MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: HJT log
August 19, 2019, 06:16:47 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
August 19, 2019, 06:16:47 AM

Login with username, password and session length
 
News
New  Check out our improved Download section for tons of software....
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: HJT log  (Read 8924 times)
sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« on: March 11, 2005, 06:51:13 PM »

Hello

I'm pretty new at this...
I think I have about:blank spyware. I've tried spybot, avast and a few more peaces of advice- and it did not work.
If someone here can help- I'll be very greatful (and happy)
thank you.




Logfile of HijackThis v1.99.1
Scan saved at 20:33:28, on 11/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\system32\atlfn32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\windows\system32\duupqh.exe
C:\WINDOWS\System32\manager326.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\sdklp32.exe
C:\windows\system32\packager.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\winmes.exe
C:\Program Files\Media Pass\MediaPass.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Media Pass\MediaPassK.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\mcafee32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Sarit\Application Data\rrac.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPC32.EXE
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\czgen.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\czgen.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\czgen.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\czgen.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\czgen.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekerbar.com/ie.aspx?tb_id=50154
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe mcafee32.exe
O2 - BHO: (no name) - {AF75A15D-6ABE-5F6F-6734-CDA091300567} - C:\WINDOWS\system32\mssn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\he-il\msnappau.exe"
O4 - HKLM\..\Run: [duupqh] c:\windows\system32\duupqh.exe
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [Microsoft Update] Svhost.exe
O4 - HKLM\..\Run: [MS Manager326 Startup] manager326.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [sdklp32.exe] C:\WINDOWS\system32\sdklp32.exe
O4 - HKLM\..\Run: [tibs5] C:\WINDOWS\System32\tibs5.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitebfy32.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Microsofts media] wingtp.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPass.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [Microsoft Update] Svhost.exe
O4 - HKLM\..\RunServices: [MS Manager326 Startup] manager326.exe
O4 - HKLM\..\RunServices: [Microsofts media] wingtp.exe
O4 - HKLM\..\RunServices: [Microsoft MediaScope] winmes.exe
O4 - HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Update] Svhost.exe
O4 - HKCU\..\Run: [MS Manager326 Startup] manager326.exe
O4 - HKCU\..\Run: [Ease] C:\Documents and Settings\Sarit\Application Data\rrac.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm081YYIL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/MyFunCardsFWBInitialSetup1.0.0.8.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1109580005060
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=3056
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7552DFC8-095B-4715-8F19-5EE1F6C7E053}: NameServer = 194.90.1.5 212.143.212.143
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
O23 - Service: Workstation NetLogon Service (
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #1 on: March 12, 2005, 04:58:15 PM »

Start by disabling System Restore, which is something you can re-enable after the PC has been fixed.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files


Now download the following programs:

Stinger
CWShredder
Spybot Search & Destroy
Ad-Aware
VX2 Cleaner
About:Buster <-- you won't use this one until after we've made some amendments to your logfile.
Cleanup! <-- you won't use this one until after we've made some amendments to your logfile.

Now go to the following online AV scanners:

Rav Antivirus
Trend Antivirus
Panda Activescan

Let all of them delete what they want. Write down what they fail in dealing with.

Now run Stinger. It's a standalone tool that's designed to carve out trojans and such. Let it run and allow it to do it's thing.

Then run and update CWShredder. Click the Fixbutton and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue appears.
Wait for it to finish and then click Next and Finish.

Now install, run, update and scan your system with Spybot S&D.
When it's done scanning, check all entries that are marked RED and click Fix Selected.

Then install Ad-Aware and update it right away. Then scan and let it fix whatever it reports.
Then shut down Ad-Aware.
Then install the VX2 Cleaner and let it install into the Ad-Aware program folder.
Start Ad-Aware again and click the AddOns button. Double click the VX2 Cleaner in there and click OK at the prompt.

If your computer is infected

 Select
Logged

sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #2 on: March 14, 2005, 08:35:34 PM »

first of all thanks for replying...
I've downloaded all the programs, but I can't work the scans.
in Rav- I have a message that says that my 'current security settings prohibit running activeX controls on this page'
in Trend & Panda- I'm clicking on the scan icon-and it is not responding (the status bar shows- done)
Sarit.
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #3 on: March 14, 2005, 08:43:42 PM »

Then start by running the tools I pointed you to first and then take the steps I noted as well.
When that's done, open up Windows Explorer and navigate your way to C:\Windows\System32\drivers\etc where you must search for a file called Hosts. You'll recognise it by the fact that it hasn't got an extension. Open the file in Notepad and copy/paste the entire contents of that file into this thread.
« Last Edit: March 14, 2005, 08:44:31 PM by redaxe » Logged

sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #4 on: March 15, 2005, 04:08:36 PM »

Hey again.
I'm sorry about all the nagging-I just really don't know nothing about all these things.
I skipped the three on-line scanners, and just continued with your instructions, and in the mean time I copied the hosts file..
If I'm doing anything wrong-please tell me
as you can understand, I'm pretty helpless
Thanks again,
Sarit.





# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names.  Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
#      #PRE
#      #DOM:<domain>
#      #INCLUDE <filename>
#      #BEGIN_ALTERNATE
#      #END_ALTERNATE
#      \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
# 102.54.94.102    "appname  \0x14"                    #special app server
# 102.54.94.123    popular            #PRE             #source server
# 102.54.94.117    localsrv           #PRE             #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.




Logged

 
sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #5 on: March 15, 2005, 05:51:01 PM »

I can't believe it! I've got my homepage back!!!
Thank you so much!

though I don't think it's all over, because I still have all these pop-ups & the window that tells you there is a problem, and ask you if you wish to report it, and once you click any of the options, it shuts the explorer down...
anyhow here is the HJT log from a few seconds ago.
If there is something else to do-I'll be greatful if you'll let me know.
Thanks again (I sure do mean it..)
Sarit.
 
Logfile of HijackThis v1.99.1
Scan saved at 19:42:08, on 15/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\msld.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\javakr32.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {37FF69E5-CDC6-0B84-C167-6FB0367621ED} - C:\WINDOWS\system32\ntdt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [javakr32.exe] C:\WINDOWS\system32\javakr32.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: Network Security Service (NSS) (
Logged

 
sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #6 on: March 15, 2005, 05:54:59 PM »

me again...

it's back. (well at least it worked for a few seconds...that's a start)
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #7 on: March 15, 2005, 08:06:43 PM »

Please post a new HJT log then, we have to get rid of this junk.
Logged

sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #8 on: March 17, 2005, 04:13:44 PM »

Logfile of HijackThis v1.99.1
Scan saved at 18:09:37, on 17/03/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\javakr32.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\WINDOWS\msld.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
c:\progra~1\toolbar\TBPS.exe
C:\PROGRA~1\Toolbar\PIB.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qrepj.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qrepj.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\qrepj.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\qrepj.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\qrepj.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qrepj.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\qrepj.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {37FF69E5-CDC6-0B84-C167-6FB0367621ED} - C:\WINDOWS\system32\ntdt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O5 "LPT1:" /M "Stylus C43"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [javakr32.exe] C:\WINDOWS\system32\javakr32.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Corel Family and Friends Reminders.LNK = C:\Program Files\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7552DFC8-095B-4715-8F19-5EE1F6C7E053}: NameServer = 212.143.212.143 194.90.1.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - Unknown owner - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: Network Security Service (NSS) (
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #9 on: March 17, 2005, 07:16:52 PM »

Open up Windows Explorer for me and navigate your way to C:\Windows\System32\drivers\etc and find a file called HOSTS
Open it with Notepad and then copy the contents of that file to a post here.
Do that before you take the following steps!!

