:08 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-19 22:21:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 15:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2009-08-20 12:22:26 9814016 ----a-w- c:\program files\openofficeorg31.msi
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
.
============= FINISH: 9:43:53.39 ===============
============Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2008 6:38:09 PM
System Uptime: 12/26/2013 9:32:11 AM (0 hours ago)
.
Motherboard: MSI | | MS-7399
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 241.248 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1979: 9/28/2013 2:17:37 AM - Software Distribution Service 3.0
RP1980: 9/28/2013 9:26:26 AM - Software Distribution Service 3.0
RP1981: 9/29/2013 2:17:59 AM - Software Distribution Service 3.0
RP1982: 9/29/2013 9:26:27 AM - Software Distribution Service 3.0
RP1983: 9/30/2013 2:17:32 AM - Software Distribution Service 3.0
RP1984: 9/30/2013 9:26:34 AM - Software Distribution Service 3.0
RP1985: 10/1/2013 2:17:40 AM - Software Distribution Service 3.0
RP1986: 10/1/2013 9:28:07 AM - Software Distribution Service 3.0
RP1987: 10/2/2013 2:17:21 AM - Software Distribution Service 3.0
RP1988: 10/2/2013 9:26:25 AM - Software Distribution Service 3.0
RP1989: 10/3/2013 2:17:12 AM - Software Distribution Service 3.0
RP1990: 10/3/2013 9:26:29 AM - Software Distribution Service 3.0
RP1991: 10/4/2013 2:17:18 AM - Software Distribution Service 3.0
RP1992: 10/4/2013 9:26:28 AM - Software Distribution Service 3.0
RP1993: 10/5/2013 2:16:58 AM - Software Distribution Service 3.0
RP1994: 10/5/2013 9:26:27 AM - Software Distribution Service 3.0
RP1995: 10/6/2013 2:17:33 AM - Software Distribution Service 3.0
RP1996: 10/6/2013 9:26:26 AM - Software Distribution Service 3.0
RP1997: 10/7/2013 2:17:57 AM - Software Distribution Service 3.0
RP1998: 10/7/2013 9:26:32 AM - Software Distribution Service 3.0
RP1999: 10/8/2013 2:17:14 AM - Software Distribution Service 3.0
RP2000: 10/8/2013 9:26:00 AM - Software Distribution Service 3.0
RP2001: 10/9/2013 2:26:23 AM - Software Distribution Service 3.0
RP2002: 10/9/2013 3:00:16 AM - Software Distribution Service 3.0
RP2003: 10/9/2013 9:41:22 AM - Software Distribution Service 3.0
RP2004: 10/9/2013 2:35:31 PM - Software Distribution Service 3.0
RP2005: 10/9/2013 2:40:43 PM - Software Distribution Service 3.0
RP2006: 10/9/2013 3:09:24 PM - Software Distribution Service 3.0
RP2007: 10/9/2013 5:08:31 PM - before WinPatrol update and after Oct Windows updates
RP2008: 10/10/2013 2:17:57 AM - Software Distribution Service 3.0
RP2009: 10/10/2013 3:04:08 PM - Software Distribution Service 3.0
RP2010: 10/11/2013 2:16:12 AM - Software Distribution Service 3.0
RP2011: 10/11/2013 3:03:04 PM - Software Distribution Service 3.0
RP2012: 10/11/2013 5:12:07 PM - Installed DGE-530T Ethernet Controller All-In-One Windows Driver
RP2013: 10/11/2013 5:40:55 PM - Installed DGE-530T Ethernet Controller All-In-One Windows Driver�
RP2014: 10/12/2013 2:17:25 AM - Software Distribution Service 3.0
RP2015: 10/12/2013 5:11:27 PM - Removed DGE-530T Ethernet Controller All-In-One Windows Driver
RP2016: 10/12/2013 5:12:56 PM - Installed DGE-530T Ethernet Controller All-In-One Windows Driver�
RP2017: 10/12/2013 5:27:58 PM - Unsigned driver install
RP2018: 10/13/2013 1:53:09 AM - Software Distribution Service 3.0
RP2019: 10/13/2013 5:59:56 PM - Software Distribution Service 3.0
RP2020: 10/14/2013 5:59:59 PM - Software Distribution Service 3.0
RP2021: 10/15/2013 1:52:55 AM - Software Distribution Service 3.0
RP2022: 10/15/2013 5:59:07 PM - Software Distribution Service 3.0
RP2023: 10/15/2013 7:37:38 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP2024: 10/15/2013 11:46:21 PM - Software Distribution Service 3.0
RP2025: 10/16/2013 7:56:15 PM - Software Distribution Service 3.0
RP2026: 10/17/2013 1:41:34 AM - Software Distribution Service 3.0
RP2027: 10/17/2013 7:54:26 PM - Software Distribution Service 3.0
RP2028: 10/18/2013 1:33:22 AM - Software Distribution Service 3.0
RP2029: 10/18/2013 7:54:24 PM - Software Distribution Service 3.0
RP2030: 10/19/2013 1:32:54 AM - Software Distribution Service 3.0
RP2031: 10/19/2013 7:54:39 PM - Software Distribution Service 3.0
RP2032: 10/20/2013 1:33:20 AM - Software Distribution Service 3.0
RP2033: 10/20/2013 7:54:25 PM - Software Distribution Service 3.0
RP2034: 10/21/2013 1:45:53 AM - Software Distribution Service 3.0
RP2035: 10/21/2013 7:54:24 PM - Software Distribution Service 3.0
RP2036: 10/22/2013 1:33:38 AM - Software Distribution Service 3.0
RP2037: 10/22/2013 7:54:21 PM - Software Distribution Service 3.0
RP2038: 10/23/2013 1:33:10 AM - Software Distribution Service 3.0
RP2039: 10/23/2013 7:54:22 PM - Software Distribution Service 3.0
RP2040: 10/24/2013 1:33:21 AM - Software Distribution Service 3.0
RP2041: 10/24/2013 7:54:38 PM - Software Distribution Service 3.0
RP2042: 10/25/2013 1:33:06 AM - Software Distribution Service 3.0
RP2043: 10/25/2013 7:54:23 PM - Software Distribution Service 3.0
RP2044: 10/26/2013 1:33:52 AM - Software Distribution Service 3.0
RP2045: 10/26/2013 7:54:22 PM - Software Distribution Service 3.0
RP2046: 10/27/2013 1:34:06 AM - Software Distribution Service 3.0
RP2047: 10/27/2013 7:54:21 PM - Software Distribution Service 3.0
RP2048: 10/28/2013 1:38:43 AM - Software Distribution Service 3.0
RP2049: 10/28/2013 7:54:27 PM - Software Distribution Service 3.0
RP2050: 10/29/2013 1:33:11 AM - Software Distribution Service 3.0
RP2051: 10/29/2013 7:53:20 PM - Software Distribution Service 3.0
RP2052: 10/30/2013 1:33:02 AM - Software Distribution Service 3.0
RP2053: 10/30/2013 7:54:11 PM - Software Distribution Service 3.0
RP2054: 10/31/2013 1:33:43 AM - Software Distribution Service 3.0
RP2055: 10/31/2013 7:54:13 PM - Software Distribution Service 3.0
RP2056: 11/1/2013 1:33:47 AM - Software Distribution Service 3.0
RP2057: 11/1/2013 7:55:42 PM - Software Distribution Service 3.0
RP2058: 11/2/2013 1:33:50 AM - Software Distribution Service 3.0
RP2059: 11/2/2013 7:54:19 PM - Software Distribution Service 3.0
RP2060: 11/3/2013 12:33:46 AM - Software Distribution Service 3.0
RP2061: 11/3/2013 1:32:42 AM - Software Distribution Service 3.0
RP2062: 11/3/2013 6:54:12 PM - Software Distribution Service 3.0
RP2063: 11/4/2013 1:38:46 AM - Software Distribution Service 3.0
RP2064: 11/4/2013 6:54:15 PM - Software Distribution Service 3.0
RP2065: 11/5/2013 1:38:36 AM - Software Distribution Service 3.0
RP2066: 11/5/2013 6:53:37 PM - Software Distribution Service 3.0
RP2067: 11/6/2013 1:33:27 AM - Software Distribution Service 3.0
RP2068: 11/6/2013 6:54:10 PM - Software Distribution Service 3.0
RP2069: 11/7/2013 1:33:54 AM - Software Distribution Service 3.0
RP2070: 11/7/2013 6:54:12 PM - Software Distribution Service 3.0
RP2071: 11/8/2013 1:33:04 AM - Software Distribution Service 3.0
RP2072: 11/8/2013 6:54:11 PM - Software Distribution Service 3.0
RP2073: 11/9/2013 1:34:59 AM - Software Distribution Service 3.0
RP2074: 11/9/2013 9:08:40 AM - Installed Microsoft Fix it 50992
RP2075: 11/9/2013 6:54:34 PM - Software Distribution Service 3.0
RP2076: 11/10/2013 1:33:49 AM - Software Distribution Service 3.0
RP2077: 11/10/2013 6:54:06 PM - Software Distribution Service 3.0
RP2078: 11/11/2013 1:33:51 AM - Software Distribution Service 3.0
RP2079: 11/12/2013 2:05:55 AM - System Checkpoint
RP2080: 11/12/2013 2:14:02 AM - Software Distribution Service 3.0
RP2081: 11/13/2013 2:22:23 AM - Software Distribution Service 3.0
RP2082: 11/13/2013 10:41:46 AM - Software Distribution Service 3.0
RP2083: 11/14/2013 2:22:35 AM - Software Distribution Service 3.0
RP2084: 11/14/2013 3:00:22 AM - Software Distribution Service 3.0
RP2085: 11/15/2013 1:55:16 AM - Software Distribution Service 3.0
RP2086: 11/15/2013 3:32:49 AM - Software Distribution Service 3.0
RP2087: 11/16/2013 1:55:02 AM - Software Distribution Service 3.0
RP2088: 11/16/2013 3:32:54 AM - Software Distribution Service 3.0
RP2089: 11/17/2013 1:54:58 AM - Software Distribution Service 3.0
