I need some help.

Enigma · Post by **Enigma** » 2004-05-20 08:07pm

I am having trouble accessing these two sites (Don't worry, they are safe..
really theye are).

http://gamez.com

http://www.lotgd.com

Can any of you guys access it? All I get is "403 Forbidden" even though I am not banned from those sites.

darthdavid · Post by **darthdavid** » 2004-05-20 08:56pm

I'm using firefox .8 and they show fine. WHat browser you using and do you have spyware protection (espically ie).

Enigma · Post by **Enigma** » 2004-05-20 08:58pm

darthdavid wrote:I'm using firefox .8 and they show fine. WHat browser you using and do you have spyware protection (espically ie).

I am using I.e and not only do I have the "403" it also give me the "404".

I have spybot and adaware. I'll let you know of the results in half hour. (gotta eat).

darthdavid · Post by **darthdavid** » 2004-05-20 09:12pm

Try another browser if that dosen't work then i have a question, are you behind some kind of firewall? If so and your the administrator see if either of these sites is blocked. Also, might have you or anyone else on your ip adress done anything to get your comp blocked from these sites?
*edit: i just checked and it works with IE for me, if you'd like i could also check in opera and my ie 2 though that shouldn't be nessicary.

Enigma · Post by **Enigma** » 2004-05-20 10:08pm

Ok, I ran both spybot and adaware. I ran adaware first and it said that there was something in the registry that's used to redirect websites but I cleared it. I then ran spybot and it came out clean.

I tried going to www.lotgd.com, at first I was able to login but then when I try to play the game I get that "403"&"404" message and I still can't go into the other site.

Here's the log from Hijackthis!:

ogfile of HijackThis v1.97.3
Scan saved at 10:02:05 PM, on 20/05/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\MSSVC16\WINSVC32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\CRUD\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hispeed.rogers.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\VSCSHELLEXTENSION.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\MsSvc16\WinSvc32.exe
O4 - HKCU\..\Run: [RHSI SHS] "C:\Program Files\Rogers Hi-Speed Internet\RHSI SelfHealing\SHS.exe" /background
O4 - Global Startup: WinSvc32.exe
O4 - Global User StartupWinSvc32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - C:\Program Files\NeoTracePro\NTXcontext.htm
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: NeoTrace It! (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.com/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {3734A957-FBD5-4F87-A404-4289C6F3DDFF} (DownloadScanEngine.ctlDSE296315) - http://downloads.rogershelp.com/updates.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 6972685185

Post by **The Wookiee** » 2004-05-21 08:24am

I don't see any bad mojo in there. Maybe your ISP is blocking them.

Chardok · Post by **Chardok** » 2004-05-21 08:32am

Wait til Einy sees your HT log. For some reason, he's able to pick out bad juju with uncanny accuracy. I was redirected when I clicked that link and I'm on my work computer.

(By the way, I was praised by the IT department for introducing them to SSD and Adaware. Every tech in our complex carries copies of both on the mem stick. When someone has a problem accessing the i-net, or getting redirects or whatever, most of the time, its SSD and adaware, run it and *Poof* Problem fixed. I was quick to credit the "Geeky website where my fellow geeks and I discuss geek things" for showing me what they were and what they did. WaMu is pleased with SDN, and I imagine that is why they still allow employees to access it given the prescence of such threads as "Do pets participate when you masturbate" and such timeless quips as "OMFG TEH boobee5!!11!1lol......."

Einhander Sn0m4n · Post by **Einhander Sn0m4n** » 2004-05-21 10:45pm

C:\WINDOWS\SYSTEM\MSSVC16\WINSVC32.EXE <== VIRUS!!!

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE <== Do you use this? Get Mozilla please! (Please)

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime <== Not Necessary
O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\MsSvc16\WinSvc32.exe <== VIRUS!!!
O4 - Global Startup: WinSvc32.exe <== VIRUS!!!
O4 - Global User StartupWinSvc32.exe <== VIRUS!!!
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present <== KILL!
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <== KILL!
O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.com/ <== Oh that's chintzy. Resetting default to rogers.com. Oif! Kill it please
O16 - DPF: {3734A957-FBD5-4F87-A404-4289C6F3DDFF} (DownloadScanEngine.ctlDSE296315) - http://downloads.rogershelp.com/updates.cab <== Try removing this. I got bad juju about it...
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx <== Kill this motherfucker and Get Mozilla Please

You have a
virus. Dump the ineffectual McAfee piece of shit and please download AVG Antivirus.

Enigma · Post by **Enigma** » 2004-05-21 11:36pm

Einhander Sn0m4n wrote:C:\WINDOWS\SYSTEM\MSSVC16\WINSVC32.EXE <== VIRUS!!!

Took it out.

C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE <== Do you use this? Get Mozilla please! (Please)

I have no problems with OE. I'll change it when it gives me headaches.

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime <== Not Necessary

Took it out.

O4 - HKLM\..\RunServices: [WinSvc32.exe] C:\WINDOWS\SYSTEM\MsSvc16\WinSvc32.exe <== VIRUS!!!

Took it out.

O4 - Global Startup: WinSvc32.exe <== VIRUS!!!

I'm unable to get rid of it. Hijack is unable to delete it and I don't know how to manually delete it.

O4 - Global User StartupWinSvc32.exe <== VIRUS!!!

Same as previous.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present <== KILL!

Done.

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present <== KILL!

Done.

O14 - IERESET.INF: START_PAGE_URL=http://www.hispeed.rogers.com/ <== Oh that's chintzy. Resetting default to rogers.com. Oif! Kill it please

I don't mind it.

O16 - DPF: {3734A957-FBD5-4F87-A404-4289C6F3DDFF} (DownloadScanEngine.ctlDSE296315) - http://downloads.rogershelp.com/updates.cab <== Try removing this. I got bad juju about it...