Start by disabling System Restore, which is something you can re-enable after the PC has been fixed.
Right click My Computer and select Properties.
Click the System Restore tab and in there disable it. Apply and OK out.

Furthermore, make sure that Windows Explorer is set to show hidden files and folders. Click Tools/Folder Options -> View and check Show hidden files and folders and uncheck Hide protected operating system files

Now go to the following online AV scanners:

Rav Antivirus
Trend Antivirus
Panda Activescan

Let all of them delete what they want. Write down what they fail in dealing with.

Then run and update CWShredder. Click the Fixbutton and click OK when the prompt CWShredder will shutdown any open Internet Explorer and Windows Media Player windows. Click OK to continue appears.
Wait for it to finish and then click Next and Finish.

Now run, update and scan your system with Spybot S&D.
When it's done scanning, check all entries that are marked RED and click Fix Selected.

Then Ad-Aware and update it right away. Then scan and let it fix whatever it reports.
Then click the AddOns button. Double click the VX2 Cleaner in there and click OK at the prompt.

If your computer is infected

 Select
Logged

sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #10 on: March 17, 2005, 08:37:43 PM »

Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample LMHOSTS file used by the Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to computernames
# (NetBIOS) names.  Each entry should be kept on an individual line.
# The IP address should be placed in the first column followed by the
# corresponding computername. The address and the computername
# should be separated by at least one space or tab. The "#" character
# is generally used to denote the start of a comment (see the exceptions
# below).
#
# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
# files and offers the following extensions:
#
#      #PRE
#      #DOM:<domain>
#      #INCLUDE <filename>
#      #BEGIN_ALTERNATE
#      #END_ALTERNATE
#      \0xnn (non-printing character support)
#
# Following any entry in the file with the characters "#PRE" will cause
# the entry to be preloaded into the name cache. By default, entries are
# not preloaded, but are parsed only after dynamic name resolution fails.
#
# Following an entry with the "#DOM:<domain>" tag will associate the
# entry with the domain specified by <domain>. This affects how the
# browser and logon services behave in TCP/IP environments. To preload
# the host name associated with #DOM entry, it is necessary to also add a
# #PRE to the line. The <domain> is always preloaded although it will not
# be shown when the name cache is viewed.
#
# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
# software to seek the specified <filename> and parse it as if it were
# local. <filename> is generally a UNC-based name, allowing a
# centralized lmhosts file to be maintained on a server.
# It is ALWAYS necessary to provide a mapping for the IP address of the
# server prior to the #INCLUDE. This mapping must use the #PRE directive.
# In addtion the share "public" in the example below must be in the
# LanManServer list of "NullSessionShares" in order for client machines to
# be able to read the lmhosts file successfully. This key is under
# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
# in the registry. Simply add "public" to the list found there.
#
# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
# statements to be grouped together. Any single successful include
# will cause the group to succeed.
#
# Finally, non-printing characters can be embedded in mappings by
# first surrounding the NetBIOS name in quotations, then using the
# \0xnn notation to specify a hex value for a non-printing character.
#
# The following example illustrates all of these extensions:
#
# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
# 102.54.94.102    "appname  \0x14"                    #special app server
# 102.54.94.123    popular            #PRE             #source server
# 102.54.94.117    localsrv           #PRE             #needed for the include
#
# #BEGIN_ALTERNATE
# #INCLUDE \\localsrv\public\lmhosts
# #INCLUDE \\rhino\public\lmhosts
# #END_ALTERNATE
#
# In the above example, the "appname" server contains a special
# character in its name, the "popular" and "localsrv" server names are
# preloaded, and the "rhino" server name is specified so it can be used
# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
# system is unavailable.
#
# Note that the whole file is parsed including comments on each lookup,
# so keeping the number of comments to a minimum will improve performance.
# Therefore it is not advisable to simply add lmhosts file entries onto the
# end of this file.




Logged

 
sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #11 on: March 17, 2005, 09:00:04 PM »

As I told you before- I can't work the AV scanners. I'm getting into the sites-but I have a message that says, that mu cyrrent security settings prohibit activex control..and then the page is not fully displayed- or if it is- I'm clicking and it's not responding...
I guess that's why it didn't work last time-because I had to skip this phase
Logged

 
redaxe
Supreme Loonie
Global Moderator
Hero Member
*****

Karma: +16/-0
Offline Offline

Gender: Male
Posts: 1276


Bookmark and Share

View Profile
« Reply #12 on: March 17, 2005, 09:30:11 PM »

I was not talking about the LMHost file, there ought to be another one in there that's called Hosts, nothing more and nothing less.

 
quote:
The default contents of a Hosts file should look like this:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost


Then open up Control Panel -> Internet Options.
Now click the Privacy tab.
Then click the button that says Custom Level.
What are the settings with relations to ActiveX controls?
I need to know how it's set to deal with Signed ActiveX controls and the Unsigned ones. Basically all the ActiveX settings you can spot in there.

You could also try putting the URLs to the online scanners into your Trusted Zone under the Security tab. Try the latter method, but by all means tell me the current settings for your Internet zone.
« Last Edit: March 17, 2005, 09:32:28 PM by redaxe » Logged

sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #13 on: March 20, 2005, 08:06:39 AM »

there is no file called hosts- in system 32. I've searched the comp. and the only place it found a file called hosts-is in spybot/Includes- I'm almost sure you're not talking about this one-but I pasted it here anyway.... (I've run so many anti-virus/spaware prog. that maybe one of them deleted it...?!)
 and about the ActiveX:

download signed ActiveX controls: prompt
download unsigned ActiveX controls: disable
initialize and script ActiveX controls not marked as safe: disable
run ActiveX controls marked as safe for scripting: enable

thanks again.
Logged

 
sarit
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 12


Bookmark and Share

View Profile
« Reply #14 on: March 20, 2005, 08:09:32 AM »