RP2090: 11/18/2013 1:54:07 AM - Software Distribution Service 3.0
RP2091: 11/18/2013 3:32:54 AM - Software Distribution Service 3.0
RP2092: 11/18/2013 11:33:33 PM - Software Distribution Service 3.0
RP2093: 11/19/2013 2:15:39 AM - Software Distribution Service 3.0
RP2094: 11/19/2013 11:49:21 PM - Software Distribution Service 3.0
RP2095: 11/20/2013 2:15:24 AM - Software Distribution Service 3.0
RP2096: 11/20/2013 11:49:25 PM - Software Distribution Service 3.0
RP2097: 11/21/2013 2:15:11 AM - Software Distribution Service 3.0
RP2098: 11/21/2013 11:49:20 PM - Software Distribution Service 3.0
RP2099: 11/22/2013 2:15:36 AM - Software Distribution Service 3.0
RP2100: 11/22/2013 11:49:20 PM - Software Distribution Service 3.0
RP2101: 11/23/2013 2:15:48 AM - Software Distribution Service 3.0
RP2102: 11/23/2013 11:49:23 PM - Software Distribution Service 3.0
RP2103: 11/24/2013 2:15:26 AM - Software Distribution Service 3.0
RP2104: 11/24/2013 11:48:36 PM - Software Distribution Service 3.0
RP2105: 11/25/2013 2:15:50 AM - Software Distribution Service 3.0
RP2106: 11/25/2013 11:49:24 PM - Software Distribution Service 3.0
RP2107: 11/26/2013 2:15:15 AM - Software Distribution Service 3.0
RP2108: 11/26/2013 11:49:19 PM - Software Distribution Service 3.0
RP2109: 11/27/2013 2:15:59 AM - Software Distribution Service 3.0
RP2110: 11/27/2013 11:49:49 PM - Software Distribution Service 3.0
RP2111: 11/28/2013 2:14:59 AM - Software Distribution Service 3.0
RP2112: 11/28/2013 11:49:28 PM - Software Distribution Service 3.0
RP2113: 11/29/2013 2:15:34 AM - Software Distribution Service 3.0
RP2114: 11/29/2013 11:49:29 PM - Software Distribution Service 3.0
RP2115: 11/30/2013 2:16:01 AM - Software Distribution Service 3.0
RP2116: 11/30/2013 11:49:30 PM - Software Distribution Service 3.0
RP2117: 12/1/2013 2:15:22 AM - Software Distribution Service 3.0
RP2118: 12/1/2013 11:49:17 PM - Software Distribution Service 3.0
RP2119: 12/2/2013 2:15:30 AM - Software Distribution Service 3.0
RP2120: 12/2/2013 10:13:41 AM - befire installing file backup program
RP2121: 12/2/2013 11:51:29 PM - Software Distribution Service 3.0
RP2122: 12/3/2013 2:15:24 AM - Software Distribution Service 3.0
RP2123: 12/3/2013 11:49:19 PM - Software Distribution Service 3.0
RP2124: 12/4/2013 2:15:28 AM - Software Distribution Service 3.0
RP2125: 12/4/2013 11:49:12 PM - Software Distribution Service 3.0
RP2126: 12/5/2013 2:15:47 AM - Software Distribution Service 3.0
RP2127: 12/5/2013 11:49:17 PM - Software Distribution Service 3.0
RP2128: 12/6/2013 2:15:55 AM - Software Distribution Service 3.0
RP2129: 12/6/2013 11:49:25 PM - Software Distribution Service 3.0
RP2130: 12/7/2013 2:15:47 AM - Software Distribution Service 3.0
RP2131: 12/7/2013 11:49:18 PM - Software Distribution Service 3.0
RP2132: 12/8/2013 2:15:37 AM - Software Distribution Service 3.0
RP2133: 12/8/2013 11:49:14 PM - Software Distribution Service 3.0
RP2134: 12/9/2013 2:16:40 AM - Software Distribution Service 3.0
RP2135: 12/9/2013 11:48:15 PM - Software Distribution Service 3.0
RP2136: 12/11/2013 12:06:50 AM - Software Distribution Service 3.0
RP2137: 12/11/2013 2:33:04 AM - Software Distribution Service 3.0
RP2138: 12/11/2013 9:11:17 AM - Software Distribution Service 3.0
RP2139: 12/12/2013 2:29:30 AM - Software Distribution Service 3.0
RP2140: 12/12/2013 10:03:24 AM - Software Distribution Service 3.0
RP2141: 12/13/2013 2:29:32 AM - Software Distribution Service 3.0
RP2142: 12/13/2013 8:59:19 AM - Software Distribution Service 3.0
RP2143: 12/13/2013 10:03:04 AM - Software Distribution Service 3.0
RP2144: 12/14/2013 2:29:55 AM - Software Distribution Service 3.0
RP2145: 12/14/2013 10:03:25 AM - Software Distribution Service 3.0
RP2146: 12/15/2013 2:29:50 AM - Software Distribution Service 3.0
RP2147: 12/15/2013 10:03:22 AM - Software Distribution Service 3.0
RP2148: 12/16/2013 2:30:03 AM - Software Distribution Service 3.0
RP2149: 12/16/2013 10:03:20 AM - Software Distribution Service 3.0
RP2150: 12/17/2013 2:29:43 AM - Software Distribution Service 3.0
RP2151: 12/17/2013 10:03:25 AM - Software Distribution Service 3.0
RP2152: 12/18/2013 2:29:45 AM - Software Distribution Service 3.0
RP2153: 12/18/2013 10:05:12 AM - Software Distribution Service 3.0
RP2154: 12/19/2013 2:29:52 AM - Software Distribution Service 3.0
RP2155: 12/19/2013 10:03:24 AM - Software Distribution Service 3.0
RP2156: 12/20/2013 2:29:52 AM - Software Distribution Service 3.0
RP2157: 12/20/2013 10:03:27 AM - Software Distribution Service 3.0
RP2158: 12/21/2013 2:29:55 AM - Software Distribution Service 3.0
RP2159: 12/21/2013 10:03:34 AM - Software Distribution Service 3.0
RP2160: 12/22/2013 2:29:58 AM - Software Distribution Service 3.0
RP2161: 12/22/2013 10:03:24 AM - Software Distribution Service 3.0
RP2162: 12/23/2013 2:29:32 AM - Software Distribution Service 3.0
RP2163: 12/23/2013 10:03:27 AM - Software Distribution Service 3.0
RP2164: 12/24/2013 2:30:18 AM - Software Distribution Service 3.0
RP2165: 12/24/2013 10:03:16 AM - Software Distribution Service 3.0
RP2166: 12/24/2013 11:28:41 PM - before installing video editor
RP2167: 12/24/2013 11:37:25 PM - Installed Windows XP -- Software Updates KB952011.
RP2168: 12/25/2013 2:29:11 AM - Software Distribution Service 3.0
RP2169: 12/25/2013 10:03:17 AM - Software Distribution Service 3.0
RP2170: 12/26/2013 2:29:19 AM - Software Distribution Service 3.0
.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
Hosts: 0.0.0.0 abcstats.com
Hosts: 0.0.0.0 a.abv.bg
Hosts: 0.0.0.0 adserver.abv.bg
Hosts: 0.0.0.0 adv.abv.bg
Hosts: 0.0.0.0 bimg.abv.bg
Hosts: 0.0.0.0 ca.abv.bg
Hosts: 0.0.0.0 www2.a-counter.kiev.ua
Hosts: 0.0.0.0 track.acclaimnetwork.com
Hosts: 0.0.0.0 accuserveadsystem.com
Hosts: 0.0.0.0 www.accuserveadsystem.com
Hosts: 0.0.0.0 achmedia.com
Hosts: 0.0.0.0 csh.actiondesk.com
Hosts: 0.0.0.0 www.activemeter.com #[Tracking.Cookie]
Hosts: 0.0.0.0 ads.activepower.net
Hosts: 0.0.0.0 app.activetrail.com
Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
Hosts: 0.0.0.0 traffic.acwebconnecting.com
Hosts: 0.0.0.0 office.ad1.ru
Hosts: 0.0.0.0 cms.ad2click.nl
Hosts: 0.0.0.0 ad2games.com
Hosts: 0.0.0.0 ads.ad2games.com
Hosts: 0.0.0.0 content.ad20.net
Hosts: 0.0.0.0 core.ad20.net
Hosts: 0.0.0.0 banner.ad.nu
Hosts: 0.0.0.0 cl21.v4.adaction.se
Hosts: 0.0.0.0 adadvisor.net
Hosts: 0.0.0.0 tag1.adaptiveads.com
Hosts: 0.0.0.0 www.adbanner.ro
Hosts: 0.0.0.0 wad.adbasket.net
Hosts: 0.0.0.0 ad.pop1.adbn.ru
Hosts: 0.0.0.0 ad.top1.adbn.ru
Hosts: 0.0.0.0 ad.rich1.adbn.ru
Hosts: 0.0.0.0 james.adbutler.de #[Tracking.Cookie]
Hosts: 0.0.0.0 www.adbutler.de
Hosts: 0.0.0.0 cs.adcastplus.net
Hosts: 0.0.0.0 www.adchimp.com
Hosts: 0.0.0.0 engine.adclick.lv
Hosts: 0.0.0.0 show.adclick.lv
Hosts: 0.0.0.0 static.adclick.lv
Hosts: 0.0.0.0 www.adclick.lv
Hosts: 0.0.0.0 ad-clix.com
Hosts: 0.0.0.0 www.ad-clix.com
Hosts: 0.0.0.0 servedby.adcombination.com
Hosts: 0.0.0.0 adcomplete.com
Hosts: 0.0.0.0 www.adcomplete.com
Hosts: 0.0.0.0 static.uk.addynamo.com
Hosts: 0.0.0.0 server.adeasy.ru
Hosts: 0.0.0.0 pt.server1.adexit.com
Hosts: 0.0.0.0 www.adexit.com
Hosts: 0.0.0.0 cdn1.adexprt.com
Hosts: 0.0.0.0 cdn2.adexprt.com
Hosts: 0.0.0.0 cdn3.adexprt.com
Hosts: 0.0.0.0 222-33544_999.pub.adfirmative.com
Hosts: 0.0.0.0 c.adfirmative.com
Hosts: 0.0.0.0 www.adfirmative.com
Hosts: 0.0.0.0 adfoc.us
Hosts: 0.0.0.0 adfocus.ru
Hosts: 0.0.0.0 track.adform.net
Hosts: 0.0.0.0 server.adformdsp.net
Hosts: 0.0.0.0 ads.adfox.ru
Hosts: 0.0.0.0 gazeta.adfox.ru
Hosts: 0.0.0.0 p.adframesrc.com
Hosts: 0.0.0.0 s.adframesrc.com
Hosts: 0.0.0.0 media.adfrontiers.com
Hosts: 0.0.0.0 astw.adgear.com
Hosts: 0.0.0.0 dstw.adgear.com
Hosts: 0.0.0.0 www.adgitize.com
Hosts: 0.0.0.0 code.ad-gbn.com
Hosts: 0.0.0.0 www.ad-groups.com #[Ban Man Pro Banner Code]
Hosts: 0.0.0.0 adhall.com
Hosts: 0.0.0.0 ads.roularta.adhese.com
Hosts: 0.0.0.0 pool.roularta.adhese.com
Hosts: 0.0.0.0 adhitzads.com
Hosts: 0.0.0.0 ssl3.adhost.com
Hosts: 0.0.0.0 www2.adhost.com
Hosts: 0.0.0.0 adfarm1.adition.com