I'm holding on to it since it is part of Roger's self-healing program. Should there be something wrong with OE, IE, or the connection settings the SH program fixes it. So far it has done nothing but good things.

O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx <== Kill this motherfucker and Get Mozilla Please

I need that program to listen to my favourite radio station on the 'net.

You have a
virus. Dump the ineffectual McAfee piece of shit and please download AVG Antivirus.

I'll do that tommorrow. Thanks. If I can get rid of the winsvc global startup then I'll see if it can clear up the forbidden problem.[/quote]

Einhander Sn0m4n · Post by **Einhander Sn0m4n** » 2004-05-21 11:42pm

Oh ok. Get AVG to kill the virus. Everything's okay that you said you wanted to keep, but consider replacing OE with something that can't get you infected just by perusing your email with.

The surferplugin stuff I've heard getting installed without permission on people's comps. If you installed it voluntarily and want to keep it, kool.

EDIT: Look for a HOSTS file (use the search function) somewhere in your %WINDIR%. Please post its entire contents here.

Enigma · Post by **Enigma** » 2004-05-21 11:54pm

Einhander Sn0m4n wrote:Oh ok. Get AVG to kill the virus. Everything's okay that you said you wanted to keep, but consider replacing OE with something that can't get you infected just by perusing your email with.

The surferplugin stuff I've heard getting installed without permission on people's comps. If you installed it voluntarily and want to keep it, kool.

EDIT: Look for a HOSTS file (use the search function) somewhere in your %WINDIR%. Please post its entire contents here.

Here it is.