127.0.0.1   coolwwwsearch.com
127.0.0.1   coolwebsearch.com
127.0.0.1   hi.studioaperto.net
127.0.0.1   www.webbrowser.tv
127.0.0.1   www.wazzupnet.com
127.0.0.1   gueb.com
127.0.0.1   kabex.com
127.0.0.1   www.hityou.com
127.0.0.1   miosearch.com
127.0.0.1   wazzupnet.com
127.0.0.1   213.131.225.2
127.0.0.1   www.blue-elefant.com
127.0.0.1   babeweb.de
127.0.0.1   start-seite.com
127.0.0.1   s*xolymp.com
127.0.0.1   toriii.cc
127.0.0.1   www.xtipp.de
127.0.0.1   urawa.cool.ne.jp
127.0.0.1   777search.com
127.0.0.1   ace-webmaster.com
127.0.0.1   aifind.info
127.0.0.1   amateurliveshow.com
127.0.0.1   anarchylolita.com
127.0.0.1   anarchyp*rn.com
127.0.0.1   approvedlinks.com
127.0.0.1   cantfind.com
127.0.0.1   castingsamateur.com
127.0.0.1   cyberrape.com
127.0.0.1   dialerclub.com
127.0.0.1   exit.megago.com
127.0.0.1   fastmetasearch.com
127.0.0.1   findwhatevernow.com
127.0.0.1   globesearch.com
127.0.0.1   hotfreebies.com
127.0.0.1   krankin.com
127.0.0.1   live.s*x-explorer.com
127.0.0.1   loveadot.com
127.0.0.1   megaseek.net
127.0.0.1   mixsearch.com
127.0.0.1   munky.com
127.0.0.1   newtopsites.com
127.0.0.1   noblindlinks.com
127.0.0.1   r.babenet.com
127.0.0.1   searchresult.net
127.0.0.1   s*xarena.org
127.0.0.1   skeech.com
127.0.0.1   smarter.com
127.0.0.1   superwp.by.ru
127.0.0.1   sureseeker.com
127.0.0.1   wethere.com
127.0.0.1   wowsearch.org
127.0.0.1   www.xxx.com
127.0.0.1   www.websearch.com
127.0.0.1   partner23.firehunt.com
127.0.0.1   screensaver.it
127.0.0.1   xads.cliks.org
127.0.0.1   xwebsearch.biz
127.0.0.1   znext.com
127.0.0.1   rawtocash.net
127.0.0.1   7search.com
127.0.0.1   zestyfind.com
127.0.0.1   dev.ntcor.com
127.0.0.1   search.xrenoder.com
127.0.0.1   193.125.201.50
127.0.0.1   www.allcybersearch.com
127.0.0.1   www.tinybar.com
127.0.0.1   topsite.us
127.0.0.1   topsites.us
127.0.0.1   topsitez.us
127.0.0.1   out.true-counter.com
127.0.0.1   www.cnetadd.com
127.0.0.1   okmmm.com
127.0.0.1   www.139mm.com
127.0.0.1   008k.com
127.0.0.1   00hq.com
127.0.0.1   1-domains-registrations.com
127.0.0.1   100s*xlinks.com
127.0.0.1   157.238.62.14
127.0.0.1   1s*xparty.com
127.0.0.1   1stpagehere.com
127.0.0.1   2020search.com
127.0.0.1   209.66.114.130
127.0.0.1   24teen.com
127.0.0.1   36site.com
127.0.0.1   4corn.net
127.0.0.1   66.117.14.138
127.0.0.1   66.197.100.83
127.0.0.1   66.250.107.99
127.0.0.1   66.250.107.100
127.0.0.1   66.250.107.101
127.0.0.1   66.250.130.194
127.0.0.1   66.250.170.107
127.0.0.1   66.250.57.26
127.0.0.1   66.250.57.27
127.0.0.1   66.250.57.28
127.0.0.1   66.250.74.150
127.0.0.1   777top.com
127.0.0.1   8ad.com
127.0.0.1   aboutclicker.com
127.0.0.1   abrp.net
127.0.0.1   accessthefuture.net
127.0.0.1   acemedic.com
127.0.0.1   actionbreastcancer.org
127.0.0.1   activexupdate.com
127.0.0.1   adamsupportgroup.org
127.0.0.1   adasearch.com
127.0.0.1   adipics.com
127.0.0.1   adspics.com
127.0.0.1   adult-engine-search.com
127.0.0.1   adult-erotic-guide.net
127.0.0.1   adult-friends-finder.net
127.0.0.1   adulthyperlinks.com
127.0.0.1   adulttds.com
127.0.0.1   advert.exaccess.ru
127.0.0.1   agentstudio.com
127.0.0.1   africaspromise.org
127.0.0.1   akril.com
127.0.0.1   alcatel.ws
127.0.0.1   alfa-search.com
127.0.0.1   all-inet.com
127.0.0.1   allabtcars.com
127.0.0.1   allabtjeeps.com
127.0.0.1   allcybersearch.com
127.0.0.1   allhyperlinks.com
127.0.0.1   allinternetbusiness.com
127.0.0.1   almarvideos.com
127.0.0.1   amandamountains.com
127.0.0.1   amigeek.com
127.0.0.1   amisbusiness.com
127.0.0.1   analmovi.com
127.0.0.1   anin.org
127.0.0.1   annaromeo.com
127.0.0.1   antrocity.com
127.0.0.1   anything4health.com
127.0.0.1   apsua.com
127.0.0.1   areg*y.com
127.0.0.1   arheo.com
127.0.0.1   arizonaweb.org
127.0.0.1   armitageinn.com
127.0.0.1   art-func.com
127.0.0.1   art-xxx.com
127.0.0.1   artachnid.com
127.0.0.1   asiankingkong.com
127.0.0.1   ass-gals.com
127.0.0.1   athenrye.com
127.0.0.1   avian-ads.com
127.0.0.1   ayakawamura.com
127.0.0.1   ayumitaniguchi.com
127.0.0.1   bannedhost.net
127.0.0.1   barbudafarms.com
127.0.0.1   barnandfence.com
127.0.0.1   batsearch.com
127.0.0.1   baygraphicsllc.com
127.0.0.1   bb-search.com
127.0.0.1   bbbsearch.com
127.0.0.1   bedhome.com
127.0.0.1   bediadance.com
127.0.0.1   bellabasketsfl.com
127.0.0.1   bernaolatwin.com
127.0.0.1   best-counter.com
127.0.0.1   best-hardpics.com
127.0.0.1   best-winning-casino.com
127.0.0.1   bestcrawler.com
127.0.0.1   bestfor.ru
127.0.0.1   bestp*rngate.com
127.0.0.1   bestxp*rno.com
127.0.0.1   blackjack-free.net
127.0.0.1   blender.xu.pl
127.0.0.1   bodaciousbabette.com
127.0.0.1   ****doll.com
127.0.0.1   ****sandtits.com
127.0.0.1   ****sclub.com