Hosts: 0.0.0.0 imagesrv.adition.com
Hosts: 0.0.0.0 ad.adition.net
Hosts: 0.0.0.0 hosting.adjug.com
Hosts: 0.0.0.0 tracking.adjug.com
Hosts: 0.0.0.0 aj.adjungle.com
Hosts: 0.0.0.0 adsearch.adkontekst.pl
Hosts: 0.0.0.0 www.adlantis.jp
Hosts: 0.0.0.0 publicidad.adlead.com
Hosts: 0.0.0.0 www.adlimg03.com
Hosts: 0.0.0.0 regio.adlink.de
Hosts: 0.0.0.0 west.adlink.de
Hosts: 0.0.0.0 rc.de.adlink.net #[Tracking.Cookie]
Hosts: 0.0.0.0 tr.de.adlink.net
Hosts: 0.0.0.0 adloyal.pl
Hosts: 0.0.0.0 n.admagnet.net
Hosts: 0.0.0.0 ad-maker.net
Hosts: 0.0.0.0 ads3.adman.gr #[Tracking.Cookie]
Hosts: 0.0.0.0 r2d2.adman.gr
Hosts: 0.0.0.0 talos.adman.gr
Hosts: 0.0.0.0 ad.admamba.com
Hosts: 0.0.0.0 admarket.cz
Hosts: 0.0.0.0 www.admarket.cz
Hosts: 0.0.0.0 a1.admaster.net
Hosts: 0.0.0.0 img.admaster.net
Hosts: 0.0.0.0 admedien.com
Hosts: 0.0.0.0 www.admedien.com
Hosts: 0.0.0.0 js.admeld.com
Hosts: 0.0.0.0 tag.admeld.com
Hosts: 0.0.0.0 apps.admission.net #[Spotlight Ads]
Hosts: 0.0.0.0 appcache.admission.net
Hosts: 0.0.0.0 view.admission.net
Hosts: 0.0.0.0 www.ad.admitad.com
Hosts: 0.0.0.0 ad.admixer.net
Hosts: 0.0.0.0 cdn.admixer.net
Hosts: 0.0.0.0 rms.admeta.com #[admeta.basefarm.net][Tracking.Cookie]
Hosts: 0.0.0.0 ads.admodus.com #[Tracking.Cookie]
Hosts: 0.0.0.0 run.admost.com
Hosts: 0.0.0.0 assets3.admulti.com
Hosts: 0.0.0.0 go.admulti.com
Hosts: 0.0.0.0 s.admulti.com
Hosts: 0.0.0.0 ad.adnet.biz #[Tracking.Cookie]
Hosts: 0.0.0.0 adnet.com.ua
Hosts: 0.0.0.0 ad.adnetwork.com.br
Hosts: 0.0.0.0 analytics.adnetwork.vn
Hosts: 0.0.0.0 delivery.adnetwork.vn
Hosts: 0.0.0.0 img.adnet.com.tr
Hosts: 0.0.0.0 www.ad-net.co.uk
Hosts: 0.0.0.0 adnext.fr
Hosts: 0.0.0.0 tt11.adobe.com #[adobe.tcliveus.com]
Hosts: 0.0.0.0 ace.adoftheyear.com
Hosts: 0.0.0.0 ad01.adonspot.com
Hosts: 0.0.0.0 ad02.adonspot.com
Hosts: 0.0.0.0 www.adoperator.com
Hosts: 0.0.0.0 www.adperium.com
Hosts: 0.0.0.0 img.adplan-ds.com
Hosts: 0.0.0.0 e.adpower.bg
Hosts: 0.0.0.0 ab.adpro.com.ua
Hosts: 0.0.0.0 system.adquick.nl
Hosts: 0.0.0.0 www.adquest.nl
Hosts: 0.0.0.0 ad.adrent.net
Hosts: 0.0.0.0 pop.adrent.net
Hosts: 0.0.0.0 adroll.com
Hosts: 0.0.0.0 p78878.adskape.ru
Hosts: 0.0.0.0 jsad1.adsflip.com
Hosts: 0.0.0.0 n5.adshostnet.com
Hosts: 0.0.0.0 network.adsmarket.es
Hosts: 0.0.0.0 content.adspynet.com
Hosts: 0.0.0.0 engine.adspynet.com
Hosts: 0.0.0.0 ads.adsurve.com
Hosts: 0.0.0.0 www.adsurve.com
Hosts: 0.0.0.0 www.ad-purge.com #[thespywareshield.com]
Hosts: 0.0.0.0 cntr.adrime.com
Hosts: 0.0.0.0 images.adrime.com #[Adsolutions]
Hosts: 0.0.0.0 ad.adriver.ru
Hosts: 0.0.0.0 content.adriver.ru
Hosts: 0.0.0.0 adrotator.se
Hosts: 0.0.0.0 r.adrolays.de
Hosts: 0.0.0.0 www.adrotate.net
Hosts: 0.0.0.0 serv.ad-rotator.com #[Tracking.Cookie]
Hosts: 0.0.0.0 delivery.ads-creativesyndicator.com
Hosts: 0.0.0.0 adsbg.info
Hosts: 0.0.0.0 cp35.v2.adsbookie.com
Hosts: 0.0.0.0 v2.adsbookie.com
Hosts: 0.0.0.0 antevenio.flux.ads-click.com
Hosts: 0.0.0.0 rh.adscale.de
Hosts: 0.0.0.0 www.adsxchange.lv
Hosts: 0.0.0.0 assets.adtaily.com
Hosts: 0.0.0.0 adtgs.com
Hosts: 0.0.0.0 fusion.adtoma.com
Hosts: 0.0.0.0 engage2.advanstar.com
Hosts: 0.0.0.0 ds.advg.jp
Hosts: 0.0.0.0 m.adx.bg
Hosts: 0.0.0.0 img.ads-click.com
Hosts: 0.0.0.0 www.adshost2.com
Hosts: 0.0.0.0 ad.ads.dk
Hosts: 0.0.0.0 tdkads.ads.dk
Hosts: 0.0.0.0 js.adscale.de
Hosts: 0.0.0.0 ih.adscale.de
Hosts: 0.0.0.0 adscendmedia.com
Hosts: 0.0.0.0 adservicedomain.info
Hosts: 0.0.0.0 adserver-voice-online.co.uk
Hosts: 0.0.0.0 adsfac.net #[Facilitate Tracking Code]
Hosts: 0.0.0.0 adsgangsta.com
Hosts: 0.0.0.0 images.adshuffle.com
Hosts: 0.0.0.0 this.content.served.by.adshuffle.com
Hosts: 0.0.0.0 adsfac.eu
Hosts: 0.0.0.0 ad.ad-srv.net
Hosts: 0.0.0.0 www.adshot.de
Hosts: 0.0.0.0 allchix.adsmax.com
Hosts: 0.0.0.0 www2.adsmax.com
Hosts: 0.0.0.0 www.adspace.be
Hosts: 0.0.0.0 ads.adsponse.de
Hosts: 0.0.0.0 adserve.adster.com
Hosts: 0.0.0.0 images.adster.com
Hosts: 0.0.0.0 openx.adtext.ro
Hosts: 0.0.0.0 ads.adtiger.de
Hosts: 0.0.0.0 www.adtiger.de
Hosts: 0.0.0.0 ad.adtoma.com
Hosts: 0.0.0.0 adv.adtotal.pl
Hosts: 0.0.0.0 dot.adtotal.pl
Hosts: 0.0.0.0 rek.adtotal.pl
Hosts: 0.0.0.0 www.adtrade.net
Hosts: 0.0.0.0 www.adtrader.com
Hosts: 0.0.0.0 ads.adtube.de
Hosts: 0.0.0.0 www.adultbanners.co.uk
Hosts: 0.0.0.0 www.adultcommercial.net
Hosts: 0.0.0.0 adultmoneymakers.com
Hosts: 0.0.0.0 www.adultmoviegroup.com #[server down?]
Hosts: 0.0.0.0 www.adult-tracker.de
Hosts: 0.0.0.0 counter.adultrevenueservice.com
Hosts: 0.0.0.0 counterimg1.adultrevenueservice.com
Hosts: 0.0.0.0 ad.aduserver.com
Hosts: 0.0.0.0 adv758968.ru
Hosts: 0.0.0.0 advaction.ru
Hosts: 0.0.0.0 euroad1.advantage.as
Hosts: 0.0.0.0 adve.net
Hosts: 0.0.0.0 ad.adver.com.tw
Hosts: 0.0.0.0 d.advertisegaming3.com
Hosts: 0.0.0.0 apps.advertlets.com
Hosts: 0.0.0.0 www.advertlets.com
Hosts: 0.0.0.0 www.adverticus.de
Hosts: 0.0.0.0 ads.advertise.net
Hosts: 0.0.0.0 advertisingpurchase.com
Hosts: 0.0.0.0 ad.adverticum.net
Hosts: 0.0.0.0 img.adverticum.net
Hosts: 0.0.0.0 imgs.adverticum.net
Hosts: 0.0.0.0 www.advertising365.com
Hosts: 0.0.0.0 ad.advertstream.com
Hosts: 0.0.0.0 usas1.advfn.com
Hosts: 0.0.0.0 images.adviews.de
Hosts: 0.0.0.0 www.adviews.de
Hosts: 0.0.0.0 ad.adview.pl
Hosts: 0.0.0.0 adp.adview.pl
Hosts: 0.0.0.0 bi.adview.pl
Hosts: 0.0.0.0 rotator.adxite.com
Hosts: 0.0.0.0 adv.adwish.net
Hosts: 0.0.0.0 ads.adwitserver.com
Hosts: 0.0.0.0 ad.adworx.at
Hosts: 0.0.0.0 www.ad-z.de
Hosts: 0.0.0.0 ads.afa.net
Hosts: 0.0.0.0 affelix.com
Hosts: 0.0.0.0 ads.affelix.com
Hosts: 0.0.0.0 sttc.affiliate.hu
Hosts: 0.0.0.0 tr.affiliate.hu
Hosts: 0.0.0.0 ads.affiliateclub.com
Hosts: 0.0.0.0 banners.affiliatefuture.com
Hosts: 0.0.0.0 images.affiliator.com
Hosts: 0.0.0.0 imp.affiliator.com
Hosts: 0.0.0.0 rotation.affiliator.com
Hosts: 0.0.0.0 media.affiliatelounge.com
Hosts: 0.0.0.0 js.affiliatelounge.com
Hosts: 0.0.0.0 record.affiliatelounge.com
Hosts: 0.0.0.0 web1.affiliatelounge.com
Hosts: 0.0.0.0 hits.affiliatetraction.com
Hosts: 0.0.0.0 banners.affilimatch.de
Hosts: 0.0.0.0 ad.afilo.pl
Hosts: 0.0.0.0 adserwer.afilo.pl
Hosts: 0.0.0.0 ads.afraccess.com
Hosts: 0.0.0.0 ads.aftonbladet.se
Hosts: 0.0.0.0 stats.agent.co.il
Hosts: 0.0.0.0 atd.agencytradingdesk.net
Hosts: 0.0.0.0 stats.agentinteractive.com
Hosts: 0.0.0.0 ac.ajur.info #[WebBug]
Hosts: 0.0.0.0 openx.ajur.info
Hosts: 0.0.0.0 adlik2.akavita.com
Hosts: 0.0.0.0 log.aliiike.com
Hosts: 0.0.0.0 ads.allaccess.com.ph
Hosts: 0.0.0.0 adcontent2.allaccess.com.ph
Hosts: 0.0.0.0 ad.allstar.cz
Hosts: 0.0.0.0 taobaoafp.allyes.cn
Hosts: 0.0.0.0 bokee.allyes.com
Hosts: 0.0.0.0 demoafp.allyes.com
Hosts: 0.0.0.0 eastmoney.allyes.com
Hosts: 0.0.0.0 smarttrade.allyes.com
Hosts: 0.0.0.0 sroomafp.allyes.com
Hosts: 0.0.0.0 taobaoafp.allyes.com
Hosts: 0.0.0.0 tom.allyes.com
Hosts: 0.0.0.0 uuseeafp.allyes.com
Hosts: 0.0.0.0 yeskyafp.allyes.com
Hosts: 0.0.0.0 ad.altervista.org
Hosts: 0.0.0.0 pqwaker.altervista.org
Hosts: 0.0.0.0 adimg.alice.it
Hosts: 0.0.0.0 adv.alice.it
Hosts: 0.0.0.0 advloc.alice.it
Hosts: 0.0.0.0 altmedia101.com
Hosts: 0.0.0.0 www.alwayson-network.com
Hosts: 0.0.0.0 adtools2.amakings.com
Hosts: 0.0.0.0 ad.amgdgt.com
Hosts: 0.0.0.0 vfdeprod.amobee.com
Hosts: 0.0.0.0 banners.amsterdamcash.com
Hosts: 0.0.0.0 widgets.amung.us
Hosts: 0.0.0.0 whos.amung.us #[WebBug]
Hosts: 0.0.0.0 gw.anametrix.net #[WebBug]
Hosts: 0.0.0.0 www.anastasiasaffiliate.com
Hosts: 0.0.0.0 advert.ananzi.co.za
Hosts: 0.0.0.0 advert2.ananzi.co.za
Hosts: 0.0.0.0 box.anchorfree.net
Hosts: 0.0.0.0 rpt.anchorfree.net
Hosts: 0.0.0.0 www.anticlown.com
Hosts: 0.0.0.0 antventure.com
Hosts: 0.0.0.0 webtracker.apicasystem.com
Hosts: 0.0.0.0 junior.apk.net
Hosts: 0.0.0.0 openx.apollo.lv
Hosts: 0.0.0.0 nu.arnostat.nl
Hosts: 0.0.0.0 ads.asia1.com.sg
Hosts: 0.0.0.0 ads.ask.com #[sv-click.looksmart.com]
Hosts: 0.0.0.0 contextual.syndication.ask.com
Hosts: 0.0.0.0 www.asknew.com #[Spamdexing]
Hosts: 0.0.0.0 ads.asp.net
Hosts: 0.0.0.0 stats.asp24.pl
Hosts: 0.0.0.0 ads.aspalliance.com
Hosts: 0.0.0.0 www.astalavista.us
Hosts: 0.0.0.0 www.astoplist.com #[server down?]