#BEGIN of KL Supertrick (September 24th 2003)
127.0.0.1 localhost
# Kazaa related:
127.0.0.1 desktop.kazaa.com
127.0.0.1 www.altnetp2p.com
127.0.0.1 alpha.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 www.b3d.com
127.0.0.1 media.altnet.com
127.0.0.1 www.altnet.com
127.0.0.1 dev.bde.com.au
127.0.0.1 update.kazaa.com
127.0.0.1 bravo.kazaa.com
127.0.0.1 puma.kazaa.com
# Websites involded in Kazaa Lite or other P2P related scams:
127.0.0.1 www.kazaagold.com
127.0.0.1 www.kazaa-gold.com
127.0.0.1 kazaagold.com
127.0.0.1 www.k-lite.com
127.0.0.1 www.kazaa-download.de
127.0.0.1 www.mp3downloadhq.com
127.0.0.1 www.easymusicdownload.com
127.0.0.1 easymusicdownload.com
127.0.0.1 www.mp3madeeasy.com
127.0.0.1 www.monstershare.com
127.0.0.1 monstershare.com
127.0.0.1 www.kazaa-plus.net
127.0.0.1 kazaa-plus.net
127.0.0.1 www.kazaa-plus.com
127.0.0.1 www.edonkey.com
127.0.0.1 www.kazaa-file-sharing-downloads.com
127.0.0.1 www.kazaaplatinum.com
127.0.0.1 www.madeformusic.com
127.0.0.1 www.ikazaa.net
127.0.0.1 ikazaa.net
127.0.0.1 www.mp3u.com
127.0.0.1 www.mp3specialty.com
127.0.0.1 music-download-world.com
127.0.0.1 song-download-world.com
127.0.0.1 www.flixs.net
127.0.0.1 www.ishareit.net
127.0.0.1 www.ishareit.com
127.0.0.1 www.download-doctor.com
127.0.0.1 www.ezmp3download.com
127.0.0.1 www.kazaamedia.com
127.0.0.1 mp3-network.com
127.0.0.1 www.mp3-network.com
127.0.0.1 www.mp3grandcentral.net
127.0.0.1 www.mp333.com
127.0.0.1 www.kazaamate.com
127.0.0.1 www.emule.biz
127.0.0.1 www.kazaam8.tk
127.0.0.1 www.rippro.com
127.0.0.1 www.kaaza.com
127.0.0.1 secure.webstartz.com
127.0.0.1 www.kazaalite.de
127.0.0.1 www.kazza.de
127.0.0.1 kazza.com
127.0.0.1 www.kazaalite.at
127.0.0.1 www.kazaalite.ch
127.0.0.1 www.kazaa-hilfe.de
127.0.0.1 www.edonkey-2000.de
127.0.0.1 www.edonkey-bot.de
127.0.0.1 www.edonkey-edonkey2000.de
127.0.0.1 www.edonkey-hilfe.de
127.0.0.1 www.edonkey-morpheus-forum.de
127.0.0.1 www.emule-hilfe.de
127.0.0.1 www.file-sharing-forum.de
127.0.0.1 www.filesharing-forum.de
127.0.0.1 www.imesh-download.de
127.0.0.1 www.kazaa-kaza.de
127.0.0.1 www.kazaa-lite.info
127.0.0.1 www.kazaa-lite-download.de
127.0.0.1 www.1md.de
127.0.0.1 www.mariodolzer.de
127.0.0.1 www.morpheus-forum.de
127.0.0.1 www.overnet-download.de
127.0.0.1 www.overnet-hilfe.de
127.0.0.1 www.winmx-download.de
127.0.0.1 www.winmx-hilfe.de
127.0.0.1 www.download-und-hilfe.de
127.0.0.1 www.filesharing-hilfe-forum.de
127.0.0.1 www.musik-download.biz
127.0.0.1 www.mp3downloads.ch
127.0.0.1 www.songfly.com
127.0.0.1 www.kazaa.nl
127.0.0.1 1stsoftwaredownloads.com
127.0.0.1 morpheus-download-morpheus.com
127.0.0.1 www.icisnet.org
127.0.0.1 software.global-netcom.de
127.0.0.1 www.filesharing-download.de
127.0.0.1 www.p2p.tm
127.0.0.1 www.filesharing-center.de
127.0.0.1 www.filesharing-tools.de
127.0.0.1 kazaa-download-kazaa.com
127.0.0.1 www.interscilsa.com
127.0.0.1 www.dvd-download-free.com
127.0.0.1 www.howtominibooks.com
127.0.0.1 www.internetmovies.com
127.0.0.1 www.rippro.net
127.0.0.1 www.musicmoviesbooks.com
127.0.0.1 www.kazaalite.org
127.0.0.1 www.getmp3music.com
127.0.0.1 www1.ishareit.com
127.0.0.1 www.filesharing-software.de
127.0.0.1 www.firewarez.com
127.0.0.1 www.k-lite.co.uk
127.0.0.1 kazzaa.info
127.0.0.1 www.morpheusp2p.com
127.0.0.1 www.mudima.com
127.0.0.1 www.download-central.com
127.0.0.1 kazaaplatinum.com
127.0.0.1 www.dingosoft.net
127.0.0.1 www.kazaa-advance.com
127.0.0.1 www.downloads-unlimited.com
127.0.0.1 klserver.port5.com
127.0.0.1 rippro.net
127.0.0.1 www.findkazaalite.com
127.0.0.1 www.freegoldkazaa.com
127.0.0.1 www.freekazaalite.com
127.0.0.1 www.kazaalitekpp.com
127.0.0.1 kazaa.filez.ws
127.0.0.1 www.kazaalite-download.com
# Adservers and other crappy sites
127.0.0.1 www.every.biz
127.0.0.1 123banners.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.es.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.free6.com
127.0.0.1 ad.it.doubleclick.net
127.0.0.1 ad.iwin.com
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.kr.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.trafficmp.com
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 ad1.adcept.net
127.0.0.1 ad1.icorp.net
127.0.0.1 ad1.looksmart.com
127.0.0.1 ad1.peel.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ad2.looksmart.com
127.0.0.1 ad2.peel.com
127.0.0.1 ad3.adcept.net
127.0.0.1 ad3.peel.com
127.0.0.1 ad4.peel.com
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 addb.looksmart.com
127.0.0.1 adevents.msn.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimage.blm.net
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimages.go.com
127.0.0.1 adimages.imaginemedia.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 admonitor.net
127.0.0.1 adpick.switchboard.com
127.0.0.1 adproject.net
127.0.0.1 adremote.pathfinder.com
127.0.0.1 adres.internet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.admonitor.net
127.0.0.1 ads.adroar.com
127.0.0.1 ads.astalavista.us
127.0.0.1 ads.bfast.com
127.0.0.1 ads.box.sk
127.0.0.1 ads.burstnet.com
127.0.0.1 ads.cdfreaks.com
127.0.0.1 ads.chrbanner.com
127.0.0.1 ads.clickagents.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.datais.com
127.0.0.1 ads.enliven.com
127.0.0.1 ads.eu.msn.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 ads.fortunecity.fr
127.0.0.1 ads.freeze.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i12.de
127.0.0.1 ads.i33.com
127.0.0.1 ads.ign.com
127.0.0.1 ads.imaginemedia.com
127.0.0.1 ads.indya.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.irover.com
127.0.0.1 ads.ixo.com
127.0.0.1 ads.jpost.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.killerapp.com
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.linksponsor.com
127.0.0.1 ads.looksmart.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.lycos.de
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads.msn.com
127.0.0.1 ads.musiccity.com
127.0.0.1 ads.netomia.com
127.0.0.1 ads.netpumper.com
127.0.0.1 ads.newcity.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.rediff.com