127.0.0.1   boredlife.com
127.0.0.1   bowlofogumbo.com
127.0.0.1   bradcoem.org
127.0.0.1   brandiyoung.com
127.0.0.1   brookeburn.com
127.0.0.1   bucps.com
127.0.0.1   burgerkingbigscreen.com
127.0.0.1   buscards.net
127.0.0.1   bustyrussell.com
127.0.0.1   buttejazz.org
127.0.0.1   buyselldomain.net
127.0.0.1   calcioturris.com
127.0.0.1   canberracricketcoaching.com
127.0.0.1   candycantaloupes.com
127.0.0.1   careers.dulcineasystems.net
127.0.0.1   carsands.com
127.0.0.1   carsrentals.net
127.0.0.1   casino-gambling-1.net
127.0.0.1   casino-gambling-2.net
127.0.0.1   casino-onlines.net
127.0.0.1   casino.com.free.game.pogo.gratisdownloads.nl
127.0.0.1   casino2win.net
127.0.0.1   casinomidas.net
127.0.0.1   casinonline.net
127.0.0.1   catallogue.com
127.0.0.1   catsss.da.ru
127.0.0.1   caxa.ru
127.0.0.1   cclebali.org
127.0.0.1   ceewawires.org
127.0.0.1   certumgroup.com
127.0.0.1   chelancatering.com
127.0.0.1   childrenvilla.com
127.0.0.1   chips-4-free.com
127.0.0.1   chrisswasey.com
127.0.0.1   chriswallace.net
127.0.0.1   ckick4thumbs.com
127.0.0.1   clackamasliteraryreview.com
127.0.0.1   clearsearch.cc
127.0.0.1   clearsearch.net
127.0.0.1   clickaire.com
127.0.0.1   clickyestoenter.net
127.0.0.1   clrsch.com
127.0.0.1   cmtapestry.com
127.0.0.1   cool-homepage.co
127.0.0.1   cool-homepage.com
127.0.0.1   cool-search.net
127.0.0.1   cool-search.netfartpost.com
127.0.0.1   cool-web-search.com
127.0.0.1   coolfetishsite.com
127.0.0.1   coolfreehost.com
127.0.0.1   coolfreepage.com
127.0.0.1   coolfreepages.com
127.0.0.1   coolmoneysearch.com
127.0.0.1   coolp*rnsearch.com
127.0.0.1   coolsearcher.info
127.0.0.1   coolwebsearch.
127.0.0.1   coolwebsearsh.com
127.0.0.1   coolwwwsearch.
127.0.0.1   copmtraine.com
127.0.0.1   couldnotfind.com
127.0.0.1   count-all.com
127.0.0.1   cracks.me.uk
127.0.0.1   creamedcutties.com
127.0.0.1   creditsearchonline.com
127.0.0.1   crestring.com
127.0.0.1   crooder.com
127.0.0.1   curvedspaces.com
127.0.0.1   cvs.jps.ru
127.0.0.1   cvsymphony.com
127.0.0.1   cydom.com
127.0.0.1   daily-gals.com
127.0.0.1   dancingbabycd.com
127.0.0.1   datanotary.com
127.0.0.1   datareco.com
127.0.0.1   davemarshall.org
127.0.0.1   dcfitusa.com
127.0.0.1   defaultsearch.net
127.0.0.1   desarrollocreativo.com
127.0.0.1   develip.com
127.0.0.1   dewis.spb.ru
127.0.0.1   dewis.us
127.0.0.1   df809jow4wj2304lfd0sf9fsd0a2t4ldf809jow4wj2304lfd0sf9fsd0a2t4ld.biz
127.0.0.1   dietpills4free.com
127.0.0.1   diet*****.com
127.0.0.1   digistreamsa.com
127.0.0.1   dionforvalleycouncil.org
127.0.0.1   doctorwaldron.com
127.0.0.1   document-not-found.p*rnpic.org
127.0.0.1   doggyaction.com
127.0.0.1   domain-your-registration.com
127.0.0.1   domains-for-you-online.com
127.0.0.1   domains2003.net
127.0.0.1   domkrat.com
127.0.0.1   dp-host.com
127.0.0.1   dragqueen.g*y-clan.com
127.0.0.1   drug-sources-exposed.com
127.0.0.1   drvvv.com
127.0.0.1   dutch-s*x.com
127.0.0.1   dvdbank.org
127.0.0.1   e-localad.com
127.0.0.1   e-plus.cc
127.0.0.1   e-websitesolutions.com
127.0.0.1   eases.net
127.0.0.1   easy-search.net
127.0.0.1   easycategories.com
127.0.0.1   ecosrioplatenses.org
127.0.0.1   ecstasyp*rn.net
127.0.0.1   eikokoike.com
127.0.0.1   ep*rns*x.com
127.0.0.1   euuu.com
127.0.0.1   evidence-detector.biz
127.0.0.1   evilspidercomics.com
127.0.0.1   ewebsearch.net
127.0.0.1   findloss.com
127.0.0.1   excellentsckin.com
127.0.0.1   extremeseek.net
127.0.0.1   f*ckdenniss.com
127.0.0.1   f*cknicepics.com
127.0.0.1   faithstevens.com
127.0.0.1   fantasiewelten.com
127.0.0.1   farmsteadbandb.com
127.0.0.1   fartpost.com
127.0.0.1   fastwebfinder.com
127.0.0.1   faxp*rn.com
127.0.0.1   fickenisgeil.de
127.0.0.1   finance-loans.com
127.0.0.1   find-itnow.com
127.0.0.1   find-uk-health.co.uk
127.0.0.1   find4u.net
127.0.0.1   findit-now.com
127.0.0.1   findwhat.com
127.0.0.1   findthesite.com
127.0.0.1   findthewebsiteyouneed.com
127.0.0.1   fionasteel.com
127.0.0.1   firstbookmark.net
127.0.0.1   fitness-free.com
127.0.0.1   foodvacations.net
127.0.0.1   forex.jps.ru
127.0.0.1   forexcredit.com
127.0.0.1   forexcredit.ru
127.0.0.1   formingfusions.com
127.0.0.1   forsythfire.net
127.0.0.1   forthline.com
127.0.0.1   free-chipes.com
127.0.0.1   free-f*cking-video.com
127.0.0.1   free-hit.com
127.0.0.1   free-pics-and-movies.com
127.0.0.1   free-s*x-movie-clips.net
127.0.0.1   free4p*rno.net
127.0.0.1   free64all.com
127.0.0.1   freebookmark.net
127.0.0.1   freebookmarks.net
127.0.0.1   freecategories.com
127.0.0.1   freecoolhost.com
127.0.0.1   freerbhost.com
127.0.0.1   freeshemalepics.net
127.0.0.1   freewebs.com
127.0.0.1   freeyaho.com
127.0.0.1   freshseek.com
127.0.0.1   freshteensite.com
127.0.0.1   gabrielscott.com