Hosts: 0.0.0.0 ads.associatedcontent.com
Hosts: 0.0.0.0 atemda.com
Hosts: 0.0.0.0 rules.atgsvcs.com
Hosts: 0.0.0.0 ads.atticamediagroup.gr
Hosts: 0.0.0.0 ads.auctionads.com
Hosts: 0.0.0.0 banners.audioholics.com
Hosts: 0.0.0.0 ad.auditude.com
Hosts: 0.0.0.0 ads.auctioncity.co.nz
Hosts: 0.0.0.0 d.audienceiq.com
Hosts: 0.0.0.0 ads.autoscout24.com
Hosts: 0.0.0.0 ads.autotrader.com
Hosts: 0.0.0.0 adserving.autotrader.com
Hosts: 0.0.0.0 avantlink.com
Hosts: 0.0.0.0 www.avantlink.com
Hosts: 0.0.0.0 fhg.avrevenue.com
Hosts: 0.0.0.0 rev.avsforum.com
Hosts: 0.0.0.0 a.avtookazion.bg
Hosts: 0.0.0.0 ads.avusa.co.za
Hosts: 0.0.0.0 engine.awaps.net
Hosts: 0.0.0.0 analytics.aweber.com
Hosts: 0.0.0.0 clicks.aweber.com #[affects newsletters]
Hosts: 0.0.0.0 www.azmsoft.com
Hosts: 0.0.0.0 ads.badische-zeitung.de
Hosts: 0.0.0.0 bar.baidu.com #[Win32/Adware.Toolbar.Baidu]
Hosts: 0.0.0.0 download.baigoo.com #[AdWare.Win32.Baigoo.a]
Hosts: 0.0.0.0 error.banan.cz
Hosts: 0.0.0.0 www.banner.cz
Hosts: 0.0.0.0 www.banner-exchange.nl
Hosts: 0.0.0.0 www.bannerexchange.co.nz
Hosts: 0.0.0.0 sportingbet-affiliate.host.bannerflow.com
Hosts: 0.0.0.0 www.bannergratis.it
Hosts: 0.0.0.0 max.bannermanager.gr
Hosts: 0.0.0.0 www.bannermanagement.nl
Hosts: 0.0.0.0 www.bannerpromotion.it
Hosts: 0.0.0.0 www.banner-rotation.com
Hosts: 0.0.0.0 ad.batanga.com
Hosts: 0.0.0.0 ad.bauerverlag.de
Hosts: 0.0.0.0 ads.baz.ch
Hosts: 0.0.0.0 bbcdn.go.cz.bbelements.com
Hosts: 0.0.0.0 go.arbopl.bbelements.com
Hosts: 0.0.0.0 bbcdn.go.arbopl.bbelements.com
Hosts: 0.0.0.0 go.cz.bbelements.com
Hosts: 0.0.0.0 go.eu.bbelements.com
Hosts: 0.0.0.0 go.idmnet.bbelements.com
Hosts: 0.0.0.0 go.idnes.bbelements.com
Hosts: 0.0.0.0 bbcdn.go.pol.bbelements.com
Hosts: 0.0.0.0 go.pol.bbelements.com
Hosts: 0.0.0.0 ad2.bbmedia.cz
Hosts: 0.0.0.0 adidnes2.bbmedia.cz
Hosts: 0.0.0.0 t.bbtrack.net
Hosts: 0.0.0.0 stat.bdirect.ru
Hosts: 0.0.0.0 ad.beepworld.de
Hosts: 0.0.0.0 ads.be2hand.com
Hosts: 0.0.0.0 app.beanstalkdata.com
Hosts: 0.0.0.0 www.beead.co.uk
Hosts: 0.0.0.0 tracker.beezup.com
Hosts: 0.0.0.0 autocontext.begun.ru
Hosts: 0.0.0.0 promo.begun.ru
Hosts: 0.0.0.0 referal.begun.ru
Hosts: 0.0.0.0 www.belstat.be
Hosts: 0.0.0.0 www.belstat.com
Hosts: 0.0.0.0 www.belstat.nl
Hosts: 0.0.0.0 oas.benchmark.fr #[RealMedia]
Hosts: 0.0.0.0 webtrends.besite.be
Hosts: 0.0.0.0 www.bestadvert.net
Hosts: 0.0.0.0 3.bestholly.com
Hosts: 0.0.0.0 www.besttoolbars.net #[ADW_TBARWIN32.A]
Hosts: 0.0.0.0 www.best-top.ro
Hosts: 0.0.0.0 imstore.bet365affiliates.com
Hosts: 0.0.0.0 oddbanner.bet-at-home.com
Hosts: 0.0.0.0 ads1.beta.lt
Hosts: 0.0.0.0 banners.betcris.com
Hosts: 0.0.0.0 ads.betfair.com
Hosts: 0.0.0.0 banner.betfred.com
Hosts: 0.0.0.0 ad.beritasatumedia.com
Hosts: 0.0.0.0 www.bettertextads.com
Hosts: 0.0.0.0 ads.beyond.com
Hosts: 0.0.0.0 ads.bgfree.com
Hosts: 0.0.0.0 banners.bgmaps.com
Hosts: 0.0.0.0 bgtop100.com
Hosts: 0.0.0.0 ads.bgtop.net
Hosts: 0.0.0.0 bgwebads.com
Hosts: 0.0.0.0 bighop.com
Hosts: 0.0.0.0 counter.bigli.ru
Hosts: 0.0.0.0 banex.bikers-engine.com
Hosts: 0.0.0.0 ad2.billboard.cz
Hosts: 0.0.0.0 view.binlayer.com
Hosts: 0.0.0.0 ads.biscom.net
Hosts: 0.0.0.0 server.bittads.com
Hosts: 0.0.0.0 dc.bizjournals.com
Hosts: 0.0.0.0 ads.bladeforums.com
Hosts: 0.0.0.0 ads2.blastro.com
Hosts: 0.0.0.0 ads3.blastro.com
Hosts: 0.0.0.0 ads.blizzard.com
Hosts: 0.0.0.0 ads.blog.com
Hosts: 0.0.0.0 www.blogcatalog.com
Hosts: 0.0.0.0 blogcounter.com
Hosts: 0.0.0.0 track.blogcounter.de
Hosts: 0.0.0.0 www.blogcounter.de
Hosts: 0.0.0.0 ads.blogdrive.com
Hosts: 0.0.0.0 ads.blogherads.com
Hosts: 0.0.0.0 pixel.blog.hu
Hosts: 0.0.0.0 pcbutts1-therealtruth.blogspot.com
Hosts: 0.0.0.0 ads.blogtalkradio.com
Hosts: 0.0.0.0 ox-d.blogtalkradio.com
Hosts: 0.0.0.0 adserver.bloodhorse.com
Hosts: 0.0.0.0 stats.bluebillywig.com
Hosts: 0.0.0.0 delivery.bluefinmediaads.com
Hosts: 0.0.0.0 adserver.bluewin.ch
Hosts: 0.0.0.0 watershed.bm23.com
Hosts: 0.0.0.0 ie-stat.bmmetrix.com
Hosts: 0.0.0.0 t.bmmetrix.com
Hosts: 0.0.0.0 www.bmmetrix.com #[WebBug][Tracking.Cookie]
Hosts: 0.0.0.0 bannermanager.bnr.bg
Hosts: 0.0.0.0 ads.boardtracker.com
Hosts: 0.0.0.0 ranks.boardtracker.com
Hosts: 0.0.0.0 ad.bodybuilding.com
Hosts: 0.0.0.0 ad.bol.bg
Hosts: 0.0.0.0 adv.bol.bg
Hosts: 0.0.0.0 www.bonabanners.co.uk
Hosts: 0.0.0.0 token.boomerang.com.au
Hosts: 0.0.0.0 adserver.borsaitaliana.it
Hosts: 0.0.0.0 adserver.borsonline.hu
Hosts: 0.0.0.0 www.box.bg
Hosts: 0.0.0.0 tracker.brainsins.com
Hosts: 0.0.0.0 stats.break.com
Hosts: 0.0.0.0 bans.bride.ru
Hosts: 0.0.0.0 ads.bridgetrack.com
Hosts: 0.0.0.0 cc.bridgetrack.com
Hosts: 0.0.0.0 citi.bridgetrack.com #[Tracking.Cookie]
Hosts: 0.0.0.0 goku.brightcove.com #[WebBug]
Hosts: 0.0.0.0 p.brilig.com #[WebBug]
Hosts: 0.0.0.0 openx.broadbandtvnews.com
Hosts: 0.0.0.0 ads.bsplayer.com
Hosts: 0.0.0.0 ads.bta.bg
Hosts: 0.0.0.0 ads.btv.bg
Hosts: 0.0.0.0 ads.buljobs.bg
Hosts: 0.0.0.0 ivitrine.buscape.com
Hosts: 0.0.0.0 ads.business.hr
Hosts: 0.0.0.0 ads.businessclick.com
Hosts: 0.0.0.0 ads.businessclick.pl
Hosts: 0.0.0.0 ad1.bustcash.com
Hosts: 0.0.0.0 buylicensekey.com
Hosts: 0.0.0.0 assets.buysellads.com
Hosts: 0.0.0.0 cdn.buysellads.com
Hosts: 0.0.0.0 ads.buzzcity.net
Hosts: 0.0.0.0 txads.buzzcity.com
Hosts: 0.0.0.0 www.buzzclick.com
Hosts: 0.0.0.0 adnetwork.buzzlogic.com
Hosts: 0.0.0.0 tr.buzzlogic.com
Hosts: 0.0.0.0 byet.org
Hosts: 0.0.0.0 blog.byethost.com
Hosts: 0.0.0.0 ads.calgarystampede.com
Hosts: 0.0.0.0 www.cambodiaoutsourcing.com
Hosts: 0.0.0.0 openx.camelmedia.net
Hosts: 0.0.0.0 p.camsitecash.com
Hosts: 0.0.0.0 s.camsitecash.com
Hosts: 0.0.0.0 adserve.canadawidemagazines.com
Hosts: 0.0.0.0 stats.canalblog.com
Hosts: 0.0.0.0 ad.caradisiac.com
Hosts: 0.0.0.0 ads.cardplayer.com
Hosts: 0.0.0.0 ads.cars.com
Hosts: 0.0.0.0 images.cashfiesta.com
Hosts: 0.0.0.0 www.cashfiesta.com #[Adware.CashFiesta]
Hosts: 0.0.0.0 www.cashfiesta.net
Hosts: 0.0.0.0 banner.casinodelrio.com
Hosts: 0.0.0.0 adv.casinopays.com
Hosts: 0.0.0.0 www.casinotropez.com #[Tracking.Cookie]
Hosts: 0.0.0.0 banner.casinoking.com #[AdWare.Win32.Casino.ae]
Hosts: 0.0.0.0 tracking.cdiscount.com #[WebBug]
Hosts: 0.0.0.0 ads.cdfreaks.com
Hosts: 0.0.0.0 a3.cdnpark.com #[Parking Service]
Hosts: 0.0.0.0 3.cennter.com
Hosts: 0.0.0.0 ox-d.chacha.com
Hosts: 0.0.0.0 cts-secure.channelintelligence.com
Hosts: 0.0.0.0 chapmanmediagroup.com
Hosts: 0.0.0.0 www.champrank.de
Hosts: 0.0.0.0 count.channeladvisor.com
Hosts: 0.0.0.0 sdc.cheapflights.com #[server down?]
