296f8.ilxt.info/index.php?aid=20038 removal help PLEASE!!!

I've tried everything out there, spyware removal hijhack this spybot SD cwshredder, bho deamon, adaware pro, aol spyware software, I purchased spy sweeper and nothing will help me remove this search page. Any Help out there???

 

here is my hj this log:

Logfile of HijackThis v1.98.0
Scan saved at 10:57:35 PM, on 7/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ray\Desktop\System Tools\HijackThis.exe

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

I've removed stuff already, however this is an updated log. What happens is that when I try to do a search from the address bar it takes me to http://296f8.ilxt.info/index.php?aid=20038 . which is some type of search page. With spyguard which I have removed and spyware sweeper they tell me that my homepage and searchpage are being changed, so I restore them to the originals, my homepage remains the same but my search redirects to the above mentioned. The weird thing though is that when I use the search button it opens okay. It's when I try to do a search from the address bar field. In regards to the bho you recommended I can't get rid of it. With bho deamon I believe it showed as my pop up blocker stopzilla.

 

Well, I did what you said and reset everything, it still is hijacking my search page from the address bar field, but not from the sidebar view(button). I also went into spybot sd advance mode and changed all the settings under internet tweaks to yahoo homepage and all google search pages. when I pressed the search button on ie it opened the google web search(sidebar view) so I did a search from the address bar and on the status bar you could see that it was opening google then at the last second bam back to http://296f8.ilxt.info/index.php?aid=20038. This is so frustrating!!!!!!

 

Logfile of HijackThis v1.98.0
Scan saved at 11:41:29 AM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Ray\Desktop\System Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

Does it matter if I have 2 accounts set up on this computer? mine and my girlfriends- They are both affected.

 