127.0.0.1 ads.satyamonline.com
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.startpath.com
127.0.0.1 ads.station.sony.com
127.0.0.1 ads.tiscali.fr
127.0.0.1 ads.tripod.com
127.0.0.1 ads.tucows.com
127.0.0.1 ads.vcommunities.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads07.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ads1.speedbit.com
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.speedbit.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.speedbit.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads4.speedbit.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 ads5.speedbit.com
127.0.0.1 ads6.speedbit.com
127.0.0.1 ads7.speedbit.com
127.0.0.1 ads8.speedbit.com
127.0.0.1 adserv.bravenet.com
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.adtech.de
127.0.0.1 adserver.affiliation.com
127.0.0.1 adserver.akqa.net
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.directforce.net
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.gorillanation.com
127.0.0.1 adserver.humanux.com
127.0.0.1 adserver.imaginemedia.com
127.0.0.1 adserver.isonews.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.lunarpages.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver.tweakers.net
127.0.0.1 adserver.ugo.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adserver2.imaginemedia.com
127.0.0.1 adsubstract
127.0.0.1 ads-ussj1.focalink.com
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 adulttds.com
127.0.0.1 aglink.mircx.com
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 asm3.z1.adserver.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 bach.aureate.com
127.0.0.1 badservant.guj.de
127.0.0.1 banner.50megs.com
127.0.0.1 banner.adverity.com
127.0.0.1 banner.commissionpartner.com
127.0.0.1 banner.de
127.0.0.1 banner.easyspace.com
127.0.0.1 banner.free6.com
127.0.0.1 banner.i-3.de
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 bannerad.ipgnet.com
127.0.0.1 bannerads.de
127.0.0.1 bannerfarm.ace.advertising.com
127.0.0.1 bannerimages.0catch.com
127.0.0.1 bannermaster.geektech.com
127.0.0.1 banner-net.com
127.0.0.1 bannerpower.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 banners.easydns.com
127.0.0.1 banners.free6.com
127.0.0.1 banners.hotlinks.net
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.nextcard.com
127.0.0.1 banners.pennyweb.com
127.0.0.1 banners.valuead.com
127.0.0.1 banners.webmasterplan.com
127.0.0.1 banners.wunderground.com
127.0.0.1 bannervip.webjump.com
127.0.0.1 banzai.moodlogic.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseen.com
127.0.0.1 beseen.looksmart.com
127.0.0.1 beseen5.looksmart.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 beseenad1.looksmart.com
127.0.0.1 beseenad2.looksmart.com
127.0.0.1 beseenad3.looksmart.com
127.0.0.1 beseenadx.looksmart.com
127.0.0.1 bfast.com
127.0.0.1 bins.lop.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 botw.topbucks.com
127.0.0.1 bsads.looksmart.com
127.0.0.1 by.advertising.com
127.0.0.1 c1.thecounter.com
127.0.0.1 c2.thecounter.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cash4banner.com
127.0.0.1 cash4banner.de
127.0.0.1 cds.mediaplex.com
127.0.0.1 cgi.sexlist.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 clickagents.com
127.0.0.1 clicks.about.com
127.0.0.1 clicks.nastydollars.com
127.0.0.1 clicks.oxcash.com
127.0.0.1 clit5.sextracker.com
127.0.0.1 code02.pbtech.net
127.0.0.1 commonwealth.riddler.com
127.0.0.1 connect.online-dialer.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 counter1.sextracker.com
127.0.0.1 counter10.sextracker.com
127.0.0.1 counter11.sextracker.com
127.0.0.1 counter12.sextracker.com
127.0.0.1 counter13.sextracker.com
127.0.0.1 counter14.sextracker.com
127.0.0.1 counter15.sextracker.com
127.0.0.1 counter16.sextracker.com
127.0.0.1 counter2.sextracker.com
127.0.0.1 counter3.sextracker.com
127.0.0.1 counter4.sextracker.com
127.0.0.1 counter5.sextracker.com
127.0.0.1 counter6.sextracker.com
127.0.0.1 counter7.sextracker.com
127.0.0.1 counter8.sextracker.com
127.0.0.1 counter9.sextracker.com
127.0.0.1 crs.akamai.com
127.0.0.1 crux.songline.com
127.0.0.1 ct.iac-online.de
127.0.0.1 de.netstatpro.net
127.0.0.1 desktop.grokster.com
127.0.0.1 dialer.offshoreclicks.com
127.0.0.1 doubleclick.net
127.0.0.1 download1.0190-dialer.com
127.0.0.1 download1.libereco.net
127.0.0.1 download2.0190-dialer.com
127.0.0.1 econnect.libereco.net
127.0.0.1 ehg.hitbox.com
127.0.0.1 ehg-commjun.hitbox.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 everyone.net
127.0.0.1 exchange-it.com
127.0.0.1 exitfuel.com
127.0.0.1 exitmoney.com
127.0.0.1 fast.mediacharger.com
127.0.0.1 focalink.com
127.0.0.1 fp.valueclick.com
127.0.0.1 fragmentserv.iac-online.de
127.0.0.1 free.fuck-portal.com
127.0.0.1 freeadultlottery.com
127.0.0.1 freeasiahardcore.com
127.0.0.1 freebieclub.com
127.0.0.1 freebigcocks.net
127.0.0.1 freecelebnudity.com
127.0.0.1 freefarmpics.com
127.0.0.1 freegaybears.net
127.0.0.1 freegaylottery.com
127.0.0.1 freenaughtyteens.com
127.0.0.1 freepass.elitecities.com
127.0.0.1 fs.dai.net
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 global.msads.net
127.0.0.1 gm.preferences.com
127.0.0.1 go.ezgreen.com
127.0.0.1 got2goshop.com
127.0.0.1 goto.trafficmultiplier.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hacker-spider.de
127.0.0.1 hc2.humanclick.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 hit.hotlog.ru
127.0.0.1 hitbox.com
127.0.0.1 hitmatic.com
127.0.0.1 hitsfrom.popuprush.com
127.0.0.1 hotfreewebcams.com
127.0.0.1 hypercount.com
127.0.0.1 ifcol.exitfuel.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images.sexlist.com
127.0.0.1 images2.nytimes.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 img.lop.com
127.0.0.1 img.mediaplex.com
127.0.0.1 impnl.tradedoubler.com
127.0.0.1 internetfuel.com
127.0.0.1 itn.adbureau.net
127.0.0.1 jcms.cydoor.com
127.0.0.1 jeeves.flycast.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 linkbuddies.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 liveadvert.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 looksmartclicks.com