Hosts: 0.0.0.0 code.checkstat.nl
Hosts: 0.0.0.0 www.checkstat.nl
Hosts: 0.0.0.0 checkmystats.com.au #[server down?]
Hosts: 0.0.0.0 err.chicappa.jp
Hosts: 0.0.0.0 ads.china.com
Hosts: 0.0.0.0 v5.chinoc.net
Hosts: 0.0.0.0 ad.chip.de
Hosts: 0.0.0.0 ads.city24.ee
Hosts: 0.0.0.0 ads.clickad.com #[Tracking.Cookie]
Hosts: 0.0.0.0 crv.clickad.pl
Hosts: 0.0.0.0 hit.clickaider.com
Hosts: 0.0.0.0 hit.dev.clickaider.com
Hosts: 0.0.0.0 jmp.clickbooth.com
Hosts: 0.0.0.0 publishers.clickbooth.com #[directleads.com]
Hosts: 0.0.0.0 www.clickcountr.com
Hosts: 0.0.0.0 j.clickdensity.com
Hosts: 0.0.0.0 r.clickdensity.com
Hosts: 0.0.0.0 clickga.com
Hosts: 0.0.0.0 adsense.clicking.com.tw
Hosts: 0.0.0.0 banners.clickon.co.il
Hosts: 0.0.0.0 track.clickon.co.il
Hosts: 0.0.0.0 tracktrue.clicktrue.biz
Hosts: 0.0.0.0 www.is1.clixgalore.com
Hosts: 0.0.0.0 www.clixgalore.com
Hosts: 0.0.0.0 www.clickhouse.com
Hosts: 0.0.0.0 banners.clips4sale.com
Hosts: 0.0.0.0 www.clocklink.com
Hosts: 0.0.0.0 banner.clubdicecasino.com
Hosts: 0.0.0.0 adserver.clubs1.bg
Hosts: 0.0.0.0 adserver.clix.pt
Hosts: 0.0.0.0 s.clx.ru
Hosts: 0.0.0.0 ad.cmfu.com
Hosts: 0.0.0.0 c.cnstats.ru
Hosts: 0.0.0.0 www.cnstats.com
Hosts: 0.0.0.0 www.co2stats.com
Hosts: 0.0.0.0 anchor.coadvertise.com
Hosts: 0.0.0.0 ad.coas2.co.kr
Hosts: 0.0.0.0 collectiveads.net
Hosts: 0.0.0.0 vcu.collserve.com
Hosts: 0.0.0.0 banners.commissionking.com
Hosts: 0.0.0.0 www.compactads.com
Hosts: 0.0.0.0 ads.consumeraffairs.com
Hosts: 0.0.0.0 ads.contactmusic.com #[AdvertPro]
Hosts: 0.0.0.0 www.contextualadv.com
Hosts: 0.0.0.0 ds.contextweb.com
Hosts: 0.0.0.0 www.contaxe.com
Hosts: 0.0.0.0 www.contextpanel.com #[searchant.com]
Hosts: 0.0.0.0 www.conversionruler.com
Hosts: 0.0.0.0 convulse.com
Hosts: 0.0.0.0 ad.cooks.com
Hosts: 0.0.0.0 ad2.cooks.com
Hosts: 0.0.0.0 banners.copyscape.com
Hosts: 0.0.0.0 www.count24.de
Hosts: 0.0.0.0 www.countit.ch
Hosts: 0.0.0.0 www.counter-gratis.com #[Tracking.Cookie]
Hosts: 0.0.0.0 www.counterdata.com
Hosts: 0.0.0.0 www.counterguide.com
Hosts: 0.0.0.0 log1.countomat.com #[server down?]
Hosts: 0.0.0.0 log3.countomat.com #[server down?]
Hosts: 0.0.0.0 counter-shop.net
Hosts: 0.0.0.0 www.counter4you.net
Hosts: 0.0.0.0 www.counting4free.com
Hosts: 0.0.0.0 www.counter.cz
Hosts: 0.0.0.0 connectionzone.com
Hosts: 0.0.0.0 banner.coza.com
Hosts: 0.0.0.0 www.cpays.com
Hosts: 0.0.0.0 www.cpmterra.com
Hosts: 0.0.0.0 ads.cpxcenter.com
Hosts: 0.0.0.0 adserving.cpxadroit.com
Hosts: 0.0.0.0 panther1.cpxinteractive.com
Hosts: 0.0.0.0 adverts.creativemark.co.uk
Hosts: 0.0.0.0 ads.crisppremium.com
Hosts: 0.0.0.0 ox-d.crisppremium.com
Hosts: 0.0.0.0 www.crm-metrix.fr
Hosts: 0.0.0.0 ads.crosswinds.net
Hosts: 0.0.0.0 ads.crossworxs.eu
Hosts: 0.0.0.0 ag.ctpsnet.com
Hosts: 0.0.0.0 i.ctnsnet.com
Hosts: 0.0.0.0 cdn.cxense.com
Hosts: 0.0.0.0 www.cybereps.com
Hosts: 0.0.0.0 banner.cybertechdev.com
Hosts: 0.0.0.0 cybertown.ru
Hosts: 0.0.0.0 banner.czech-sex.cz
Hosts: 0.0.0.0 ads.dada.it
Hosts: 0.0.0.0 count.daem0n.com
Hosts: 0.0.0.0 annonser.dagbladet.no
Hosts: 0.0.0.0 ox-d.dailycaller.com
Hosts: 0.0.0.0 ads.darikweb.com
Hosts: 0.0.0.0 sync.darikweb.com
Hosts: 0.0.0.0 www1.darikweb.com
Hosts: 0.0.0.0 www.dataforce.net #[Spamdexing]
Hosts: 0.0.0.0 banner.date.com #[Tracking.Cookie]
Hosts: 0.0.0.0 www.dateclix.com #[Banner Exchange Code]
Hosts: 0.0.0.0 banners.datecs.bg
Hosts: 0.0.0.0 mb.datingadzone.com
Hosts: 0.0.0.0 ox.dateland.co.il
Hosts: 0.0.0.0 count.dba.dk
Hosts: 0.0.0.0 top.dating.lt #[counter.top.dating.lt]
Hosts: 0.0.0.0 counter.top.dating.lt
Hosts: 0.0.0.0 daylogs.com
Hosts: 0.0.0.0 advertising.dclux.com
Hosts: 0.0.0.0 dcstat.com
Hosts: 0.0.0.0 tracking.dc-storm.com
Hosts: 0.0.0.0 de17a.com
Hosts: 0.0.0.0 ads.dealnews.com
Hosts: 0.0.0.0 connect.decknetwork.net
Hosts: 0.0.0.0 deepcom.com #[SiteAdvisor.deepcom.com]
Hosts: 0.0.0.0 www.deepcom.com #[TrojanDropper.Win32.Small.gt]
Hosts: 0.0.0.0 adv.deltanews.bg
Hosts: 0.0.0.0 fast.gannett.demdex.net
Hosts: 0.0.0.0 ads.dennisnet.co.uk
Hosts: 0.0.0.0 openx.depoilab.com
Hosts: 0.0.0.0 adcast.deviantart.com
Hosts: 0.0.0.0 www.dia-traffic.com
Hosts: 0.0.0.0 track.did-it.com #[Tracking.Cookie]
Hosts: 0.0.0.0 counter.dieit.de
Hosts: 0.0.0.0 openx.diena.lv
Hosts: 0.0.0.0 ads.digitalalchemy.tv
Hosts: 0.0.0.0 yield.audience.digitalmedia.bg
Hosts: 0.0.0.0 ads.digitalpoint.com
Hosts: 0.0.0.0 geo.digitalpoint.com
Hosts: 0.0.0.0 banner.digitals.hu
Hosts: 0.0.0.0 dinclinx.com
Hosts: 0.0.0.0 www.dinclinx.com
Hosts: 0.0.0.0 ads.dir.bg
Hosts: 0.0.0.0 banners.dir.bg
Hosts: 0.0.0.0 r5.dir.bg
Hosts: 0.0.0.0 www.directadvert.ru
Hosts: 0.0.0.0 aserve.directorym.com
Hosts: 0.0.0.0 cache.directorym.com
Hosts: 0.0.0.0 www.direct-stats.com
Hosts: 0.0.0.0 www.divx.it
Hosts: 0.0.0.0 ads.djindexes.com
Hosts: 0.0.0.0 js.dmtry.com
Hosts: 0.0.0.0 oas.dn.se
Hosts: 0.0.0.0 return.domainnamesales.com #[Parking.Service]
Hosts: 0.0.0.0 ads.domainbg.com
Hosts: 0.0.0.0 publishers.domainadvertising.com
Hosts: 0.0.0.0 return.bs.domainnamesales.com
Hosts: 0.0.0.0 f.domdex.com
Hosts: 0.0.0.0 ad.donanimhaber.com
Hosts: 0.0.0.0 adv.dontcrack.com
Hosts: 0.0.0.0 test-script.dotmetrics.net
Hosts: 0.0.0.0 ads.dotomi.com
Hosts: 0.0.0.0 ads.double.net
Hosts: 0.0.0.0 imp.double.net
Hosts: 0.0.0.0 ad03.doubleadx.com
Hosts: 0.0.0.0 marketing.doubleclickindustries.com
Hosts: 0.0.0.0 banners.dpnet.com.br
Hosts: 0.0.0.0 ads.draugas.lt
Hosts: 0.0.0.0 imgn.dt00.net
Hosts: 0.0.0.0 tracking.dsmmadvantage.com
Hosts: 0.0.0.0 tracking.dtiserv2.com
Hosts: 0.0.0.0 track.dvdbox.com
Hosts: 0.0.0.0 www.dwin1.com