I've downloaded the cc file and appliied it to both accounts, when I went to microsoft updates none were needed. I'm pretty much on top of that. I've done everything but to no avail. Here is the file that you requested:
# copyright (c) 1993-1999 microsoft corp.
#
# this is a sample hosts file used by microsoft tcp/ip for windows.
#
# this file contains the mappings of ip addresses to host names. each
# entry should be kept on an individual line. the ip address should
# be placed in the first column followed by the corresponding host name.
# the ip address and the host name should be separated by at least one
# space.
#
# additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# for example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 localhost
127.0.0.1 www.doubleclick.net
127.0.0.1 ad.preferances.com
127.0.0.1 ad.doubleclick.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.preferences.com
127.0.0.1 ad.washingtonpost.com
127.0.0.1 adpick.switchboard.com
127.0.0.1 ads.doubleclick.com
127.0.0.1 ads.infospace.com
#27.0.0.1 ads.msn.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.enliven.com
127.0.0.1 oz.valueclick.com
127.0.0.1 doubleclick.net
127.0.0.1 ads.doubleclick.net
127.0.0.1 ad2.doubleclick.net
127.0.0.1 ad3.doubleclick.net
127.0.0.1 ad4.doubleclick.net
127.0.0.1 ad5.doubleclick.net
127.0.0.1 ad6.doubleclick.net
127.0.0.1 ad7.doubleclick.net
127.0.0.1 ad8.doubleclick.net
127.0.0.1 ad9.doubleclick.net
127.0.0.1 ad10.doubleclick.net
127.0.0.1 ad11.doubleclick.net
127.0.0.1 ad12.doubleclick.net
127.0.0.1 ad13.doubleclick.net
127.0.0.1 ad14.doubleclick.net
127.0.0.1 ad15.doubleclick.net
127.0.0.1 ad16.doubleclick.net
127.0.0.1 ad17.doubleclick.net
127.0.0.1 ad18.doubleclick.net
127.0.0.1 ad19.doubleclick.net
127.0.0.1 ad20.doubleclick.net
127.0.0.1 ad.ch.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 banner.linkexchange.com
127.0.0.1 ads*.focalink.com
127.0.0.1 ads.imdb.com
127.0.0.1 commonwealth.riddler.com
127.0.0.1 globaltrak.net
127.0.0.1 nrsite.com
127.0.0.1 www.nrsite.com
127.0.0.1 ad-up.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.atlas.cz
127.0.0.1 ad.blm.net
127.0.0.1 ad.dogpile.com
127.0.0.1 ad.infoseek.com
127.0.0.1 ad.net-service.de
127.0.0.1 ad.preferences.com
127.0.0.1 ad.vol.at
127.0.0.1 adbot.com
127.0.0.1 adbureau.net
127.0.0.1 adcount.hollywood.com
127.0.0.1 add.yaho.com
127.0.0.1 adex3.flycast.com
127.0.0.1 adforce.adtech.de
127.0.0.1 adforce.imgis.com
127.0.0.1 adimage.blm.net
127.0.0.1 adlink.deh.de
127.0.0.1 ads.criticalmass.com
127.0.0.1 ads.csi.emcweb.com
127.0.0.1 ads.filez.com
127.0.0.1 ads.imagine-inc.com
127.0.0.1 ads.imdb.com
127.0.0.1 ads.infospace.com
127.0.0.1 ads.jwtt3.com
127.0.0.1 ads.mirrormedia.co.uk
#27.0.0.1 ads.msn.com
127.0.0.1 ads.narrowline.com
127.0.0.1 ads.newcitynet.com
127.0.0.1 ads.realcities.com
127.0.0.1 ads.realmedia.com
127.0.0.1 ads.switchboard.com
127.0.0.1 ads.tripod.com
127.0.0.1 ads.usatoday.com
127.0.0.1 ads.washingtonpost.com
127.0.0.1 ads.web.de
127.0.0.1 ads.web21.com
127.0.0.1 adserv.newcentury.net
127.0.0.1 adservant.guj.de