127.0.0.1 lop.com
127.0.0.1 lsads.looksmart.com.au
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 marketing-internet.com
127.0.0.1 maxexp.com
127.0.0.1 maximumcash.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.carpediem.fr
127.0.0.1 media.expedia.com
127.0.0.1 media.fastclick.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 media.preferences.com
127.0.0.1 media20.fastclick.net
127.0.0.1 mediacharger.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 mediaplex.com
127.0.0.1 megacash.de
127.0.0.1 megawebcams.tv
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 millenium-hitz.com
127.0.0.1 mjxads.internet.com
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 monitor.looksmart.com
127.0.0.1 monsterhitz.to
127.0.0.1 musiccity.streamcastnetwork.com
127.0.0.1 n24.de
127.0.0.1 nbc.adbureau.net
127.0.0.1 network.realmedia.com
127.0.0.1 newads.cmpnet.com
127.0.0.1 newsticker.shortnews.de
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nitrous.exitfuel.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 oad.realmedia.com
127.0.0.1 oas.benchmark.fr
127.0.0.1 onresponse.com
127.0.0.1 oz.valueclick.com
127.0.0.1 p.wtlive.com
127.0.0.1 paycounter.com
127.0.0.1 ph-ad04.focalink.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 php.offshoreclicks.com
127.0.0.1 pluto.beseen.com
127.0.0.1 pop.mircx.com
127.0.0.1 popup.found404.com
127.0.0.1 porn-attack.com
127.0.0.1 portal.hostultra.com
127.0.0.1 proxy.ladot.com
127.0.0.1 pub.epiknet.org
127.0.0.1 pub.infiniland.com
127.0.0.1 pub.ketix.com
127.0.0.1 pub.telmedia.fr
127.0.0.1 pub.weborama.fr
127.0.0.1 publish.hometown.aol.co.uk
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 redirect.iac-online.de
127.0.0.1 regio.adlink.de
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 rmads.eu.msn.com
127.0.0.1 rs.webmasterplan.com
127.0.0.1 s0.bluestreak.com
127.0.0.1 s1.bluestreak.com
127.0.0.1 s2.bluestreak.com
127.0.0.1 s2.focalink.com
127.0.0.1 s3.bluestreak.com
127.0.0.1 s4.bluestreak.com
127.0.0.1 s5.bluestreak.com
127.0.0.1 s6.bluestreak.com
127.0.0.1 s7.bluestreak.com
127.0.0.1 s8.bluestreak.com
127.0.0.1 sbee.com
127.0.0.1 script.weborama.fr
127.0.0.1 search.kazaa.com
127.0.0.1 secserv.imgis.com
127.0.0.1 servedby.advertising.com
127.0.0.1 servedby.advertwizard.com
127.0.0.1 server.hamster.com
127.0.0.1 server-uk.imrworldwide.com
127.0.0.1 sexpromote.com
127.0.0.1 sextracker.com
127.0.0.1 sh4banner.de
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 shop.freepush.com
127.0.0.1 shortwin.de
127.0.0.1 specialoffers.aol.com
127.0.0.1 spezialreporte.de
127.0.0.1 spin.spinbox.net
127.0.0.1 sprinks-clicks.about.com
127.0.0.1 spylog.com
127.0.0.1 srv1.bannercommunity.de
127.0.0.1 srv2.bannercommunity.de
127.0.0.1 srv3.bannercommunity.de
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 stats3.porntrack.com
127.0.0.1 statse.webtrendslive.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 survey.proactive.nl
127.0.0.1 sview.avenuea.com
127.0.0.1 t0.extreme-dm.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tour01.bangbus.com
127.0.0.1 tpl1.realtracker.com
127.0.0.1 tracker.clicktrade.com
127.0.0.1 trinityacquisitions.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 tuerck.de.counted.com
127.0.0.1 twistedhumor.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 uk1.linksynergy.com
127.0.0.1 uk2.linksynergy.com
127.0.0.1 uk3.linksynergy.com
127.0.0.1 uk4.linksynergy.com
127.0.0.1 uk5.linksynergy.com
127.0.0.1 us.adserver.yahoo.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 valueclick.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 vant.guj.de
127.0.0.1 venus.goclick.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 vis1.sexlist.com
127.0.0.1 vis2.sexlist.com
127.0.0.1 vis3.sexlist.com
127.0.0.1 vis4.sexlist.com
127.0.0.1 vis5.sexlist.com
127.0.0.1 visit.referralware.com
127.0.0.1 visite.weborama.fr
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 w0.extreme-dm.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w117.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 weblist.de
127.0.0.1 webpdp.gator.com
127.0.0.1 webxprod.qualcomm.com
127.0.0.1 www.0190-dialer.com
127.0.0.1 www.12traffic.de
127.0.0.1 www.1for1.com
127.0.0.1 www.3turtles.com
127.0.0.1 www.404errorpage.com
127.0.0.1 www.7adpower.com
127.0.0.1 www.7host.com
127.0.0.1 www.activeannonce.com
127.0.0.1 www.adbucks.com
127.0.0.1 www.adexit.com
127.0.0.1 www.adexit.de
127.0.0.1 www.adforce.com
127.0.0.1 www.admex.com
127.0.0.1 www.adnetz.net
127.0.0.1 www.adserver.com
127.0.0.1 www.adserver.net
127.0.0.1 www.adsmart.com
127.0.0.1 www.adsmart.net
127.0.0.1 www.adultbizvoice.com
127.0.0.1 www.adultclicks.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.adverity.com
127.0.0.1 www.adverlead.com
127.0.0.1 www.adverline.com
127.0.0.1 www.adverline.fr
127.0.0.1 www.advertising.com
127.0.0.1 www.advertwizard.com
127.0.0.1 www.adviews-sponsor.de
127.0.0.1 www.alexchiu.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.allclicks.com
127.0.0.1 www.amateur-galleries.com
127.0.0.1 www.amazingpops.com
127.0.0.1 www.at-nude-teens.net
127.0.0.1 www.bannerads.de
127.0.0.1 www.beseen.com
127.0.0.1 www.bfast.com
127.0.0.1 www.boonsolutions.com
127.0.0.1 www.brutalextreme.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.cash1x1.de
127.0.0.1 www.cash2002.de
127.0.0.1 www.cash4banner.com
127.0.0.1 www.cash4banner.de
127.0.0.1 www.cashcount.com
127.0.0.1 www.cashfiesta.com
127.0.0.1 www.cashradio.com
127.0.0.1 www.cashsurfers.com
127.0.0.1 www.casinoglamour.com
127.0.0.1 www.cellularphones.com
127.0.0.1 www.cibleclick.com
127.0.0.1 www.cj.com
127.0.0.1 www.click2sexy.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.clickxchange.com
127.0.0.1 www.clictrafic.com
127.0.0.1 www.coinpromo.com
127.0.0.1 www.cometcursor.com
127.0.0.1 www.cometsystems.net
127.0.0.1 www.commission-junction.com
127.0.0.1 www.cr4.com
127.0.0.1 www.crazypopups.com
127.0.0.1 www.crxwarez.net
127.0.0.1 www.cydoor.com
127.0.0.1 www.daz.com
127.0.0.1 www.dgm2.com