127.0.0.1   galpostgirls.com
127.0.0.1   gals-for-free.com
127.0.0.1   gambling-online4you.com
127.0.0.1   gameterror.net
127.0.0.1   g*y50.com
127.0.0.1   generalsmeltingofcanada.com
127.0.0.1   geteens.com
127.0.0.1   getpicshere.com
127.0.0.1   gimmezamore.com
127.0.0.1   gimnasiaer.com
127.0.0.1   girls-p*rn-life.com
127.0.0.1   glbdf.org
127.0.0.1   global-finder.com
127.0.0.1   globe-finder.cc
127.0.0.1   globe-finder.com
127.0.0.1   gocybersearch.com
127.0.0.1   golftennis.net
127.0.0.1   good-mortgages-calculator.com
127.0.0.1   good-mortgages.net
127.0.0.1   goods*xs.com
127.0.0.1   googlebar.jps.ru
127.0.0.1   googlf.com
127.0.0.1   gradforum.org
127.0.0.1   gratis-p*rn-movie.com
127.0.0.1   gratis-p*rnopics.com
127.0.0.1   guzzycats.com
127.0.0.1   gzphoenix.com
127.0.0.1   hallnetaccolade.com
127.0.0.1   hand-book.com
127.0.0.1   happyanal.com
127.0.0.1   hard-gals.com
127.0.0.1   hardbodytgp.com
127.0.0.1   hardcoreover.com
127.0.0.1   hardloved.com
127.0.0.1   hardwareseek.net
127.0.0.1   harukaigawa.com
127.0.0.1   hccsolanonapa.org
127.0.0.1   health-protein.com
127.0.0.1   hentai4u.net
127.0.0.1   here4search.com
127.0.0.1   heyrichy.com
127.0.0.1   hi-search.com
127.0.0.1   hiddenguides.com
127.0.0.1   hitlistlyrics.com
127.0.0.1   holidayautostr.com
127.0.0.1   homemortage.ws
127.0.0.1   hostssp.com
127.0.0.1   hot-cartoon-s*x.anime.american-teens.net
127.0.0.1   hotbookmark.com
127.0.0.1   hotels-list.net
127.0.0.1   hotelxxxcams.com
127.0.0.1   hotpopup.com
127.0.0.1   hotsearchbox.com
127.0.0.1   hots*x-series.com
127.0.0.1   hotstartpage.com
127.0.0.1   hqs*x.biz
127.0.0.1   hugep*rn4u.net
127.0.0.1   hunacsa.com
127.0.0.1   hupacasath.com
127.0.0.1   hzsx.com
127.0.0.1   icansearch.net
127.0.0.1   idgsearch.com
127.0.0.1   ie-search.com
127.0.0.1   incestp*rngate.com
127.0.0.1   infodigger.net
127.0.0.1   infoglobus.com
127.0.0.1   inherhole.com
127.0.0.1   insertthiscock.com
127.0.0.1   insurance-flood.net
127.0.0.1   insuranceall.net
127.0.0.1   internetsearch.ru
127.0.0.1   ionichost.com
127.0.0.1   ionomist.com
127.0.0.1   ips*x.net
127.0.0.1   itsanal.com
127.0.0.1   itseasy.us
127.0.0.1   iweb-commerce.com
127.0.0.1   iwebland.com
127.0.0.1   jeannineoldfield.com
127.0.0.1   jethomepage.com
127.0.0.1   jetseeker.com
127.0.0.1   jmhgallery.org
127.0.0.1   joannelatham.com
127.0.0.1   judin.ru
127.0.0.1   junkys*x.com
127.0.0.1   karleyt.narod.ru
127.0.0.1   kathisomers.com
127.0.0.1   kazaa-lite.ws
127.0.0.1   keithgreenpro.com
127.0.0.1   kenmccaul.com
127.0.0.1   kilos*x.com
127.0.0.1   kimhines.com
127.0.0.1   kinoru.com
127.0.0.1   ksdspups.org
127.0.0.1   landrape.com
127.0.0.1   lauraroebuck.com
127.0.0.1   leannalovelace.com
127.0.0.1   lesobank.ru
127.0.0.1   libertyonlinehosting.com
127.0.0.1   lingerie-mania.com
127.0.0.1   lisamatthew.com
127.0.0.1   liveholio.com
127.0.0.1   livenewspaper.com
127.0.0.1   louiseleeds.com
127.0.0.1   love-pix.com
127.0.0.1   lovelas.com
127.0.0.1   lovelysearch.com
127.0.0.1   low-taxes.com
127.0.0.1   luckysearch.net
127.0.0.1   lunitaweb.net
127.0.0.1   lustful-p*rno.com
127.0.0.1   mackinnonsbrook.org
127.0.0.1   madfinder.com
127.0.0.1   madisonmoons.com
127.0.0.1   madisonoilco.com
127.0.0.1   madonalive.com
127.0.0.1   majuozawa.com
127.0.0.1   makin-do.com
127.0.0.1   male4free.com
127.0.0.1   map-quest.org
127.0.0.1   marilynchamber.com
127.0.0.1   martfinder.com
127.0.0.1   massearch.com
127.0.0.1   matetrava.com
127.0.0.1   mature50.com
127.0.0.1   maturep*rngate.com
127.0.0.1   maxdzines.com
127.0.0.1   mcgeeforlabor.com
127.0.0.1   mdstunisie.org
127.0.0.1   medicare-insurance.net
127.0.0.1   medicare-supplemental.com
127.0.0.1   mega-dating-tips.com
127.0.0.1   megumikanzaki.com
127.0.0.1   meshalynn.com
127.0.0.1   meta-adult.com
127.0.0.1   meta-casino.com
127.0.0.1   meta-mobile.com
127.0.0.1   meta-p*rn.com
127.0.0.1   metafora.ru
127.0.0.1   metapoisk.ru
127.0.0.1   michiyonakajima.com
127.0.0.1   miconsultamedica.com
127.0.0.1   mikasakamoto.com
127.0.0.1   mikoni.com
127.0.0.1   militarygods.p*rn4p*rn.net
127.0.0.1   millennialpeople.org
127.0.0.1   mipham.org
127.0.0.1   missingcommand.com
127.0.0.1   mommykiss.com
127.0.0.1   moneyhunters.com
127.0.0.1   montgomeryhospitalanesthesia.com
127.0.0.1   morflot.com
127.0.0.1   mortgage-debt.net
127.0.0.1   mortismaximus.com
127.0.0.1   moscowwhores.com
127.0.0.1   moviecategories.com
127.0.0.1   mp3-pix.com
127.0.0.1   mrtg.jps.ru
127.0.0.1   msn-info.net
127.0.0.1   multi*****.com
127.0.0.1   mundopolar.com
127.0.0.1   mustv.com
127.0.0.1   mywebsearch.net
127.0.0.1   nativehardcore.com
127.0.0.1   naturalspy.com
127.0.0.1   nbasportsbook.net
127.0.0.1   needf*cknow.com