127.0.0.1 adservant.mediapoint.de
127.0.0.1 adserver-espnet.sportszone.com
127.0.0.1 advert.heise.de
127.0.0.1 banners.internetextra.com
127.0.0.1 bannerswap.com
127.0.0.1 dino.mainz.ibm.de
127.0.0.1 ganges.imagine-inc.com
127.0.0.1 globaltrack.com
127.0.0.1 207-87-18-203.wsmg.digex.net
127.0.0.1 garden.ngadcenter.net
127.0.0.1 ogilvy.ngadcenter.net
127.0.0.1 responsemedia-ad.flycast.com
127.0.0.1 suissa-ad.flycast.com
127.0.0.1 ugo.eu-adcenter.net
127.0.0.1 vnu.eu-adcenter.net
127.0.0.1 ad-adex3.flycast.com
127.0.0.1 ad.adsmart.net
127.0.0.1 ad.ca.doubleclick.net
127.0.0.1 ad.de.doubleclick.net
127.0.0.1 ad.fr.doubleclick.net
127.0.0.1 ad.jp.doubleclick.net
127.0.0.1 ad.linkexchange.com
127.0.0.1 ad.linksynergy.com
127.0.0.1 ad.nl.doubleclick.net
127.0.0.1 ad.no.doubleclick.net
127.0.0.1 ad.sma.punto.net
127.0.0.1 ad.uk.doubleclick.net
127.0.0.1 ad.webprovider.com
127.0.0.1 ad08.focalink.com
127.0.0.1 adcontroller.unicast.com
127.0.0.1 adcreatives.imaginemedia.com
127.0.0.1 adforce.ads.imgis.com
127.0.0.1 adforce.imgis.com
127.0.0.1 adfu.blockstackers.com
127.0.0.1 adimages.earthweb.com
127.0.0.1 adimg.egroups.com
127.0.0.1 admedia.xoom.com
127.0.0.1 adremote.pathfinder.com
127.0.0.1 ads.admaximize.com
127.0.0.1 ads.bfast.com
127.0.0.1 ads.clickhouse.com
127.0.0.1 ads.fairfax.com.au
127.0.0.1 ads.fool.com
127.0.0.1 ads.freshmeat.net
127.0.0.1 ads.hollywood.com
127.0.0.1 ads.i33.com
127.0.0.1 ads.infi.net
127.0.0.1 ads.link4ads.com
127.0.0.1 ads.lycos.com
127.0.0.1 ads.madison.com
127.0.0.1 ads.mediaodyssey.com
#27.0.0.1 ads.msn.com
#27.0.0.1 ads.ninemsn.com.au
127.0.0.1 ads.seattletimes.com
127.0.0.1 ads.smartclicks.com
127.0.0.1 ads.smartclicks.net
127.0.0.1 ads.sptimes.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ads.x10.com
127.0.0.1 ads.xtra.co.nz
127.0.0.1 ads.zdnet.com
127.0.0.1 ads01.focalink.com
127.0.0.1 ads02.focalink.com
127.0.0.1 ads03.focalink.com
127.0.0.1 ads04.focalink.com
127.0.0.1 ads05.focalink.com
127.0.0.1 ads06.focalink.com
127.0.0.1 ads08.focalink.com
127.0.0.1 ads09.focalink.com
127.0.0.1 ads1.activeagent.at
127.0.0.1 ads10.focalink.com
127.0.0.1 ads11.focalink.com
127.0.0.1 ads12.focalink.com
127.0.0.1 ads14.focalink.com
127.0.0.1 ads16.focalink.com
127.0.0.1 ads17.focalink.com
127.0.0.1 ads18.focalink.com
127.0.0.1 ads19.focalink.com
127.0.0.1 ads2.zdnet.com
127.0.0.1 ads20.focalink.com
127.0.0.1 ads21.focalink.com
127.0.0.1 ads22.focalink.com
127.0.0.1 ads23.focalink.com
127.0.0.1 ads24.focalink.com
127.0.0.1 ads25.focalink.com
127.0.0.1 ads3.zdnet.com
127.0.0.1 ads5.gamecity.net
127.0.0.1 adserv.iafrica.com
127.0.0.1 adserv.quality-channel.de
127.0.0.1 adserver.dbusiness.com
127.0.0.1 adserver.garden.com
127.0.0.1 adserver.janes.com
127.0.0.1 adserver.merc.com
127.0.0.1 adserver.monster.com
127.0.0.1 adserver.track-star.com
127.0.0.1 adserver1.ogilvy-interactive.de
127.0.0.1 adtegrity.spinbox.net
127.0.0.1 antfarm-ad.flycast.com
127.0.0.1 au.ads.link4ads.com
127.0.0.1 banner.media-system.de
127.0.0.1 banner.orb.net
127.0.0.1 banner.relcom.ru
127.0.0.1 banners.easydns.com
127.0.0.1 banners.looksmart.com