127.0.0.1 www.directvalue.nl
127.0.0.1 www.drawnsex.com
127.0.0.1 www.eads.com
127.0.0.1 www.e-bannerx.com
127.0.0.1 www.eclic.net
127.0.0.1 www.fastclick.net
127.0.0.1 www.fastmetasearch.com
127.0.0.1 www.flycast.co.uk
127.0.0.1 www.flycast.com
127.0.0.1 www.found404.com
127.0.0.1 www.fpctraffic.com
127.0.0.1 www.freeadultlottery.com
127.0.0.1 www.freeasiahardcore.com
127.0.0.1 www.free-banners.com
127.0.0.1 www.freebigcocks.net
127.0.0.1 www.freecelebnudity.com
127.0.0.1 www.freefarmpics.com
127.0.0.1 www.freegaybears.net
127.0.0.1 www.freegaylottery.com
127.0.0.1 www.freenaughtyteens.com
127.0.0.1 www.freestats.com
127.0.0.1 www.frontpagecash.com
127.0.0.1 www.fuck-portal.com
127.0.0.1 www.gamingclub.com
127.0.0.1 www.gator.co.uk
127.0.0.1 www.gator.com
127.0.0.1 www.gator.net
127.0.0.1 www.genhit.com
127.0.0.1 www.getsearches.com
127.0.0.1 www.gopopup.com
127.0.0.1 www.greetingwishes.com
127.0.0.1 www.grokster.com
127.0.0.1 www.hardcorepornos.org
127.0.0.1 www.hightrafficads.com
127.0.0.1 www.hit-parade.com
127.0.0.1 www.hitsme.com
127.0.0.1 www.hotfreewebcams.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.lastconsole.com
127.0.0.1 www.linkshare.com
127.0.0.1 www.liveadvert.com
127.0.0.1 www.lo-litas.com
127.0.0.1 www.looksmartclicks.com
127.0.0.1 www.lop.com
127.0.0.1 www.lottoforever.com
127.0.0.1 www.mediaplex.com
127.0.0.1 www.megacash.de
127.0.0.1 www.megawebcams.tv
127.0.0.1 www.milfhunter.com
127.0.0.1 www.modchip.com
127.0.0.1 www.mod-chip.com
127.0.0.1 www.money4exit.de
127.0.0.1 www.my-stats.com
127.0.0.1 www.netbroadcaster.com
127.0.0.1 www.netflip.com
127.0.0.1 www.netgravity.com
127.0.0.1 www.newtopsites.com
127.0.0.1 www.nic.co.il
127.0.0.1 www.nudelinkz.com
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.onresponse.com
127.0.0.1 www.paidpopup.de
127.0.0.1 www.piratos.de
127.0.0.1 www.popdown.de
127.0.0.1 www.popupad.net
127.0.0.1 www.popuptraffic.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.prepaidliving.com
127.0.0.1 www.qksrv.net
127.0.0.1 www.qualityhitz.com
127.0.0.1 www.qualypromos.com
127.0.0.1 www.radiate.com
127.0.0.1 www.radiofreecash.com
127.0.0.1 www.rankyou.com
127.0.0.1 www.reference-sexe.com
127.0.0.1 www.sbee.com
127.0.0.1 www.sbvr.com
127.0.0.1 www.searchtraffic.com
127.0.0.1 www.service-url.de
127.0.0.1 www.sexfranco.com
127.0.0.1 www.sexfreelist.com
127.0.0.1 www.sexlist.com
127.0.0.1 www.sexpromote.com
127.0.0.1 www.sexspy.com
127.0.0.1 www.sexstudio24.de
127.0.0.1 www.sextracker.com
127.0.0.1 www.sextraffic.org
127.0.0.1 www.sexyfreehost.com
127.0.0.1 www.sexyplugin.com
127.0.0.1 www.simplecounter.net
127.0.0.1 www.slutzoo.com
127.0.0.1 www.sonixwarez.com
127.0.0.1 www.sponsor2002.de
127.0.0.1 www.targetshop.com
127.0.0.1 www.techiwarehouse.com
127.0.0.1 www.teknosurf.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.theadultwire.com
127.0.0.1 www.topwarez-fr.com
127.0.0.1 www.toys-galleries.com
127.0.0.1 www.trafficbox.net
127.0.0.1 www.trafficmonetizer.com
127.0.0.1 www.unionwarez.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.valuesponsor.com
127.0.0.1 www.warez33.com
127.0.0.1 www.warezfield.com
127.0.0.1 www.web3000.co.uk
127.0.0.1 www.web3000.com
127.0.0.1 www.webads.nl
127.0.0.1 www.webferret.com
127.0.0.1 www.webhancer.com
127.0.0.1 www.webhancer.net
127.0.0.1 www.weblist.de
127.0.0.1 www.websitefinancing.com
127.0.0.1 www.wedoo.com
127.0.0.1 www.win24.de
127.0.0.1 www.wingowin.com
127.0.0.1 www.wtlive.com
127.0.0.1 www.xiti.com
127.0.0.1 www.xpostx.com
127.0.0.1 www.xxxdisplay.com
127.0.0.1 www.xxxfreeamateurs.com
127.0.0.1 www.xxxteenclub.de
127.0.0.1 www.youmakemoney.com
127.0.0.1 www.zeloop.net
127.0.0.1 www2.burstnet.com
127.0.0.1 www2.consumercreditusa.com
127.0.0.1 www3.netgravity.com
127.0.0.1 www4.netgravity.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 xads.infospace.com
127.0.0.1 xads.zedo.com
127.0.0.1 xxxfreeamateurs.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 zac.netgravity.com
127.0.0.1 img.thebugs.ws
127.0.0.1 pet.thebugs.ws
127.0.0.1 mt45.mtree.com
127.0.0.1 www.porncow.com
127.0.0.1 download.alexa.com
127.0.0.1 count.exit.exchange.com
127.0.0.1 www.classmates.com
127.0.0.1 bidclix.net
127.0.0.1 www.media-ads.org
127.0.0.1 www.aitsafe.com
127.0.0.1 service.bfast.com
127.0.0.1 spweb.whenu.com
127.0.0.1 www.getweathercast.com
127.0.0.1 www.clock-sync.com
127.0.0.1 secure.goodthinxx.com
127.0.0.1 port.goodthinxx.com
127.0.0.1 chochux.offshoreclicks.com
127.0.0.1 go.offshoreclicks.com
127.0.0.1 click.atdmt.com
127.0.0.1 dropcharge.stardialer.de
127.0.0.1 download.stardialer.de
127.0.0.1 www.outwar.com
127.0.0.1 outwar.com
127.0.0.1 www.pornstarguru.com
127.0.0.1 www.popstarwar.com
127.0.0.1 www.monsterwar.net
127.0.0.1 www.gangsterwar.com
127.0.0.1 srch.lop.com
127.0.0.1 clickcash.webpower.com
127.0.0.1 install.serviceurl.de
127.0.0.1 aim1.radiate.com
127.0.0.1 aim2.radiate.com
127.0.0.1 aim3.radiate.com
127.0.0.1 www.flyswat.com
127.0.0.1 www.flyswat.net
127.0.0.1 www.flyswat.org
127.0.0.1 www.flyswat.co.uk
127.0.0.1 www.cometsystems.com
127.0.0.1 www.cometzone.com
127.0.0.1 www.livecursors.com
127.0.0.1 aim1.adsoftware.com
127.0.0.1 aim2.adsoftware.com
127.0.0.1 aim3.adsoftware.com
127.0.0.1 aim4.adsoftware.com
127.0.0.1 aim5.adsoftware.com
127.0.0.1 www.conducent.com
127.0.0.1 www.conducent.co.uk
127.0.0.1 www.mathlogic.com
127.0.0.1 www.adsoftware.com
127.0.0.1 www.gohip.com
127.0.0.1 www.lolitafree.de
127.0.0.1 www.exitblaze.com
127.0.0.1 hop.clickbank.net
127.0.0.1 www.w3exit.com
127.0.0.1 ads.flabber.nl
127.0.0.1 servlets.kliks.nl
127.0.0.1 affiliates.kliks.nl
127.0.0.1 ads.revenue.net
127.0.0.1 pops.freeze.com
127.0.0.1 adlog.com.com
127.0.0.1 ads.techtv.com
127.0.0.1 ads.tripod.lycos.co.uk
127.0.0.1 adserv.happypuppy.com
127.0.0.1 ads.ipowerweb.com
127.0.0.1 www.hitboss.com
127.0.0.1 dbbsrv.com
127.0.0.1 download.globaldialer.net
127.0.0.1 www.passthison.com
127.0.0.1 tafmaster.com
127.0.0.1 www.xtra.fm
127.0.0.1 www.mp3bank.nl
127.0.0.1 www.paypopup.com
#END of KL Supertrick (September 24th 2003)