Hosts: 0.0.0.0 adv.dynamic-design.eu
Hosts: 0.0.0.0 ads.dynamic-media.org
Hosts: 0.0.0.0 hits.e.cl
Hosts: 0.0.0.0 ay.eastmoney.com
Hosts: 0.0.0.0 www.easy-dating.org
Hosts: 0.0.0.0 top.easy.lv
Hosts: 0.0.0.0 web.easyresearch.se
Hosts: 0.0.0.0 web2.easyresearch.se
Hosts: 0.0.0.0 web3.easyresearch.se
Hosts: 0.0.0.0 easytrader.bg
Hosts: 0.0.0.0 ads.easytrader.bg
Hosts: 0.0.0.0 static.easytrader.bg
Hosts: 0.0.0.0 www.ebannertraffic.com
Hosts: 0.0.0.0 ox.e-card.bg
Hosts: 0.0.0.0 ox-s.e-card.bg
Hosts: 0.0.0.0 prom.ecato.net
Hosts: 0.0.0.0 ads.eccentrix.com
Hosts: 0.0.0.0 ad.econet.hu
Hosts: 0.0.0.0 b.economedia.bg #[ban.etaligent.net]
Hosts: 0.0.0.0 opx.economic.bg
Hosts: 0.0.0.0 ad.ecplaza.net
Hosts: 0.0.0.0 ads.ecrush.com #[AdvertPro]
Hosts: 0.0.0.0 ads.bridgetrack.com.edgesuite.net
Hosts: 0.0.0.0 ads.edipresse.pl
Hosts: 0.0.0.0 banners.e-dologic.co.il
Hosts: 0.0.0.0 track.effiliation.com
Hosts: 0.0.0.0 ad.efv.de
Hosts: 0.0.0.0 adv08.edintorni.net
Hosts: 0.0.0.0 th-cdn.effectivemeasure.net
Hosts: 0.0.0.0 eisenstein.dk #[tracking.ping]
Hosts: 0.0.0.0 ad.e-kolay.net
Hosts: 0.0.0.0 adonline.e-kolay.net
Hosts: 0.0.0.0 global.ekmpinpoint.com
Hosts: 0.0.0.0 ads2.ekologia.pl
Hosts: 0.0.0.0 stat.ekologia.pl
Hosts: 0.0.0.0 ads.elmaz.com
Hosts: 0.0.0.0 anapixel.elmundo.es
Hosts: 0.0.0.0 e.emailretargeting.com
Hosts: 0.0.0.0 pixelcounter.elmundo.es
Hosts: 0.0.0.0 ads.eluniversal.com.mx
Hosts: 0.0.0.0 hits.eluniversal.com.mx
Hosts: 0.0.0.0 publicidad.eluniversal.com.mx
Hosts: 0.0.0.0 profitshare.emag.ro
Hosts: 0.0.0.0 ad1.emediate.dk
Hosts: 0.0.0.0 eas.apm.emediate.eu
Hosts: 0.0.0.0 cdn3.emediate.eu
Hosts: 0.0.0.0 cdn6.emediate.eu
Hosts: 0.0.0.0 ism6.emediate.eu
Hosts: 0.0.0.0 ad1.emediate.se
Hosts: 0.0.0.0 dotnet.endai.com
Hosts: 0.0.0.0 ac.eu.enecto.com
Hosts: 0.0.0.0 trk.enecto.com
Hosts: 0.0.0.0 adsrv.ads.eniro.com
Hosts: 0.0.0.0 cams.enjoy.be
Hosts: 0.0.0.0 enjoytraffic.com
Hosts: 0.0.0.0 enoratraffic.com
Hosts: 0.0.0.0 www.enoratraffic.com
Hosts: 0.0.0.0 publicidad.entelchile.net
Hosts: 0.0.0.0 sa.entireweb.com
Hosts: 0.0.0.0 entk.net
Hosts: 0.0.0.0 e-marketing.entelchile.net #[RealMedia]
Hosts: 0.0.0.0 adv.entercasino.com #[Adware.Casino.V]
Hosts: 0.0.0.0 ads.eog.com
Hosts: 0.0.0.0 ads.e-planning.net
Hosts: 0.0.0.0 adserving03.epi.es
Hosts: 0.0.0.0 code.etracker.com
Hosts: 0.0.0.0 www.etracker.de
Hosts: 0.0.0.0 top.er.cz
Hosts: 0.0.0.0 ads.ere.net
Hosts: 0.0.0.0 errorception.com
Hosts: 0.0.0.0 www.eu2xml.com
Hosts: 0.0.0.0 et.eulerian.net
Hosts: 0.0.0.0 tracking.euroads.dk
Hosts: 0.0.0.0 ox.eurogamer.net
Hosts: 0.0.0.0 it.erosadv.com
Hosts: 0.0.0.0 ads.eurogamer.net
Hosts: 0.0.0.0 adserver.euronics.de
Hosts: 0.0.0.0 geoads.eurorevenue.com
Hosts: 0.0.0.0 advert.eurotip.cz
Hosts: 0.0.0.0 www.euros4click.de
Hosts: 0.0.0.0 ad.eurosport.com #[oas.eurosport.com]
Hosts: 0.0.0.0 www.everestpoker.com #[AdWare.Win32.Casino.t]
Hosts: 0.0.0.0 pixel.everesttech.net
Hosts: 0.0.0.0 pixel-user-1039.everesttech.net
Hosts: 0.0.0.0 venetian.evyy.net
Hosts: 0.0.0.0 ads2.evz.ro
Hosts: 0.0.0.0 advert.exaccess.ru
Hosts: 0.0.0.0 dynamic.exaccess.ru
Hosts: 0.0.0.0 static.exaccess.ru
Hosts: 0.0.0.0 www.exchangead.com
Hosts: 0.0.0.0 exchange.bg
Hosts: 0.0.0.0 media.exchange.bg
Hosts: 0.0.0.0 www.exchange.bg
Hosts: 0.0.0.0 ads.expekt.com
Hosts: 0.0.0.0 www.experclick.com #[Tracking.Cookie]
Hosts: 0.0.0.0 expo-max.com
Hosts: 0.0.0.0 ads.expressindia.com
Hosts: 0.0.0.0 banners.expressindia.com
Hosts: 0.0.0.0 ads.extube.org
Hosts: 0.0.0.0 www.ewebcounter.com
Hosts: 0.0.0.0 ads2.exhedra.com
Hosts: 0.0.0.0 ads.expedia.com
Hosts: 0.0.0.0 admedia.expedia.com
Hosts: 0.0.0.0 oas.expressen.se
Hosts: 0.0.0.0 expired-targeted.com
Hosts: 0.0.0.0 resources.eyereturn.com
Hosts: 0.0.0.0 advertising.ezanga.com
Hosts: 0.0.0.0 1278725189.pub.ezanga.com
Hosts: 0.0.0.0 ads.ezboard.com
Hosts: 0.0.0.0 textads.f5xmedia.ro #[server down?]
Hosts: 0.0.0.0 machine.fairfaxbm.co.nz
Hosts: 0.0.0.0 banner.fairpoker.com #[AdWare.Win32.Casino.w]
Hosts: 0.0.0.0 st.fanatics.com
Hosts: 0.0.0.0 a.farlex.com
Hosts: 0.0.0.0 www.fastadvert.com
Hosts: 0.0.0.0 fastonlineusers.com
Hosts: 0.0.0.0 counter.fateback.com
Hosts: 0.0.0.0 counter1.fc2.com
Hosts: 0.0.0.0 error.fc2.com
Hosts: 0.0.0.0 as.featurelink.com
Hosts: 0.0.0.0 feedjit.com
Hosts: 0.0.0.0 log.feedjit.com
Hosts: 0.0.0.0 analytics.femalefirst.co.uk
Hosts: 0.0.0.0 pixel.fetchback.com
Hosts: 0.0.0.0 banners.ffsbg.com
Hosts: 0.0.0.0 ads.fiat-bg.org
Hosts: 0.0.0.0 www.filamentgrp.com #[ScamFraudAlert]
Hosts: 0.0.0.0 cache.fimservecdn.com #[myspace.com]
Hosts: 0.0.0.0 adboost.finalid.com
Hosts: 0.0.0.0 tracker.financialcontent.com
Hosts: 0.0.0.0 banner.finn.no
Hosts: 0.0.0.0 ads.firstgrand.com
Hosts: 0.0.0.0 flagclick.com
Hosts: 0.0.0.0 s02.flagcounter.com
Hosts: 0.0.0.0 s03.flagcounter.com
Hosts: 0.0.0.0 s04.flagcounter.com
Hosts: 0.0.0.0 s06.flagcounter.com
Hosts: 0.0.0.0 s07.flagcounter.com
Hosts: 0.0.0.0 s08.flagcounter.com
Hosts: 0.0.0.0 s09.flagcounter.com
Hosts: 0.0.0.0 s11.flagcounter.com
Hosts: 0.0.0.0 2.s09.flagcounter.com
Hosts: 0.0.0.0 s10.flagcounter.com
Hosts: 0.0.0.0 banners.flingguru.com
Hosts: 0.0.0.0 www.fncash.com
Hosts: 0.0.0.0 ads.focus-news.net
Hosts: 0.0.0.0 rnews.focus-news.net
Hosts: 0.0.0.0 ads.foodbuzz.com
Hosts: 0.0.0.0 controller.foreseeresults.com
Hosts: 0.0.0.0 forvideo.at
Hosts: 0.0.0.0 ads.foxnews.com
Hosts: 0.0.0.0 www.fpcclicks.com
Hosts: 0.0.0.0 ad.freecity.de
Hosts: 0.0.0.0 ads05.freecity.de
Hosts: 0.0.0.0 maurobb.freecounter.it
Hosts: 0.0.0.0 www.freecounter.it
Hosts: 0.0.0.0 ad.freefind.com #[server down?]