127.0.0.1 banners.wunderground.com
127.0.0.1 barnesandnoble.bfast.com
127.0.0.1 beseenad.looksmart.com
127.0.0.1 bizad.nikkeibp.co.jp
127.0.0.1 bn.bfast.com
127.0.0.1 c3.xxxcounter.com
127.0.0.1 califia.imaginemedia.com
127.0.0.1 cds.mediaplex.com
127.0.0.1 click.avenuea.com
127.0.0.1 click.go2net.com
127.0.0.1 click.linksynergy.com
127.0.0.1 cookies.cmpnet.com
127.0.0.1 cornflakes.pathfinder.com
127.0.0.1 counter.hitbox.com
127.0.0.1 crux.songline.com
127.0.0.1 erie.smartage.com
127.0.0.1 etad.telegraph.co.uk
127.0.0.1 fp.valueclick.com
127.0.0.1 gadgeteer.pdamart.com
127.0.0.1 gm.preferences.com
127.0.0.1 gp.dejanews.com
127.0.0.1 hg1.hitbox.com
127.0.0.1 image.click2net.com
127.0.0.1 image.eimg.com
127.0.0.1 images2.nytimes.com
127.0.0.1 jobkeys.ngadcenter.net
127.0.0.1 kansas.valueclick.com
127.0.0.1 leader.linkexchange.com
127.0.0.1 liquidad.narrowcastmedia.com
127.0.0.1 ln.doubleclick.net
127.0.0.1 m.doubleclick.net
127.0.0.1 macaddictads.snv.futurenet.com
127.0.0.1 maximumpcads.imaginemedia.com
127.0.0.1 media.preferences.com
127.0.0.1 mercury.rmuk.co.uk
127.0.0.1 mojofarm.sjc.mediaplex.com
127.0.0.1 nbc.adbureau.net
127.0.0.1 newads.cmpnet.com
127.0.0.1 ng3.ads.warnerbros.com
127.0.0.1 ngads.smartage.com
127.0.0.1 nsads.hotwired.com
127.0.0.1 ntbanner.digitalriver.com
127.0.0.1 ph-ad05.focalink.com
127.0.0.1 ph-ad07.focalink.com
127.0.0.1 ph-ad16.focalink.com
127.0.0.1 ph-ad17.focalink.com
127.0.0.1 ph-ad18.focalink.com
127.0.0.1 realads.realmedia.com
127.0.0.1 redherring.ngadcenter.net
127.0.0.1 redirect.click2net.com
127.0.0.1 retaildirect.realmedia.com
127.0.0.1 s2.focalink.com
127.0.0.1 sh4sure-images.adbureau.net
127.0.0.1 spin.spinbox.net
127.0.0.1 static.admaximize.com
127.0.0.1 stats.superstats.com
127.0.0.1 sview.avenuea.com
127.0.0.1 thinknyc.eu-adcenter.net
127.0.0.1 tracker.clicktrade.com
127.0.0.1 tsms-ad.tsms.com
127.0.0.1 v0.extreme-dm.com
127.0.0.1 v1.extreme-dm.com
127.0.0.1 van.ads.link4ads.com
127.0.0.1 view.accendo.com
127.0.0.1 view.avenuea.com
127.0.0.1 w113.hitbox.com
127.0.0.1 w25.hitbox.com
127.0.0.1 web2.deja.com
127.0.0.1 webads.bizservers.com
127.0.0.1 www.postmasterbannernet.com
127.0.0.1 www.ad-up.com
127.0.0.1 www.admex.com
127.0.0.1 www.alladvantage.com
127.0.0.1 www.burstnet.com
127.0.0.1 www.commission-junction.com
127.0.0.1 www.eads.com
127.0.0.1 www.freestats.com
127.0.0.1 www.imaginemedia.com
127.0.0.1 www.netdirect.nl
127.0.0.1 www.oneandonlynetwork.com
127.0.0.1 www.targetshop.com
127.0.0.1 www.teknosurf2.com
127.0.0.1 www.teknosurf3.com
127.0.0.1 www.valueclick.com
127.0.0.1 www.websitefinancing.com
127.0.0.1 www2.burstnet.com
127.0.0.1 www4.trix.net
127.0.0.1 www80.valueclick.com
127.0.0.1 z.extreme-dm.com
127.0.0.1 z0.extreme-dm.com
127.0.0.1 z1.extreme-dm.com
127.0.0.1 ads.forbes.net
127.0.0.1 ads.newcity.com
127.0.0.1 ads.ign.com
127.0.0.1 adserver.ign.com
127.0.0.1 ads.scifi.com
127.0.0.1 adengine.theglobe.com
127.0.0.1 ads.tucows.com
127.0.0.1 adcontent.gamespy.com
127.0.0.1 ads4.advance.net
127.0.0.1 ads1.advance.net
127.0.0.1 eur.yimg.com
127.0.0.1 us.a1.yimg.com