Enigma · Post by **Enigma** » 2004-05-22 12:14am

Ahhhh... I still can't get rid of winsvc from the global startup.

EDIT: I've finally managed to get rid of winsvc32.exe with the help of procview. But my original problem of not being able to access the two sites is still there.

Crayz9000 · Post by **Crayz9000** » 2004-05-22 04:27am

You probably have a Klez variant... I think. Sophos calls it Sdbot-O.

Anyway, Symantec has a removal tool available for Klez variants. Give it a shot.

And if it is Klez, then you got it thanks to Outhouse Express. DUMP THAT. I don't care why you use it. DUMP IT.

admiral_danielsben · Post by **admiral_danielsben** » 2004-05-22 07:06am

Enigma wrote:

O4 - Global Startup: WinSvc32.exe <== VIRUS!!!
I'm unable to get rid of it. Hijack is unable to delete it and I don't know how to manually delete it.
O4 - Global User StartupWinSvc32.exe <== VIRUS!!!
Same as previous.

Try opening command prompt or DOS prompt, going to the relevant directory, and going DEL <insert filename here> . If you have a UNIX-based system such as Linux or Max OS X, open a command-line shell (such as bash or tc - or if you're not using OS X, just quit X-Windows) and type rm <insert filename here>. if neither work, you'll have to look at and change the file's attributes - look at your manual or go online to find the proper commands, I don't know it beyond using ATTRIB for DOS or Windows.

I remember a long time ago encountering a pretty good free anti-virus program called F-PROT. Anyone know what happened to it? I think it was from Iceland or something.

Enigma · Post by **Enigma** » 2004-05-22 08:49am

Crayz9000 wrote:You probably have a Klez variant... I think. Sophos calls it Sdbot-O.

Anyway, Symantec has a removal tool available for Klez variants. Give it a shot.

And if it is Klez, then you got it thanks to Outhouse Express. DUMP THAT. I don't care why you use it. DUMP IT.

No klez or it's variants. And I still can't access those sites.

Enigma · Post by **Enigma** » 2004-05-22 08:51am

admiral_danielsben wrote:
Enigma wrote:
snip
Try opening command prompt or DOS prompt, going to the relevant directory, and going DEL <insert filename here> . If you have a UNIX-based system such as Linux or Max OS X, open a command-line shell (such as bash or tc - or if you're not using OS X, just quit X-Windows) and type rm <insert filename here>. if neither work, you'll have to look at and change the file's attributes - look at your manual or go online to find the proper commands, I don't know it beyond using ATTRIB for DOS or Windows.

I remember a long time ago encountering a pretty good free anti-virus program called F-PROT. Anyone know what happened to it? I think it was from Iceland or something.

Nevermind. I fixed it by using ProcView. But I still can't access those sites.

Einhander Sn0m4n · Post by **Einhander Sn0m4n** » 2004-05-24 07:37pm

Enigma wrote:
Einhander Sn0m4n wrote:Oh ok. Get AVG to kill the virus. Everything's okay that you said you wanted to keep, but consider replacing OE with something that can't get you infected just by perusing your email with.

The surferplugin stuff I've heard getting installed without permission on people's comps. If you installed it voluntarily and want to keep it, kool.

EDIT: Look for a HOSTS file (use the search function) somewhere in your %WINDIR%. Please post its entire contents here.

Here it is.