127.0.0.1   nellyslyrics.com
127.0.0.1   nepgyan.com
127.0.0.1   nesrecords.com
127.0.0.1   netshastra.net
127.0.0.1   nettime.ru
127.0.0.1   nettracker.jps.ru
127.0.0.1   netyellowpages.info
127.0.0.1   new-incest.com
127.0.0.1   newcategories.com
127.0.0.1   newcracks.com
127.0.0.1   newcracks.net
127.0.0.1   newlife-lajolla.com
127.0.0.1   news*xgate.com
127.0.0.1   newtonsracks.com
127.0.0.1   newxpics.com
127.0.0.1   nhlsportsbook.net
127.0.0.1   niagaracapital.com
127.0.0.1   niche-tv.com
127.0.0.1   nmrba.com
127.0.0.1   nocalories.net
127.0.0.1   nocensor.com
127.0.0.1   ormandcompany.com
127.0.0.1   nsbabes.com
127.0.0.1   nuclearwitness.org
127.0.0.1   nursemania.com
127.0.0.1   nvntour.com
127.0.0.1   nvphall.org
127.0.0.1   oborot.com
127.0.0.1   ocalalivestockmarket.com
127.0.0.1   ocsff.com
127.0.0.1   oeatlanta.com
127.0.0.1   oharrowsearch.com
127.0.0.1   ok-search.com
127.0.0.1   okulta.com
127.0.0.1   omegabrains.net
127.0.0.1   online-casino-1.net
127.0.0.1   online-casino-bonus.info
127.0.0.1   online-casinos-x.com
127.0.0.1   online-winning.net
127.0.0.1   onlineserverz.com
127.0.0.1   onlinetradings.net
127.0.0.1   only****.com
127.0.0.1   onlyinsured.com
127.0.0.1   operanabuco.com
127.0.0.1   ops*x.com
127.0.0.1   oregoncharters.org
127.0.0.1   otrlives.com
127.0.0.1   ozawamadoka.com
127.0.0.1   paigesummer.com
127.0.0.1   pamelacollections.com
127.0.0.1   panamcup.com
127.0.0.1   pantygirls4u.com
127.0.0.1   pantyhoserealm.com
127.0.0.1   pantyplace.com
127.0.0.1   pastubes.com
127.0.0.1   paulapage.com
127.0.0.1   paulhoover.com
127.0.0.1   payfortraffic.net
127.0.0.1   pedo.ws
127.0.0.1   people.1gb.ru
127.0.0.1   pervertbot.com
127.0.0.1   pharma-diet-pills.com
127.0.0.1   pharmacy2003.com
127.0.0.1   pharmalocator.com
127.0.0.1   phendimetrazine-tenuate-adipex.com
127.0.0.1   pics-videos.com
127.0.0.1   picsdir.com
127.0.0.1   picsforbucks.com
127.0.0.1   picsofseductiveladies.com
127.0.0.1   pills-birth-control.com
127.0.0.1   pillsmall.com
127.0.0.1   pilotronix.com
127.0.0.1   pixpox.com
127.0.0.1   planemusic.com
127.0.0.1   poiska.net
127.0.0.1   poker-casino-free.com
127.0.0.1   poker-games-free.net
127.0.0.1   polradiologia.com
127.0.0.1   pooi.net
127.0.0.1   p*rn-teacher.com
127.0.0.1   p*rncamz.com
127.0.0.1   p*rnfree.info
127.0.0.1   p*rnnightdreams.com
127.0.0.1   p*rnokopec.com
127.0.0.1   p*rntetris.com
127.0.0.1   p*rntwist.com
127.0.0.1   powerwebsearch.com
127.0.0.1   prblitz.com
127.0.0.1   pretypics.com
127.0.0.1   pribalt.com
127.0.0.1   privacy-support.biz
127.0.0.1   privatep*rn.net
127.0.0.1   prostactive.com
127.0.0.1   prostol.com
127.0.0.1   protect-yourself.biz
127.0.0.1   prsainlandempire.org
127.0.0.1   put-your-link-here.com
127.0.0.1   pyrocorp.com
127.0.0.1   quick-search.ws
127.0.0.1   quiksearchgenealogy.com
127.0.0.1   radfrall.org
127.0.0.1   ramgo.com
127.0.0.1   ranafrog.ne
127.0.0.1   rapegate.com
127.0.0.1   redbudbmx.com
127.0.0.1   refinance-help.com
127.0.0.1   removeearthkeepers.org
127.0.0.1   rightfinder.net
127.0.0.1   robbsproshop.com
127.0.0.1   robertferencz.com
127.0.0.1   rotocasters.com
127.0.0.1   royalsearch.net
127.0.0.1   runsearch.com
127.0.0.1   russiansponsor.com
127.0.0.1   russog*y.com
127.0.0.1   s2.exocrew.com
127.0.0.1   sacitylife.com
127.0.0.1   samplegals.com
127.0.0.1   satisf*cktion.net
127.0.0.1   sbssurvivor.com
127.0.0.1   scarypix.com
127.0.0.1   sccdnet.com
127.0.0.1   schoolforest.com
127.0.0.1   search-1.net
127.0.0.1   search-2003.com
127.0.0.1   search-about.net
127.0.0.1   search-hawk.com
127.0.0.1   search-log.com
127.0.0.1   search-meta.com
127.0.0.1   search-safe.com
127.0.0.1   search.psn.cn
127.0.0.1   searchadultweb.com
127.0.0.1   searchbutler.com
127.0.0.1   searchbuttler.com
127.0.0.1   searchbutler.org
127.0.0.1   searchcomplete.com
127.0.0.1   searchdesire.com
127.0.0.1   searchdot.net
127.0.0.1   searchexpander.com
127.0.0.1   searchfastnet.com
127.0.0.1   searchforge.com
127.0.0.1   searching-the-net.com
127.0.0.1   searchmeta.md
127.0.0.1   searchmeta.net
127.0.0.1   searchmeta.ru
127.0.0.1   searchmeta.webhost.ru
127.0.0.1   searchnow.ws
127.0.0.1   searchonfly.com
127.0.0.1   searchv.com
127.0.0.1   searchxl.com
127.0.0.1   searchxp.com
127.0.0.1   sebot.com
127.0.0.1   securenp.org
127.0.0.1   security-warning.biz
127.0.0.1   seehardcore.com
127.0.0.1   seekwell.net
127.0.0.1   selfbookmark.com
127.0.0.1   selfbookmark.info
127.0.0.1   selfbookmark.net
127.0.0.1   s*x.free4p*rno.net
127.0.0.1   s*x-coach.com
127.0.0.1   s*x-festival.com
127.0.0.1   s*x-video-galleries.com
127.0.0.1   s*xgalleries4all.com
127.0.0.1   s*xmoviesnet.com
127.0.0.1   s*xpatriot.net
127.0.0.1   s*xy18.cc