127.0.0.1 ad.harmony-central.com
127.0.0.1 sg.yimg.com
127.0.0.1 adverity.adverity.com
127.0.0.1 ads.bloomberg.com
127.0.0.1 mojofarm.mediaplex.com
127.0.0.1 ads.mysimon.com
127.0.0.1 ad.img.yahoo.co.kr
127.0.0.1 adimages.go.com
127.0.0.1 kr-adimage.lycos.co.kr
127.0.0.1 ad.kimo.com.tw
127.0.0.1 ads.paxnet.co.kr
127.0.0.1 ads.paxnet.com
#27.0.0.1 ads.eu.msn.com
127.0.0.1 ads.admonitor.net
127.0.0.1 wwa.hitbox.com
127.0.0.1 ads.nytimes.com
127.0.0.1 ads.erotism.com
127.0.0.1 banner.rootsweb.com
127.0.0.1 ads.ole.com
127.0.0.1 adimg1.chosun.com
127.0.0.1 ss.mtree.com
127.0.0.1 adpulse.ads.targetnet.com
127.0.0.1 adserver.ugo.com
127.0.0.1 ad.sales.olympics.com
127.0.0.1 m2.doubleclick.net
127.0.0.1 ph-ad21.focalink.com
127.0.0.1 focusin.ads.targetnet.com
127.0.0.1 www.datais.com
127.0.0.1 oas.mmd.ch
127.0.0.1 pub-g.ifrance.com
127.0.0.1 ads.bianca.com
127.0.0.1 wap.adlink.de
127.0.0.1 click.adlink.de
127.0.0.1 banner.adlink.de
127.0.0.1 hurricane.adlink.de
127.0.0.1 west.adlink.de
127.0.0.1 scand.adlink.de
127.0.0.1 regio.adlink.de
127.0.0.1 direct.adlink.de
127.0.0.1 classic.adlink.de
127.0.0.1 adlui001.adlink.de
127.0.0.1 banner1.adlink.de
127.0.0.1 click.mp3.com
127.0.0.1 adcodes.bla-bla.com
127.0.0.1 icover.realmedia.com
127.0.0.1 ca.fp.sandpiper.net
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 ads.tmcs.net
127.0.0.1 amedia.techies.com
127.0.0.1 www.exchange-it.com
127.0.0.1 www.ad.tomshardware.com
127.0.0.1 ad.tomshardware.com
127.0.0.1 ads.currantbun.com
127.0.0.1 phoenix-adrunner.mycomputer.com
127.0.0.1 ads15.focalink.com
127.0.0.1 ads13.focalink.com
127.0.0.1 adserver.colleges.com
127.0.0.1 ads.nwsource.com
127.0.0.1 ads.guardianunlimited.co.uk
127.0.0.1 ads.newsint.co.uk
127.0.0.1 ads.starnews.com
127.0.0.1 www.linksynergy.com
127.0.0.1 ieee-images.adbureau.net
127.0.0.1 connect.247media.ads.link4ads.com
127.0.0.1 ads.newsdigital.net
#27.0.0.1 arc5.msn.com
#27.0.0.1 arc4.msn.com
#27.0.0.1 arc3.msn.com
#27.0.0.1 arc2.msn.com
#27.0.0.1 arc1.msn.com
127.0.0.1 ads.discovery.com
127.0.0.1 im.800.com
127.0.0.1 img.cmpnet.com
127.0.0.1 ad7.internetadserver.com
127.0.0.1 ads.dai.net
127.0.0.1 ads.cbc.ca
127.0.0.1 www75.valueclick.com
127.0.0.1 ads.clearbluemedia.com
127.0.0.1 ti.click2net.com
127.0.0.1 www.onresponse.com
127.0.0.1 ads.list-universe.com
127.0.0.1 advert.bayarea.com
127.0.0.1 www3.pagecount.com
127.0.0.1 www.netsponsors.com
127.0.0.1 adthru.com
127.0.0.1 ads.newtimes.com
127.0.0.1 ads.ugo.com
127.0.0.1 ads.belointeractive.com
127.0.0.1 wwb.hitbox.com
127.0.0.1 comtrack.comclick.com
127.0.0.1 www.24pm-affiliation.com
127.0.0.1 www.click-fr.com
127.0.0.1 www.cibleclick.com
127.0.0.1 reply.mediatris.net
127.0.0.1 cgi.declicnet.com
127.0.0.1 pubs.mgn.net
127.0.0.1 ads.mcafee.com
127.0.0.1 ads1.ad-flow.com
127.0.0.1 ad.be.doubleclick.net
127.0.0.1 ad.adtraq.com
127.0.0.1 ad.sg.doubleclick.net
127.0.0.1 adpop.theglobe.com
127.0.0.1 ads-03.tor.focusin.ads.targetnet.com
127.0.0.1 ads.adflight.com
127.0.0.1 ads.detelefoongids.nl
127.0.0.1 ads.ecircles.com
127.0.0.1 ads.god.co.uk
127.0.0.1 ads.hyperbanner.net
127.0.0.1 ads.jpost.com