Hosts: 0.0.0.0 freegeoip.net
Hosts: 0.0.0.0 adverts.freeloader.com
Hosts: 0.0.0.0 www.free-ranking.de
Hosts: 0.0.0.0 www.free-toplisten.at
Hosts: 0.0.0.0 banner-server.freerun.com
Hosts: 0.0.0.0 www.freestat.pl
Hosts: 0.0.0.0 banners.freett.com
Hosts: 0.0.0.0 count.freett.com
Hosts: 0.0.0.0 counters.freewebs.com
Hosts: 0.0.0.0 error.freewebsites.com
Hosts: 0.0.0.0 www.freewebsites.com
Hosts: 0.0.0.0 nx.frosmo.com
Hosts: 0.0.0.0 tr1.frosmo.com
Hosts: 0.0.0.0 ads.fulltiltpoker.com
Hosts: 0.0.0.0 www.fulltraffic.net
Hosts: 0.0.0.0 404.funpic.de
Hosts: 0.0.0.0 www.funtopliste.de
Hosts: 0.0.0.0 www.fusestats.com
Hosts: 0.0.0.0 ads5.fxdepo.com
Hosts: 0.0.0.0 fxlayer.net
Hosts: 0.0.0.0 errdoc.gabia.net
Hosts: 0.0.0.0 adserver.gadu-gadu.pl
Hosts: 0.0.0.0 adsm.gameforge.de
Hosts: 0.0.0.0 tracking.gameforge.de
Hosts: 0.0.0.0 ads.gamelink.com
Hosts: 0.0.0.0 ingameads.gameloft.com
Hosts: 0.0.0.0 adv.gamerzhut.com #[server down?]
Hosts: 0.0.0.0 ads.garga.biz
Hosts: 0.0.0.0 ads.gateway.bg
Hosts: 0.0.0.0 ads.gather.com
Hosts: 0.0.0.0 track.gawker.com #[WebBug]
Hosts: 0.0.0.0 ad.gazeta.pl
Hosts: 0.0.0.0 adp.gazeta.pl
Hosts: 0.0.0.0 adv.gazeta.pl
Hosts: 0.0.0.0 analytics.gazeta.pl
Hosts: 0.0.0.0 top.gde.ru
Hosts: 0.0.0.0 gnt01.generation-nt.com
Hosts: 0.0.0.0 gpads.geniproj.com
Hosts: 0.0.0.0 www.geoplugin.net
Hosts: 0.0.0.0 ads.geornmd.net
Hosts: 0.0.0.0 adv.gepime.com
Hosts: 0.0.0.0 getrank.net
Hosts: 0.0.0.0 www.getsmart.com
Hosts: 0.0.0.0 banner.giantvegas.com
Hosts: 0.0.0.0 truehits.gits.net.th
Hosts: 0.0.0.0 truehits1.gits.net.th
Hosts: 0.0.0.0 truehits3.gits.net.th
Hosts: 0.0.0.0 www17-orig.glam.com
Hosts: 0.0.0.0 promotools.globalmailer.com
Hosts: 0.0.0.0 promotools3.globalmailer.com
Hosts: 0.0.0.0 promotools4.globalmailer.com
Hosts: 0.0.0.0 ads.globo.com
Hosts: 0.0.0.0 ads.img.globo.com
Hosts: 0.0.0.0 at.gmads.net<
it looks like it is containing the whole host file, so I'll attach it.
but here is the part from the end right after the hosts lists stops:
==== Installed Programs ======================
.
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Help Viewer CS3
Adobe Illustrator CS2
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AFPL Ghostscript 8.51
AFPL Ghostscript Fonts
Apple Application Support
Apple Software Update
Audacity 2.0.3
CameraHelperMsi
CCleaner
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CVE-2013-1347
D-Link Corporation Control Program
DebugMode Wink
DGE-530T Ethernet Controller All-In-One Windows Driver
erLT
ERUNT 1.1j
FileZilla Client 3.7.3
Finale NotePad 2008
Finale NotePad 2012
FLEXnet Publisher License Server Manager
Free RAR Extract Frog
GIMP 2.8.0
Gimp Themes v1.0
Google Chrome
Google Talk Plugin
Google Update Helper
High Definition Audio Driver Package - KB888111
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Icon Restore 1.0
ImagXpress
Inkscape 0.48.4
KODAK Share Button App
LAME v3.99.3 (for Windows)
LEAD JPEG 2000 PhotoShop® Plugin
Lexmark 2200 Series
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
neroxml
NVIDIA Control Panel 327.23
NVIDIA Drivers
NVIDIA Graphics Driver 327.23
NVIDIA Install Application
NVIDIA nView 140.62
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Update 1.10.8
NVIDIA Update Components
OGA Notifier 2.0.0048.0
PDF Settings
PNGGauntlet
Python 2.5 pycairo-1.4.12
Python 2.5 pygobject-2.14.1
Python 2.5 pygtk-2.12.1
Python 2.5.2
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Samsung Easy Wireless Setup
Samsung ML-2510 Series
Secunia PSI (2.0.0.3001)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype™ 6.11
SmileyPad v2.28
SolveigMM WMP Trimmer Plugin
SpywareBlaster 5.0
SumatraPDF 2.2.1
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
updater-1.3.0.10
VC 9.0 Runtime
VCRedistSetup
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinPatrol
WOT for Internet Explorer
WtsFtp Home Edition
.
==== Event Viewer Messages From Past Week ========
.
12/26/2013 9:14:53 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
12/26/2013 9:14:53 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
.
==== End Of File ===========================
and the =========checkup.txt
Results of screen317's Security Check version 0.99.77
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
WinPatrol
MVPS Hosts File
Out of date HijackThis installed!
SpywareBlaster 5.0
Secunia PSI (2.0.0.3001)
Malwarebytes Anti-Malware version 1.70.0.1100
Out of date Malwarebytes Anti-Malware installed!
HijackThis 2.0.2
CCleaner
Adobe Flash Player 11.9.900.170
Mozilla Firefox (26.0)
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````[/u]
Looks like you learned your lesson about downloading programs without further investigation. Video-Saver has been labeled as a parasite with adware components.
You are using the MVPS Hosts File so those entries are safe. With HijackThis outdated and now open source, you can go ahead and uninstall both HiJackThis and HijackThis 2.0.2.
Please download
AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
- Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
- Click the Scan button.
- AdwCleaner will begin. Be patient as the scan may take some time to complete.
- After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
- The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
- Copy and paste the contents of that logfile in your next reply.
- A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
The items I'm not sure about that are checked are in the Files tab:
C:\WINDOWS\Uninstall.exe
and
C:\Documents and Settings\Helena\Application Data\Mozilla\Firefox\Profiles\|foq4mi4.default\user.js
I had speed tweaks for FireFox in the user.js file...but that was for FF 3 or some very old version like that.
So I just want to make sure it is ok to leave those two files checked.
Also, to run Adwcleaner, do I choose the Clean button or the Uninstall one?
EDIT: one more questionL in FOLDERS:
C:/Documents and Settings\Helena\My Documents\Tutorials
Thats just has files with instructions for doing various stuff. So what to do with that?
I'm sorry, I think I messed up. I somehow missed the part about getting a report. I read the instructions many times too, and still made the mistake.
I didn't get a report, but ran the cleaner button.
The only deletion I'm really worried about is the File Deleted : C:\WINDOWS\Uninstall.exe
I'm thinking I probably need that? The other files, I won't miss.
here's the file that came up after restart:
# AdwCleaner v3.016 - Report created 26/12/2013 at 10:57:31
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Helena - LIBRARY
# Running from : C:\Documents and Settings\Helena\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Program Files\Video-Saver
Folder Deleted : C:\Documents and Settings\Helena\My Documents\Tutorials
File Deleted : C:\WINDOWS\Uninstall.exe
File Deleted : C:\Documents and Settings\Helena\Application Data\Mozilla\Firefox\Profiles\lfoq4mi4.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Video-Saver-1
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Mozilla Firefox v26.0 (en-US)
[ File : C:\Documents and Settings\Helena\Application Data\Mozilla\Firefox\Profiles\lfoq4mi4.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP22E77BD7-650C-44D0-8F1A-69F52A047C6E");
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3315513&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP22E77BD7-650C-44D0-8F1A-69F52A047C6E&SSPV=");
Line Deleted : user_pref("compact.menu.icon.localfilename", "compact1330261581333.png");
Line Deleted : user_pref("extensions.aniweather.timeShifted", 752926);
Line Deleted : user_pref("extensions.kango.storage.CachedhxxpRequest.hxxp://ring-tools.info/addons/firefox/update.xml", "\"<?xml version=\\\"1.0\\\" encoding=\\\"utf-8\\\"?>\\n<update>\\n\\t<version>1.0.4</version>\[...]
Line Deleted : user_pref("extensions.kango.storage.CachedhxxpRequest.hxxp://ring-tools.info/addons/firefox/update.xml.last_request", "\"Mon Jan 23 2012 16:29:15 GMT-0600 (Central Standard Time)\"");
Line Deleted : user_pref("extensions.kango.storage.CachedhxxpRequest.hxxp://ring-tools.info/scripts/qa.php?product_id={B3834E60-12A8-11E0-A289-939FDFD72085}&product_version=1.0.4", "\"[{\\\"type\\\":\\\"content\\\",[...]
Line Deleted : user_pref("extensions.kango.storage.CachedhxxpRequest.hxxp://ring-tools.info/scripts/qa.php?product_id={B3834E60-12A8-11E0-A289-939FDFD72085}&product_version=1.0.4.last_request", "\"Mon Jan 23 2012 16[...]
Line Deleted : user_pref("extensions.kango.storage.script_loader.data", "\"[{\\\"type\\\":\\\"content\\\",\\\"code\\\":\\\"\\\\/\\\\/ ==UserScript==\\\\n\\\\/\\\\/ @name GoogleAdsFixer\\\\n\\\\/\\\\/ @namespace ring[...]
Line Deleted : user_pref("extensions.kango.storage.statistics.user_guid", "\"{784D7507-339C-EA0D-051C-AB9F08309C8E}\"");
Line Deleted : user_pref("extensions.kango.storage.statistics.user_stat_sent", "\"Mon Jan 23 2012 08:10:19 GMT-0600 (Central Standard Time)\"");
Line Deleted : user_pref("extensions.ntk.MAINHTML", "<div class=\"section\"><ul class=\"chartlist\" style=\"width:100%\"><li id=\"row_0\" onmouseout=\"sDi(0,0)\" onmouseover=\"sDi(0,1)\">
<a href=\"hxxp://zbforums[...]
Line Deleted : user_pref("extensions.tacache.cache", "[{\"title\":\"malware has hijacked my home page - help please\",\"text\":\"The items I'm not sure about that are checked are in the Files tab:\\n\\nC:\\\\WINDOWS[...]
-\\ Google Chrome v31.0.1650.63
[ File : C:\Documents and Settings\Helena\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : icon_url
*************************
AdwCleaner[R0].txt - [5407 octets] - [26/12/2013 10:30:43]
AdwCleaner[S0].txt - [4894 octets] - [26/12/2013 10:57:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4954 octets] ##########
>
Just to update, my taskbar icons are back. I had to reset my browser homepages, but everything else seems fine so far.
I notice that Adwcleaner has backups and quarantine folders, so I'm thinking anything that was renamed by mistake could be restored? *hopes so*
Yes, you can restore your tutorials folder. As to Uninstall.exe, no, you do NOT want to restore it. See WinSecurity - uninstall.exe - Program Information (http://www.bleepingcomputer.com/startups/uninstall.exe-24979.html). I should edit my instructions. Firefox and Chrome findings cannot be unchecked.
1. To restore your tutorials folder, please do the following:
- Launch AdwCleaner and click Tools > Click Quarantine manager.
- Place a check in the box next to the file(s) to be restored. In this case, it would be C:\Documents and Settings\Helena\My Documents\Tutorials.
- Click Restore (a logfile will open).