Snip

Nothing there that interferes with my connectivity with gamez.com or lotgd.com, verified by importing your HOSTS file into mine, then ctrl-F5 on both. Do you have AVG installed yet?

Ein, you know better than to quote huge chunks like that. Furthermore, the post formerlly after this one by you was unneccessary spam and was deleted. -- Phong

Crayz9000 · Post by **Crayz9000** » 2004-05-24 08:50pm

Enigma wrote:Nevermind. I fixed it by using ProcView. But I still can't access those sites.

Sigh. You're running Windows ME, so you don't have the nslookup tool handy. That could give me some more information, but since it's not included with ME and I don't know where you could download a copy, forget it.

Anyway, open a command prompt, type 'tracert gamez.com' and paste the results here. Then do 'tracert lotgd.com' and paste the results here.

Enigma · Post by **Enigma** » 2004-05-25 08:54pm

Crayz9000 wrote:Anyway, open a command prompt, type 'tracert gamez.com' and paste the results here. Then do 'tracert lotgd.com' and paste the results here.

gamez.com

1 14 ms 13 ms 14 ms 10.44.128.1
2 <10 ms 14 ms 14 ms gw03.slnt.phub.net.cable.rogers.com [66.185.90.1
45]
3 14 ms <10 ms 14 ms gw01-vlan963.slnt.phub.net.cable.rogers.com [66.
185.93.201]
4 <10 ms 14 ms <10 ms gw01.rchrd.phub.net.cable.rogers.com [66.185.82.
133]
5 <10 ms 14 ms <10 ms gw01.flfrd.phub.net.cable.rogers.com [66.185.82.
129]
6 14 ms 14 ms 13 ms gw02.mtnk.phub.net.cable.rogers.com [66.185.82.1
25]
7 14 ms 27 ms 14 ms gw02.wlfdle.phub.net.cable.rogers.com [66.185.80
.149]
8 13 ms 14 ms <10 ms gw02.bloor.phub.net.cable.rogers.com [66.185.80.
13]
9 14 ms 13 ms 55 ms gw02.ym.phub.net.cable.rogers.com [66.185.80.137
]
10 55 ms 82 ms 55 ms igw01.chcrmk.phub.net.cable.rogers.com [66.185.8
1.190]
11 55 ms 55 ms 69 ms ge-4.2.0.mpr2.ord7.us.mfnx.net [64.124.11.17]
12 68 ms 69 ms 55 ms so-1-0-0.cr1.ord2.us.above.net [64.125.30.146]
13 82 ms 82 ms 83 ms so-2-0-0.cr1.dfw2.us.above.net [64.125.30.245]
14 82 ms 96 ms 96 ms so-4-3-0.mpr1.iah1.us.above.net [64.125.29.25]
14 82 ms 96 ms 96 ms so-4-3-0.mpr1.iah1.us.above.net [64.125.29.25]
15 68 ms 69 ms 82 ms 216.200.251.53.ev1.net [216.200.251.53]
16 55 ms 82 ms 69 ms 207.218.245.111
17 69 ms 68 ms 69 ms sage.zeras.net [69.57.134.21]

lotgd.com

1 <10 ms 14 ms 14 ms 10.44.128.1
2 <10 ms 14 ms <10 ms gw03.slnt.phub.net.cable.rogers.com [66.185.90.1
45]
3 <10 ms 14 ms <10 ms gw01-vlan963.slnt.phub.net.cable.rogers.com [66.
185.93.201]
4 14 ms <10 ms 14 ms gw01.rchrd.phub.net.cable.rogers.com [66.185.82.
133]
5 <10 ms 14 ms <10 ms gw01.flfrd.phub.net.cable.rogers.com [66.185.82.
129]
6 13 ms 28 ms 13 ms gw02.mtnk.phub.net.cable.rogers.com [66.185.82.1
25]
7 14 ms 14 ms 13 ms gw02.wlfdle.phub.net.cable.rogers.com [66.185.80
.145]
8 14 ms 14 ms 13 ms gw02.bloor.phub.net.cable.rogers.com [66.185.80.
1]
9 13 ms 14 ms 14 ms gw02.ym.phub.net.cable.rogers.com [66.185.80.133
]
10 55 ms 55 ms 69 ms igw01.chcrmk.phub.net.cable.rogers.com [66.185.8
1.190]
11 96 ms 55 ms 55 ms ge3-1.br01.chc01.pccwbtn.net [63.218.5.5]
12 110 ms 96 ms 96 ms pos2-0.cr01.phl02.pccwbtn.net [63.218.30.33]
13 68 ms 69 ms 55 ms hostnoc.ge3-0.2.cr01.phl02.pccwbtn.net [63.218.3
1.6]
14 68 ms 69 ms 69 ms ge-7-0-ctsi.rtr0.scra1.hostnoc.net [66.197.191.4
5]
15 68 ms 69 ms 68 ms 66.197.191.82
16 68 ms 69 ms 83 ms 66.197.143.56

I hope this helps.

Crayz9000 · Post by **Crayz9000** » 2004-05-26 01:46am

Ok, you're resolving the host fine... as I should have noticed in the OP but didn't. You're just getting 403 errors still?

.... I really have no clue what's happened here. It could be that the admins of those two sites blacklisted your IP subnet, for what reason I have absolutely no fucking idea. If you know the email address of one of their webmasters, you could try emailing them and asking them if they have any idea.

Enigma · Post by **Enigma** » 2004-05-26 07:32am

Crayz9000 wrote:Ok, you're resolving the host fine... as I should have noticed in the OP but didn't. You're just getting 403 errors still?

.... I really have no clue what's happened here. It could be that the admins of those two sites blacklisted your IP subnet, for what reason I have absolutely no fucking idea. If you know the email address of one of their webmasters, you could try emailing them and asking them if they have any idea.

Not only am I getting the "403" message but in the message body it also had the "404".

I've emailed the guy from lotgd.com but I haven't gotten a reply yet.