127.0.0.1 ads.netmechanic.com
127.0.0.1 ads.webcash.nl
127.0.0.1 adserver.netcast.nl
127.0.0.1 adserver.webads.com
127.0.0.1 adserver.webads.nl
127.0.0.1 adserver1.realtracker.com
127.0.0.1 adserver2.realtracker.com
127.0.0.1 adserver3.realtracker.com
127.0.0.1 delivery1.ads.telegraaf.nl
127.0.0.1 holland.hyperbanner.net
127.0.0.1 images.webads.nl
127.0.0.1 sc.clicksupply.com
127.0.0.1 service.bfast.com
127.0.0.1 www.ad4ex.com
127.0.0.1 www.bannercampaign.com
127.0.0.1 www.cyberbounty.com
127.0.0.1 www.netvertising.be
127.0.0.1 www.speedyclick.com
127.0.0.1 www.webads.nl
127.0.0.1 ads.snowball.com
127.0.0.1 ads.amazingmedia.com
127.0.0.1 www10.valueclick.com
127.0.0.1 js1.hitbox.com
127.0.0.1 rd1.hitbox.com
127.0.0.1 mt37.mtree.com
127.0.0.1 ads.gameanswers.com
127.0.0.1 ads7.udc.advance.net
127.0.0.1 www23.valueclick.com
127.0.0.1 ads.fortunecity.com
127.0.0.1 banners.nextcard.com
127.0.0.1 ads.iwon.com
127.0.0.1 www.qksrv.net
127.0.0.1 clickserve.cc-dt.com
127.0.0.1 ads-b.focalink.com
127.0.0.1 ad2.peel.com
127.0.0.1 ads.floridatoday.com
127.0.0.1 stats.adultrevenueservice.com
127.0.0.1 ads18.bpath.com
127.0.0.1 ph-ad06.focalink.com
127.0.0.1 global.msads.net
127.0.0.1 pluto1.iserver.net
127.0.0.1 ads1.intelliads.com
127.0.0.1 primetime.ad.asap-asp.net
127.0.0.1 ads.stileproject.com
#27.0.0.1 di.image.eshop.msn.com
127.0.0.1 www.blissnet.net
127.0.0.1 www.consumerinfo.com
127.0.0.1 ads.rottentomatoes.com
127.0.0.1 k5ads.osdn.com
127.0.0.1 actionsplash.com
127.0.0.1 campaigns.f2.com.au
127.0.0.1 adserver.news.com.au
127.0.0.1 servedby.advertising.com
#27.0.0.1 java.yahoo.com
127.0.0.1 ad.howstuffworks.com
127.0.0.1 ads.1for1.com
127.0.0.1 images.ads.fairfax.com.au
127.0.0.1 ads.devx.com
127.0.0.1 utils.mediageneral.com
127.0.0.1 banners.friendfinder.com
127.0.0.1 adserver.matchcraft.com
127.0.0.1 www.dnps.com
127.0.0.1 creative.whi.co.nz
127.0.0.1 rmedia.boston.com
127.0.0.1 webaffiliate.covad.com
127.0.0.1 ad.iwin.com
127.0.0.1 www.nailitonline2.com
127.0.0.1 mds.centrport.net
127.0.0.1 oas.dispatch.com
127.0.0.1 adserver.ads360.com
127.0.0.1 banners.adultfriendfinder.com
127.0.0.1 ads.as4x.tmcs.net
127.0.0.1 ads.clickagents.com
127.0.0.1 banners.chek.com
127.0.0.1 zi.r.tv.com
127.0.0.1 ph-ad19.focalink.com
127.0.0.1 ads.greensboro.com
127.0.0.1 ad2.adcept.net
127.0.0.1 ads.colo.kiva.net
127.0.0.1 adsrv.iol.co.za
127.0.0.1 mjxads.internet.com
127.0.0.1 adimage.asiaone.com.sg
127.0.0.1 ads.vnuemedia.com
127.0.0.1 affiliate.doteasy.com
127.0.0.1 m.tribalfusion.com
127.0.0.1 oas.lee.net
127.0.0.1 www.banneroverdrive.com
127.0.0.1 ad3.peel.com
127.0.0.1 ad1.peel.comwww.xbn.ru
127.0.0.1 adserver.snowball.com
127.0.0.1 media15.fastclick.net
127.0.0.1 ads5.advance.net
127.0.0.1 ads3.advance.net
127.0.0.1 ads2.advance.net
127.0.0.1 ads.advance.net
127.0.0.1 usbytecom.orbitcycle.com
127.0.0.1 adbanner.sweepsclub.com
127.0.0.1 oas.villagevoice.com
127.0.0.1 www.ad-flow.com
127.0.0.1 ads.guardian.co.uk
127.0.0.1 ads.hitcents.com
127.0.0.1 media19.fastclick.net
127.0.0.1 a.tribalfusion.com
127.0.0.1 ads.nypost.com
127.0.0.1 ads.premiumnetwork.com