2. Following that, let's make sure nothing has been missed. Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.
- Disable your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
Thank you! In the Adwcleaner Quarantine manager: I'm not sure what to do on the restore, because there is a list of the files in the Tutorials folder, but not the folder itself.
Should I just check and restore the files in there I wish to keep? Will it make a new tutorials folder?
To be honest, this is the first time I've needed to provide the restore function with AdwCleaner. I suggest creating a new folder first and then checking the files. Hopefully, they will then be restored to the folder. If not, you will need to manually move the files to the new folder.
I did restore only 5 files, I went ahead, because they were all text files so I figured they were safe. It did make a new Tutorials folder.
Then I ran the JRT.exe you provided.
Here is the log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Helena on Thu 12/26/2013 at 13:34:43.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Documents and Settings\Helena\Application Data\mozilla\firefox\profiles\lfoq4mi4.default\extensions\savefileto@mozdev.org.xpi [Tracur]
Successfully deleted the following from C:\Documents and Settings\Helena\Application Data\mozilla\firefox\profiles\lfoq4mi4.default\prefs.js
user_pref("extension.WeatherBug.DefaultTab", "0");
user_pref("extensions.ntk.searchShortcuts", "hxxp://www.google.com::go;hxxp://www.facebook.com::fb;hxxp://www.yahoo.com::ya;hxxp://www.rapidshare.com::rs; hxxp://www.myspace.c
user_pref("extensions.tacache.cache", "[{\"title\":\"malware has hijacked my home page - help please\",\"text\":\"Thank you! In the Adwcleaner Quarantine manager: I'm not su
Emptied folder: C:\Documents and Settings\Helena\Application Data\mozilla\firefox\profiles\lfoq4mi4.default\minidumps [19 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/26/2013 at 13:38:27.92
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Something happened that messed up my FireFox extensions and the way they appear on the toolbar. That seems strange. When the browser opened after running the JRT.exe tool, all my bookmarks were expanded, and update windows for many FF extensions appeared in the browser. I'm not sure what happened, but it looks like some of my browser preferences are not being read now.
prefs.js is that it? I suppose I can just reset everything.
Thank you, that is good to know that the folder was recreated by AdwCleaner.
That was very strange behavior by JRT. Thisisu's tool has always worked very well. You can see what happens making the preferences changes. If not, it may be easier to restore your computer to an earlier point and then re-running AdwCleaner.
Let me know which route you take.
That JST thing is a scary tool. I'm glad it warns you that your desktop will disappear or that would have freaked me out. It also stopped partway through and said there was a bad file and it had to reboot the computer to continue. That was scary too. The last time I had "bad file" warning, my whole computer crashed. But it did reboot and continue.
Considering I don't want to go through that again, please tell me if you think all the malware has been cleaned up without any other damage problems. If so, I think I'd just as soon redo all my extension preferences. Thank God it didn't remove my bookmarks. That would have been a disaster. I've tried to back up my bookmarks several times, but I don't think I've ever been successful.
I think I am going to have to go back. The extensions are not behaving correctly, as in , I can't even set any preferences for some of them.
I have a restore point before I downloaded the program that delivered the malware. Should I use that one?
I tried a restore to the point I had made, but it wasn't able to restore to that date.
Now I need to know whether to try a date before that or one after. I have quite a few choices.
Looking at the restore points in your log, that would be the best one. You'll need to reinstall KB952011. You replied with the restore failure as I was about to post. :( I'm afraid you're going to need to try another restore point and see what works.
Although I'm sure you're aware of the approaching April 8th end of support for Windows XP, I don't want to take a chance and not call it to your attention. (The Countdown Begins: Support for Windows XP Ends on April 8, 2014 - Microsoft Security Blog - Site Home - TechNet Blogs (http://blogs.technet.com/b/security/archive/2013/04/09/the-countdown-begins-support-for-windows-xp-ends-on-april-8-2014.aspx))
Alright. I guess I'll just work out a couple of restore points from there. If I'm successful, I'll run the Adwcleaner again and then bring a report here.
Yes, I am aware of the end of life date for XP. I've talked with my honey about about, and he seems to think it may get some support after that time because government centers still are using it, and he wants to wait and see what happens.
:( I tried about 6 different restore points from a day before my created point to this morning. All failed.
I guess I'm stuck with reconfiguring my extension and browser preferences. The worst part of it will be re-establishing my allowed list for NoScript. But so far, I haven't encountered any other problems.
Since you're using Freebyte Backup (http://www.freebyte.com/fbbackup/), can you restore the Firefox folder from the backup? MikeW may be able to help if you have questions.
As to extended support for Windows XP for home computer users, the OS will be 13 years old. Microsoft has provided this page for Enterprise customers: http://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx
That would have been a great idea had I backed up that file, :( but I only backed up documents and pictures and a few edited music traks. I do have an old prefs.js file from 2009. But I don't think that would be much help for now.
Why did none of my restore points work? Do you have any idea?
Ok, let's try a couple of things.
First, make sure the Service is running:
- Click Start, click Run, and then type compmgmt.msc in the Open box, and then press Enter.
- Expand Services, and then click System Restore Services..
- If the Status of System Restore Service is not Started, click Start on the toolbar to start it.
Second, try in System Restore in Safe Mode:
- Restart the computer and when you see anything on the screen, start tapping the F8 key on your keyboard.
- Select Safe Mode, and then press ENTER. As files load they will scroll down the screen.
- Click No in the safe mode information screen to start System Restore.
- Select Restore my computer to an earlier time, and then click Next to proceed to select a date with restore points available.
- Click Next to begin restoring the system to a previous state.
I did the first part and the service was started and was running.
For the second part, how will I get out of safe mode? Will that happen automatically after the system restore processes?
(BTW, a system restore box did come up and it did seem like it was restoring. It even seemed to continue to completion on several of the attempts I made, but each time ended with a panel that said the restore could not be done and no changes were made to the computer. So it did at least act like it was doing something.)
Should I try the same restore points again? (Sorry for all the questions, but I don't want to mess up.)
I would try the complete restore points, starting with the one prior to installing the video editor:
RP2166: 12/24/2013 11:28:41 PM - before installing video editor
RP2167: 12/24/2013 11:37:25 PM - Installed Windows XP -- Software Updates KB952011
For System Restore to work, it will restart your computer. When it restarts, start in normal mode.
There is something I forgot about that may fix the problem with extensions. JRT exports the registry with ERUNT prior to making changes. So, if System Restore has not worked, you can restore the registry to the point prior to running JRT.
From the ERUNT help file, http://www.larshederer.homepage.t-online.de/erunt/erunt.txt
QuoteRestoring the registry with ERDNT
---------------------------------
Situation: Windows is running normally.
To restore a previous registry backup, open Windows Explorer, navigate
to the folder where you saved the backup to, and double-click the
ERDNT.EXE file to start the restoration program. (Each restore folder
has its own copy of ERDNT.EXE in it.) Select which registry components
to restore, then click "OK" to start restoration. When the process is
complete, click "OK" to restart the computer and activate the restored
registry.
The registry backup is located at C:\Windows\ERUNT\JRT
o thank you for that.
I have been putting off the restore while I did some backing up. I have now installed FEBE extension to back up my Firefox profile.
I haven't deleted temporary files since either, so one thought I had was possibly the prefs.js file may be in there somewhere.
I like the idea of the ERUNT restore though...especially the part about "select which components to restore". I'll explore that later today.
In the end, I decided to not try any more restores. I've reconfigured all my extensions, and everything else is working fine. I wonder if the reason my prefs.js file was deleted by the tool was because there really was something wrong in there. If so, its better to just move on, I think.
My suspicion though is that it didn't like something about the Text Area Cache extension that I have installed, because while it was running, it was showing findings like "string too long", and the "bad" entries in the report included pieces of text that had been recently cached by the extension.
I think however, that the next few restore points I make, I will also make duplicates with ERUNT in case there is something wrong with my Windows system restore.
You may just be right about that extension. I use Lazarus: Form Recovery :: Add-ons for Firefox (https://addons.mozilla.org/en-US/firefox/addon/lazarus-form-recovery/). The only change I've made from default settings it to limit the duration for saving forms.
You may also want to create a fresh restore point and clear the old points. See this KB article on System Restore on XP: How antivirus software and System Restore work together (http://support.microsoft.com/?scid=kb%3Ben-us%3B831829&x=8&y=7). The same applies to an anti-malware program that scans System Restore points. In particular note:
Quote
During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state.
First, create a fresh restore point:
1. Click Start, click All Programs, click Accessories, click System Tools, and then click System Restore.
2. Click Create a Restore Point, and then click Next.
3. Name your restore point. (i.e., clean)
4. Click the Create button.
5. When the new restore point has been created, click Close.
Now select the files to be removed as well as all but the new restore point:
- Click start-->Run and type cleanmgr into the run box and then click "OK".
- Select the drive where Windows is installed (if you have more than one drive) and click "OK".
- When the scan completes, check/uncheck desired boxes.
- Next, please click the More Options tab at the top.
- Click the "Clean up..." button under the System Restore section at the bottom.
- Answer Yes to the question "Are you sure you want to delete all but the most recent restore point?".
- Click OK and answer Yes[/b] again.
The disk clean up utility will remove any items you select, although you can just use it to remove the old restore points. When it completes, please restart the computer to properly record the changes made to the hard disk.
Did the follow up cleanup as suggested.
I don't know exactly what was accomplished, but I'm kind of glad I didn't try to revert to the earlier state. Everything is running smoother than previously and page loads are lightening fast now. And after this last regular monthly windows update and reboot, my taskbar is normal and not messed up. Even MSE booted without having to reset the real-time protection.
So yay. And thanks so much again for all your patient help, Corrine!
You're welcome. I'm happy I was able to help.
Although I'm sure you've heard, it needs to be repeated as a reminder: On April 8, 2014, Windows XP will be reaching its end of life. That means that Microsoft will not be releasing any additional security updates for Windows XP, regardless of any new vulnerabilities. My best advice is to start saving for a new computer so that you will be in a position to replace this one sooner rather than later. In the meantime, it will be more important than ever to keep any Adobe products (Adobe AIR, Adobe Reader and Adobe Flash Player) as well as Oracle Java updated.
Due to a recent change in policy, Microsoft has elected to provide Microsoft Security Essentials definitions available until July 15, 2015 (See Microsoft antimalware support for Windows XP (http://blogs.technet.com/b/mmpc/archive/2014/01/15/microsoft-antimalware-support-for-windows-xp.aspx)).
Hmm. so the extensions are beginning for good ol' XP. :)
I've heard some talk that some other company may take over the updating and fixes for XP once Microsoft discontinues their own support. That might just be for government or organizational set ups though.
It would be nice to have an up-to-date system though. I'm sure we'll do what we have to when the deadline is unavoidable.
Support for XP won't be extended. It really was a surprise to most everyone that the decision was made to extend MSE definitions for XP. As to updating and fixes for XP, no other company is going to have the proper access to provide security updates not only for the OS but also for IE8.
Good point about IE8. And since there is no escape from that browser, that really does force the issue.
Selecting the right computer, whether desktop, laptop or tablet, can be time-consuming. When you're out & about, it wouldn't hurt to take a look at the latest models. It may help you narrow down your choice when you're getting ready to make a purchase.