127.0.0.1   s*xycat.adult-host.org
127.0.0.1   sfbayfolkboats.com
127.0.0.1   sgirls.net
127.0.0.1   sharempeg.com
127.0.0.1   shopcards.net
127.0.0.1   shopknights.com
127.0.0.1   sic02.com
127.0.0.1   sintrader.com
127.0.0.1   site1.ru
127.0.0.1   sites-in-web.com
127.0.0.1   sitevictoria.com
127.0.0.1   sixroads.com
127.0.0.1   skakalka.ru
127.0.0.1   slawsearch.com
127.0.0.1   slotch.com
127.0.0.1   smartsumo.com
127.0.0.1   smutarchive.net
127.0.0.1   solongas.com
127.0.0.1   sonomaevents.com
127.0.0.1   spermatrix.com
127.0.0.1   sportbooks-free4you.com
127.0.0.1   spros.com
127.0.0.1   spyass.com
127.0.0.1   spyorgy.net
127.0.0.1   staceyowens.com
127.0.0.1   stacistaxx.com
127.0.0.1   stacystaxx.com
127.0.0.1   start-space.com
127.0.0.1   steamycock.com
127.0.0.1   sterva.com
127.0.0.1   stevecashdollar.com
127.0.0.1   stop-tracking.biz
127.0.0.1   stopvotefraud.com
127.0.0.1   stopxxxpics.com
127.0.0.1   strekoza.com
127.0.0.1   stuffstore.com
127.0.0.1   styleclickink.com
127.0.0.1   summercollins.com
127.0.0.1   summitcross.com
127.0.0.1   super-spider.com
127.0.0.1   super-websearch.com
127.0.0.1   supers*xmachine.com
127.0.0.1   superwebsearch.com
127.0.0.1   supret.com
127.0.0.1   suzannebrecht.com
127.0.0.1   sweeteenz.com
127.0.0.1   tacil.org
127.0.0.1   tangounion.com
127.0.0.1   tastethemusic.com
127.0.0.1   tax-refund4you.com
127.0.0.1   tech-jobs.ws
127.0.0.1   technology-related.com
127.0.0.1   teen-biz.com
127.0.0.1   teen-pic-post.com
127.0.0.1   teenp*rnos*x.com
127.0.0.1   teens4free.net
127.0.0.1   teensact.com
127.0.0.1   teensgate.com
127.0.0.1   teensguru.com
127.0.0.1   teenswamp.com
127.0.0.1   terra.es
127.0.0.1   testosterone-birth-control.com
127.0.0.1   the-exit.com
127.0.0.1   the-huns-yellow-pages.com
127.0.0.1   thefakejournal.com
127.0.0.1   thehuy.net
127.0.0.1   theproxy.org
127.0.0.1   therealsearch.com
127.0.0.1   thesten.com
127.0.0.1   thornleygroup.com
127.0.0.1   tings.org
127.0.0.1   tinybar.com
127.0.0.1   tit-x.com
127.0.0.1   titanvision.com
127.0.0.1   titsianna.com
127.0.0.1   toddhayes.com
127.0.0.1   toon-comics.com
127.0.0.1   tooncomics.com
127.0.0.1   topsearcher.com
127.0.0.1   trafficback.com
127.0.0.1   trafficswitcher.com
127.0.0.1   travel.picture-posters.com
127.0.0.1   true-counter.com
127.0.0.1   true-portal.com
127.0.0.1   trytechnical.com
127.0.0.1   ufindall.click-now.net
127.0.0.1   umaxsearch.com
127.0.0.1   une-autre-france.com
127.0.0.1   unig*ys.com
127.0.0.1   unipages.cc
127.0.0.1   up2you.ru
127.0.0.1   urlstat.com
127.0.0.1   urlstat.ru
127.0.0.1   uralitel.ru
127.0.0.1   ursie.net
127.0.0.1   utahsweet.com
127.0.0.1   utopicportal.com
127.0.0.1   uusocialjustice.org
127.0.0.1   v61.com
127.0.0.1   vaginpics.com
127.0.0.1   valmyers.com
127.0.0.1   vegas-free.com
127.0.0.1   vegbuy.com
127.0.0.1   veloventures.com
127.0.0.1   verzila.com
127.0.0.1   victoriaadam.com
127.0.0.1   videocategories.com
127.0.0.1   vitamins-for-each.com
127.0.0.1   votehowe.org
127.0.0.1   vxebony.com
127.0.0.1   wakeup****.com
127.0.0.1   warnomore.org
127.0.0.1   watersport-specialties.com
127.0.0.1   web-homepage.net
127.0.0.1   web-search.tk
127.0.0.1   webcoolsearch.com
127.0.0.1   websearchdot.com
127.0.0.1   weekend-movies.com
127.0.0.1   wetp*rnostars.com
127.0.0.1   whatsyoursearch.com
127.0.0.1   white-pages.ws
127.0.0.1   whittierblvd.com
127.0.0.1   win-in-casino.com
127.0.0.1   wiresearch.com
127.0.0.1   wolfpacracing.com
127.0.0.1   wordlist.jps.ru
127.0.0.1   wpc2001.org
127.0.0.1   wspzone.s*xp*rnonline.com
127.0.0.1   wwwbet.net
127.0.0.1   wwwbetting.net
127.0.0.1   wwwpokergames.com
127.0.0.1   wwwpokerplayers.com
127.0.0.1   wwwroulette.net
127.0.0.1   x-library.com
127.0.0.1   x-webdesign.com
127.0.0.1   xcomics4u.com
127.0.0.1   xic-bs.com
127.0.0.1   xldr.com
127.0.0.1   xp18.com
127.0.0.1   xrenosearch.com
127.0.0.1   xtrag*y.com
127.0.0.1   xu.xu.pl
127.0.0.1   xxxcategories.com
127.0.0.1   xxxemailxxx.com
127.0.0.1   y-e-l-l-o-w.com
127.0.0.1   yellow500.com
127.0.0.1   yezol.com
127.0.0.1   you-search.com
127.0.0.1   you-search.com.ru
127.0.0.1   youfindall.com
127.0.0.1   youfindall.net
127.0.0.1   your-prescriptions.net
127.0.0.1   yourbookmarks.info
127.0.0.1   yourbookmarks.ws
127.0.0.1   ypir.com
127.0.0.1   ysa-info.net
127.0.0.1   yukohamano.com
127.0.0.1   ywebsearch.info
127.0.0.1   zapros.com
127.0.0.1   zesearch.com
127.0.0.1   ziportal.com
127.0.0.1   zipportal.com
127.0.0.1   zoneoffreep*rn.com
127.0.0.1   zoomegasite.com
127.0.0.1   zvimigdal.com
127.0.0.1   zyban-zocor-levitra.com
127.0.0.1   t.rack.cc
127.0.0.1   omega-search.com
127.0.0.1   cool-xxx.net
127.0.0.1   revolto3.da.ru
127.0.0.1   dating-search.net
127.0.0.1   linksummary.com
127.0.0.1   duolaimi.net
127.0.0.1   ez-searching.com
127.0.0.1   freehqmovies.com
127.0.0.1   xzoomy.com
127.0.0.1   freescratchandwin.com
127.0.0.1   fickenisgeil.de
127.0.0.1   globalwebsearch.com
127.0.0.1   www.gocybersearch.com
127.0.0.1   mayancasino.com
127.0.0.1   www.hastalavista.com
127.0.0.1   www.free-popup-killer.com
127.0.0.1   www.digitalfan.com
127.0.0.1   google123.web1000.com
127.0.0.1   search.ieplugin.com
127.0.0.1   i-lookup.com
127.0.0.1   spidersearch.com
127.0.0.1   istarthere.com
127.0.0.1   xxxtoolbar.com
127.0.0.1   www.seekp*rn.org
127.0.0.1   17-plus.com
127.0.0.1   lolita4all1.xrensmagpost.com
127.0.0.1   mafiapics.com
127.0.0.1   www.teenmonster.com
127.0.0.1   ie.marketdart.com
127.0.0.1   masterbar.com
127.0.0.1   search.netzany.co
127.0.0.1   only-virgins.com
127.0.0.1   passthison.com
127.0.0.1   blondetgp.com
127.0.0.1   prolivation.com
127.0.0.1   server-au.imrworldwide.com
127.0.0.1   roar.com
127.0.0.1   rocketsearch.com
127.0.0.1   searchaccurate.com
127.0.0.1   searchalot.com
127.0.0.1   searchandbrowse.com
127.0.0.1   gtawarehouse.com
127.0.0.1   startium.com
127.0.0.1   searchandclick.com
127.0.0.1   searchby.net
127.0.0.1   searchdot.com
127.0.0.1   search-exe.com
127.0.0.1   secret-crush.com
127.0.0.1   seekseek.com
127.0.0.1   s*xarena.com
127.0.0.1   s*xocean.play-lolita.com
127.0.0.1   startsurfing.com
127.0.0.1   66.197.138.235
127.0.0.1   srng.net
127.0.0.1   apps.webservicehost.com
127.0.0.1   search.shopnav.com
127.0.0.1   wish7.com
127.0.0.1   216.65.3.68
127.0.0.1   www.supers*xpass.com
127.0.0.1   surferbar.com
127.0.0.1   xlola.underagehost.com
127.0.0.1   hotlolitas.underagehost.com
127.0.0.1   loading-lolita.com
127.0.0.1   www.xupiter.com
127.0.0.1   xjupiter.com
127.0.0.1   www.xjupiter.com
127.0.0.1   www.browserwise.com
127.0.0.1   sqwire.com
127.0.0.1   orbitexplorer.com
127.0.0.1   searchcentrix.com
127.0.0.1   categories.mygeek.com
127.0.0.1   web-entrance.co
127.0.0.1   whazit.com
127.0.0.1   windowenhancer.com
127.0.0.1   66.40.16.198
127.0.0.1   zoofil.com
127.0.0.1   terafinder.com
127.0.0.1   buz.ru
127.0.0.1   iwon.com
127.0.0.1   www.bonzi.com
127.0.0.1   featured-results.com
127.0.0.1   searchmadesafe.net
127.0.0.1   quicklaunch.com
127.0.0.1   www.cashsurfers.com
127.0.0.1   lop.com
127.0.0.1   tjdo.com
127.0.0.1   ebav.com
127.0.0.1   ebgo.com
127.0.0.1   ebaw.com
127.0.0.1   ebkb.com
127.0.0.1   ebmu.com
127.0.0.1   ecmp.com
127.0.0.1   edhq.com
127.0.0.1   edty.com
127.0.0.1   sbee.com
127.0.0.1   aavc.com
127.0.0.1   acjp.com
127.0.0.1   ecmh.com
127.0.0.1   emch.com
127.0.0.1   ecpm.com
127.0.0.1   wabu.com
127.0.0.1   wabq.com
127.0.0.1   ebch.com
127.0.0.1   ebdv.com
127.0.0.1   ebdw.com
127.0.0.1   ebjp.com
127.0.0.1   ebkn.com
127.0.0.1   ebky.com
127.0.0.1   eblv.com
127.0.0.1   wbkb.com
127.0.0.1   ebvr.com
127.0.0.1   ecwz.com
127.0.0.1   ecyb.com
127.0.0.1   eduy.com
127.0.0.1   eeev.com
127.0.0.1   farse.com
127.0.0.1   ibmx.com
127.0.0.1   icwb.com
127.0.0.1   icwo.com
127.0.0.1   icwp.com
127.0.0.1   iddh.com
127.0.0.1   idhh.com
127.0.0.1   ifiz.com
127.0.0.1   iguu.com
127.0.0.1   samz.com
127.0.0.1   saoe.com
127.0.0.1   sbjr.com
127.0.0.1   sbnl.com
127.0.0.1   sbnt.com
127.0.0.1   sbvr.com
127.0.0.1   scbm.com
127.0.0.1   sckr.com
127.0.0.1   scrk.com
127.0.0.1   sdry.com
127.0.0.1   seld.com
127.0.0.1   sfux.com
127.0.0.1   sheat.com
127.0.0.1   sipo.com
127.0.0.1   smds.com
127.0.0.1   srib.com
127.0.0.1   srox.com
127.0.0.1   srsf.com
127.0.0.1   ssaw.com
127.0.0.1   ssby.com
127.0.0.1   surj.com
127.0.0.1   tbvg.com
127.0.0.1   tdak.com
127.0.0.1   tdmy.com
127.0.0.1   tefs.com
127.0.0.1   tfil.com
127.0.0.1   H24413.tfil.com
127.0.0.1   tjar.com
127.0.0.1   tjaw.com
127.0.0.1   tjgo.com
127.0.0.1   tjem.com
127.0.0.1   torc.com
127.0.0.1   wfix.com
127.0.0.1   wflu.com
127.0.0.1   tdko.com
127.0.0.1   thko.com
127.0.0.1   germany.rub.to
127.0.0.1   search.rub.to
127.0.0.1   unitedstates.rub.to
127.0.0.1   www.commonname.com
127.0.0.1   www.ezcybersearch.com
127.0.0.1   www.jethomepage.com
127.0.0.1   www.gohip.com
127.0.0.1   hotbar.com
127.0.0.1   www.huntbar.com
127.0.0.1   search.imiserver.com
127.0.0.1   searchenhancement.com
127.0.0.1   newtonknows.com
127.0.0.1   search-explorer.net
127.0.0.1   searchsquire.com
127.0.0.1   secondpower.com
127.0.0.1   2ndpower.com
127.0.0.1   searchgateway.net
127.0.0.1   worldusa.com
127.0.0.1   www.topsearcher.com
127.0.0.1   smutserver.com
127.0.0.1   searchmeup.com
127.0.0.1   cameup.com
127.0.0.1   kliksearch.com
127.0.0.1   realphx.com
127.0.0.1   blazefind.com
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 13, 2019, 12:45:06 AM