127.0.0.1 ads.ad-flow.com
127.0.0.1 adserver.hispavista.com
127.0.0.1 ads.musiccity.com
127.0.0.1 banners.revenuelink.com
127.0.0.1 ads1.sptimes.com
127.0.0.1 adserver.bizland-inc.net
127.0.0.1 ads.adtegrity.net
127.0.0.1 media13.fastclick.net
127.0.0.1 adserver.ukplus.co.uk
127.0.0.1 ads.live365.com
127.0.0.1 ads.fredericksburg.com
127.0.0.1 banners.affiliatefuel.com
127.0.0.1 ar.atwola.com
127.0.0.1 ads.bigcitytools.com
127.0.0.1 netshelter.adtrix.com
127.0.0.1 y.ibsys.com
127.0.0.1 adserver.nydailynews.com
127.0.0.1 s0b.bluestreak.com
127.0.0.1 images.scripps.com
127.0.0.1 images.cybereps.com
127.0.0.1 altfarm.mediaplex.com
127.0.0.1 krd.realcities.com
127.0.0.1 www3.bannerspace.com
127.0.0.1 view.atdmt.com
127.0.0.1 ads7.advance.net
127.0.0.1 ad.abcnews.com
127.0.0.1 ads.newsquest.co.uk
127.0.0.1 secure.webconnect.net
127.0.0.1 ads.nandomedia.com
127.0.0.1 banners.babylon-x.com
127.0.0.1 media17.fastclick.net
127.0.0.1 techreview-images.adbureau.net
127.0.0.1 ads.exhedra.com
127.0.0.1 ad.trafficmp.com
127.0.0.1 realmedia-a800.d4p.net
127.0.0.1 banner.northsky.com
127.0.0.1 ftp.nacorp.com
127.0.0.1 www.digitalbettingcasinos.com
127.0.0.1 c1.zedo.com
127.0.0.1 ads4.condenet.com
127.0.0.1 www.brilliantdigital.com
127.0.0.1 desktop.kazaa.com
127.0.0.1 shop.kazaa.com
127.0.0.1 www.bonzi.com
127.0.0.1 www.b3d.com
127.0.0.1 neighborhood.standard.net
127.0.0.1 ads.telegraph.co.uk
127.0.0.1 spinbox.techtracker.com
127.0.0.1 toads.osdn.com
127.0.0.1 ads.themes.org
127.0.0.1 adserver.trb.com
127.0.0.1 media.fastclick.net
127.0.0.1 banner.easyspace.com
127.0.0.1 www.banner2u.com
127.0.0.1 ads.thestar.com
127.0.0.1 ads.digitalmedianet.com
127.0.0.1 www.fineclicks.com
127.0.0.1 ads.mdchoice.com
127.0.0.1 ad.horvitznewspapers.net
127.0.0.1 adtegrity.thruport.com
127.0.0.1 a.mktw.net
127.0.0.1 ads.pennyweb.com
127.0.0.1 www3.ad.tomshardware.com
127.0.0.1 www4.ad.tomshardware.com
127.0.0.1 www6.ad.tomshardware.com
127.0.0.1 www8.ad.tomshardware.com
127.0.0.1 www15.ad.tomshardware.com
127.0.0.1 ads.forbes.com
127.0.0.1 ads.desmoinesregister.com
127.0.0.1 adserver.tribuneinteractive.com
127.0.0.1 bannerads.anytimenews.com
127.0.0.1 ads1.condenet.com
127.0.0.1 adserver.anm.co.uk
127.0.0.1 zrap.zdnet.com.com
127.0.0.1 bidclix.net
127.0.0.1 media.popuptraffic.com
127.0.0.1 coreg.flashtrack.net
#27.0.0.1 rmads.msn.com
127.0.0.1 ads.icq.com
127.0.0.1 cb.icq.com
127.0.0.1 cf.icq.com
127.0.0.1 www2.newtopsites.com
127.0.0.1 adserv.internetfuel.com
127.0.0.1 images.fastclick.net
127.0.0.1 adserver.securityfocus.com
127.0.0.1 www.avsads.com
127.0.0.1 banners.moviegoods.com
127.0.0.1 ads.bitsonthewire.com
127.0.0.1 ads.iambic.com
127.0.0.1 sfads.osdn.com
127.0.0.1 fl01.ct2.comclick.com
127.0.0.1 adserver.phillyburbs.com
127.0.0.1 marketing.nyi.net
127.0.0.1 www.netflip.com
127.0.0.1 image.imgfarm.com
127.0.0.1 ads.viaarena.com
127.0.0.1 phpads2.cnpapers.com
127.0.0.1 ads.astalavista.us
127.0.0.1 banner.coza.com
127.0.0.1 adcreative.tribuneinteractive.com
127.0.0.1 ads.democratandchronicle.com
127.0.0.1 adlog.com.com
127.0.0.1 adimg.com.com
127.0.0.1 adimage.bankrate.com
127.0.0.1 ads.mediadevil.com
127.0.0.1 imageserv.adtech.de
127.0.0.1 ad.se.doubleclick.net
127.0.0.1 ads.cashsurfers.com
127.0.0.1 ads.specificpop.com
127.0.0.1 z1.adserver.com
127.0.0.1 images.bizrate.com
127.0.0.1 q.pni.com
127.0.0.1 ad01.mediacorpsingapore.com
127.0.0.1 adimage.asia1.com.sg
127.0.0.1 images.newsx.cc
127.0.0.1 www.adireland.com
127.0.0.1 ads.iafrica.com
127.0.0.1 ads.nyi.net
127.0.0.1 geoads.osdn.com
127.0.0.1 www.crisscross.com
127.0.0.1 netcomm.spinbox.net
127.0.0.1 i.i.com.com
127.0.0.1 ads.videoaxs.com
127.0.0.1 mediamgr.ugo.com
127.0.0.1 adserver.pollstar.com
127.0.0.1 information.gopher.com
127.0.0.1 ads.adviva.net
127.0.0.1 adsrv.bankrate.com
127.0.0.1 a207.p.f.qz3.net
127.0.0.1 ehg-bestbuy.hitbox.com
127.0.0.1 ehg-intel.hitbox.com
127.0.0.1 ehg-espn.hitbox.com
127.0.0.1 ehg-macromedia.hitbox.com
127.0.0.1 ehg-dig.hitbox.com
127.0.0.1 speed.pointroll.com
127.0.0.1 amch.questionmarket.com
127.0.0.1 ads.gamespy.com
127.0.0.1 spd.atdmt.com
127.0.0.1 ads.columbian.com
127.0.0.1 clickit.go2net.com
127.0.0.1 vpdc.ru4.com
127.0.0.1 ads.developershed.com
127.0.0.1 ads.globeandmail.com
127.0.0.1 ads.nerve.com
127.0.0.1 iv.doubleclick.net
127.0.0.1 ads2.condenet.com
127.0.0.1 www.burstnet.com
127.0.0.1 ads5.canoe.ca
127.0.0.1 askmen.thruport.com
127.0.0.1 adsrv2.gainesvillesun.com
127.0.0.1 ads.theolympian.com
127.0.0.1 ads.courierpostonline.com
127.0.0.1 i.timeinc.net
127.0.0.1 oasads.whitepages.com
#27.0.0.1 rad.msn.com
127.0.0.1 serve.thisbanner.com
127.0.0.1 images.trafficmp.com
127.0.0.1 www.kaplanindex.com
127.0.0.1 kaplanindex.com
127.0.0.1 1.httpdads.com
127.0.0.1 spinbox.maccentral.com
127.0.0.1 akaads-abc.starwave.com
127.0.0.1 webad.ajeeb.com
127.0.0.1 ads.granadamedia.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.wnd.com
127.0.0.1 a3.suntimes.com
127.0.0.1 tmsads.tribune.com
127.0.0.1 ads.peel.com
127.0.0.1 ads.mh5.com
127.0.0.1 ad.usatoday.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 ads.mediaturf.net
127.0.0.1 ads4.clearchannel.com
127.0.0.1 ads.clearchannel.com
127.0.0.1 ads2.clearchannel.com
127.0.0.1 ads.jacksonsun.com
127.0.0.1 servads.aip.org
127.0.0.1 ad.au.doubleclick.net
127.0.0.1 adng.ascii24.com
127.0.0.1 engage.speedera.net
127.0.0.1 ads.msn-ppe.com
127.0.0.1 ad.openfind.com.tw
127.0.0.1 adi.mainichi.co.jp
127.0.0.1 ads.northjersey.com
127.0.0.1 ad.moscowtimes.ru
127.0.0.1 banners.valuead.com
127.0.0.1 ad1.aaddzz.com
127.0.0.1 ds.eyeblaster.com
127.0.0.1 adserver.digitalpartners.com
127.0.0.1 oas.uniontrib.com
127.0.0.1 ads.statesmanjournal.com
127.0.0.1 ads.centralohio.com

 

Visible Symptoms
After running a scan from Panda Active Scan it found my problem, apparantley it's a trojan. WHY THE HECK DOESN'T NORTON ANTIVIRUS PICK THIS UP??? PANDA SAYS THAT IT CLEANED IT WE'LL SEE IF IT COMES BACK. THANKS FOR YOUR INPUT!!
StartPage.FH is easy to recognize, as it changes the home page of Internet Explorer for the one below:



Then, it displays a fake message, with a variable text, warning users on a possible affection by spyware and adware programs: