Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infections, Please Help.


  • Please log in to reply
19 replies to this topic

#1 NovaPulse

NovaPulse

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 18 November 2007 - 02:47 PM

Ok, so i havn't been on my laptop for 3 days and when i get back on, i'm infected by a virus and multiple adware/malware stuff. Now every 2 minutes, i get a bubble with that yellow triangle saying i'm infected. It is getting on my nerves, anyways here is my HJ log, and much help is needed, thanks.


HJT Log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:44:46 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\plite731.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\Deric Pujo\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fooqzaci.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [009b5092] rundll32.exe "C:\WINDOWS\system32\swpmofnk.dll",b
O4 - HKCU\..\Run: [pc_flashbang] C:\Program Files\PCFlashBang\PCFlashBang.exe -sys
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Xxs] C:\WINDOWS\system32\arpa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources/1....der.9.3.2.3.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - AppInit_DLLs: hanonvt.ini
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11070 bytes

BC AdBot (Login to Remove)

 


#2 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:09 AM

Posted 18 November 2007 - 05:50 PM

Please do the following:

Download ComboFix
Save to the Desktop. <<<Important!!

Now, go to Start > Run, and copy/paste the following single line command in the Open box:

"%userprofile%\desktop\combofix.exe" /killall


Example:
Posted Image

Click:OK

Follow the prompts.
Then type 1 and press Enter to begin the scan.

Do not mouse-click the ComboFix window while it runs. It may cause it to stall.

When finished, a log, ComboFix.txt, is produced.

~~~~
Run HijackThis once again to obtain a new log.

~~~~
Please provide the contents of the ComboFix log , and the new HijackThis log in your reply.

Old duck...


#3 NovaPulse

NovaPulse
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 18 November 2007 - 07:39 PM

Ok here are my results:

Combofix Log:

ComboFix 07-11-08.1 - Deric Pujo 2007-11-18 18:40:53.1 - NTFSx86
Running from: C:\Documents and Settings\Deric Pujo\desktop\combofix.exe
Command switches used :: /killall
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Deric Pujo\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Deric Pujo\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Deric Pujo\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Deric Pujo\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Deric Pujo\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Deric Pujo\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\ISM2
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\targets.gz
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\fooqzaci.dllbox
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\winttr.exe
C:\WINDOWS\updatetc.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-19 to 2007-11-19 )))))))))))))))))))))))))))))))
.

2007-11-18 19:24 317 --ahs---- C:\WINDOWS\SYSTEM32\dcdgh.ini2
2007-11-18 19:23 320,608 --a------ C:\WINDOWS\SYSTEM32\hgdcd.dll
2007-11-18 18:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-18 18:18 439,277 ---hs---- C:\WINDOWS\SYSTEM32\rqtss.ini2
2007-11-18 13:44 79,424 --a------ C:\WINDOWS\SYSTEM32\vmfbelvd.dll
2007-11-18 13:38 81,177 --a------ C:\WINDOWS\SYSTEM32\vcyfojsy.dll
2007-11-18 13:00 79,424 --a------ C:\WINDOWS\SYSTEM32\fmredhwt.dll
2007-11-18 02:00 84,081 --a------ C:\WINDOWS\SYSTEM32\fobrsosx.dll
2007-11-18 01:57 79,424 --a------ C:\WINDOWS\SYSTEM32\hdlmympf.dll
2007-11-17 23:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-17 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-17 23:40 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-17 16:05 82,496 --a------ C:\WINDOWS\SYSTEM32\pktbsfml.dll
2007-11-16 22:42 84,081 --a------ C:\WINDOWS\SYSTEM32\mnataaha.dll
2007-11-16 21:39 86,080 --a------ C:\WINDOWS\SYSTEM32\swpmofnk.dll
2007-11-15 18:13 79,936 --a------ C:\WINDOWS\SYSTEM32\skmafdim.dll
2007-11-14 19:54 79,424 --a------ C:\WINDOWS\SYSTEM32\txtcemhh.dll
2007-11-13 23:28 <DIR> d-------- C:\Program Files\ProxyWay
2007-11-13 22:19 <DIR> d-------- C:\Program Files\AIM6
2007-11-13 20:25 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-11-12 12:40 434,483 --ahs---- C:\WINDOWS\SYSTEM32\rqtss.bak2
2007-11-12 00:40 6,465 --ahs---- C:\WINDOWS\SYSTEM32\rqtss.bak1
2007-11-12 00:33 36,352 --a------ C:\WINDOWS\SYSTEM32\khfffda.dll
2007-11-12 00:32 <DIR> d-------- C:\WINDOWS\SYSTEM32\rMa02yy
2007-11-12 00:32 <DIR> d-------- C:\temp\abW9
2007-11-11 22:55 <DIR> d-------- C:\Program Files\Buddy Icon Maker
2007-11-11 16:17 <DIR> d-------- C:\Program Files\3DRipperDX
2007-11-09 22:37 <DIR> d-------- C:\Program Files\1964
2007-11-01 19:53 <DIR> d-------- C:\Program Files\Pcsx2
2007-11-01 19:28 <DIR> d-------- C:\Documents and Settings\Deric Pujo\Application Data\U3
2007-11-01 18:40 685,816 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
2007-10-29 01:19 <DIR> d-------- C:\Documents and Settings\Deric Pujo\Application Data\DivX
2007-10-29 01:14 <DIR> d-------- C:\Program Files\DivX
2007-10-27 08:03 <DIR> d-------- C:\Program Files\LibUSB-Win32-0.1.10.1
2007-10-27 08:03 46,592 --a------ C:\WINDOWS\SYSTEM32\libusb0.dll
2007-10-27 08:03 33,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\libusb0.sys
2007-10-27 08:03 19,456 --a------ C:\WINDOWS\SYSTEM32\libusbd-9x.exe
2007-10-27 08:03 18,944 --a------ C:\WINDOWS\SYSTEM32\libusbd-nt.exe
2007-10-27 07:54 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2007-10-27 07:54 9,600 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 00:58 --------- d-----w C:\Program Files\Norton AntiVirus
2007-11-14 04:29 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-14 03:22 --------- d-----w C:\Program Files\Viewpoint
2007-11-11 19:38 --------- d-----w C:\Program Files\Project64 v1.5
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-15 00:30 --------- d-----w C:\Program Files\BitComet
2007-10-08 21:50 13,824 ----a-w C:\WINDOWS\plite731.exe
2007-10-01 23:36 --------- d-----w C:\Program Files\LitexMedia
2007-09-30 16:40 --------- d-----w C:\Program Files\Common Files\AOL
2007-09-30 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-09-17 18:23 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-09-17 18:22 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-09-17 18:22 739,840 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-09-11 23:14 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-21 00:26 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-08-21 00:26 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2004-12-18 21:39:32 56 --sh--r C:\WINDOWS\SYSTEM32\DC37696E96.sys
2005-01-15 02:13:29 952 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{346768bf-c626-41e7-aff3-145f5d50dcbb}]
2007-11-18 13:44 79424 --a------ C:\WINDOWS\system32\vmfbelvd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]
2007-11-12 00:33 36352 --a------ C:\WINDOWS\system32\khfffda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9180084F-B128-4E6E-8F0F-932FFE6B40C2}]
2007-11-18 19:24 320608 --a------ C:\WINDOWS\system32\hgdcd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe" [2007-04-12 16:23]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-15 08:28]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-08-10 20:54]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52]
"plite731"="C:\WINDOWS\plite731.exe" [2007-10-08 16:50]
"009b5092"="C:\WINDOWS\system32\swpmofnk.dll" [2007-11-16 21:39]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pc_flashbang"="C:\Program Files\PCFlashBang\PCFlashBang.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"Xxs"="C:\WINDOWS\system32\arpa.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-10 17:48]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2005-07-04 07:39:37]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"= C:\WINDOWS\system32\khfffda.dll [2007-11-12 00:33 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffda]
khfffda.dll 2007-11-12 00:33 36352 C:\WINDOWS\SYSTEM32\khfffda.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hanonvt.ini

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgdcd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ewVGY9ow]
C:\PROGRA~1\wvswosvv\wrqosvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\WINDOWS\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\System32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys
S3 dump_wmimmc;dump_wmimmc;\??\C:\Netmarble\NetmarbleSDGO\GameGuard\dump_wmimmc.sys
S3 PsSdk30;PsSdk30;\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57440df1-3155-11dc-be6a-00038a000015}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-11-13 01:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Melissa Pujo.job"
- C:\Program Files\Norton AntiVirus\Navw32.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 19:24:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-18 19:31:52 - machine was rebooted
.
--- E O F ---




And here is the HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:46 PM, on 11/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Documents and Settings\Deric Pujo\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [009b5092] rundll32.exe "C:\WINDOWS\system32\swpmofnk.dll",b
O4 - HKCU\..\Run: [pc_flashbang] C:\Program Files\PCFlashBang\PCFlashBang.exe -sys
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Xxs] C:\WINDOWS\system32\arpa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources/1....der.9.3.2.3.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - AppInit_DLLs: hanonvt.ini
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10615 bytes

#4 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:09 AM

Posted 18 November 2007 - 10:46 PM

Please, open Notepad (Start > Run > in the Open field type: notepad)
Click: OK

Copy/ paste the blue text below to Notepad:

File::
C:\WINDOWS\SYSTEM32\dcdgh.ini2
C:\WINDOWS\SYSTEM32\hgdcd.dll
C:\WINDOWS\SYSTEM32\rqtss.ini2
C:\WINDOWS\SYSTEM32\vmfbelvd.dll
C:\WINDOWS\SYSTEM32\vcyfojsy.dll
C:\WINDOWS\SYSTEM32\fmredhwt.dll
C:\WINDOWS\SYSTEM32\fobrsosx.dll
C:\WINDOWS\SYSTEM32\hdlmympf.dll
C:\WINDOWS\SYSTEM32\pktbsfml.dll
C:\WINDOWS\SYSTEM32\mnataaha.dll
C:\WINDOWS\SYSTEM32\swpmofnk.dll
C:\WINDOWS\SYSTEM32\skmafdim.dll
C:\WINDOWS\SYSTEM32\txtcemhh.dll
C:\WINDOWS\SYSTEM32\rqtss.bak2
C:\WINDOWS\SYSTEM32\rqtss.bak1
C:\WINDOWS\SYSTEM32\khfffda.dll
C:\WINDOWS\plite731.exe

Folder::
C:\WINDOWS\SYSTEM32\rMa02yy
C:\Program Files\wvswosvv
C:\temp\abW9

Registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{346768bf-c626-41e7-aff3-145f5d50dcbb}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9180084F-B128-4E6E-8F0F-932FFE6B40C2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plite731"=-
"009b5092"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xxs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffda]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=“”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ewVGY9ow]



Save as CFScript.txt <-Important!!
Change the Save as type to: All Files
Save it to the Desktop.

Posted Image

Referring to the screenshot above, drag CFScript.txt >>> into >>> ComboFix.exe
ComboFix runs a scan on your system, and may reboot when it finishes. This is normal.

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

When finished, a log is produced: ComboFix.txt

~~~~
Before we go any further, please make sure HijackThis is run from its own folder. This ensures back ups are made and kept securely. Backups allow the restoring of fixed entries when necessary.

On the Desktop, right click an empty area, select New > Folder, and name the folder Hijack This. Place the HijackThis.exe file in it, and then run the program from its own folder to obtain a new log.

~~~~
Please provide the contents of the new ComboFix log , and the new HijackThis log in your reply.

Old duck...


#5 NovaPulse

NovaPulse
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 18 November 2007 - 11:19 PM

Ok, there is a problem..everytime i drag the CFScript.txt file into combofix.exe, it will say that combofix is preparing the scan but then i keep getting a window saying that my current version of combofix is expired and i need to download an updated version. I downloaded another version and that had the same thing.

#6 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:09 AM

Posted 19 November 2007 - 03:44 PM

Please download OTMoveIt by OldTimer.
Save it to the Desktop

Double-click OTMoveIt.exe to run it.
Copy the text below (blue) by highlighting, right-clicking and choosing Copy:

C:\WINDOWS\SYSTEM32\dcdgh.ini2
C:\WINDOWS\SYSTEM32\hgdcd.dll
C:\WINDOWS\SYSTEM32\rqtss.ini2
C:\WINDOWS\SYSTEM32\vmfbelvd.dll
C:\WINDOWS\SYSTEM32\vcyfojsy.dll
C:\WINDOWS\SYSTEM32\fmredhwt.dll
C:\WINDOWS\SYSTEM32\fobrsosx.dll
C:\WINDOWS\SYSTEM32\hdlmympf.dll
C:\WINDOWS\SYSTEM32\pktbsfml.dll
C:\WINDOWS\SYSTEM32\mnataaha.dll
C:\WINDOWS\SYSTEM32\swpmofnk.dll
C:\WINDOWS\SYSTEM32\skmafdim.dll
C:\WINDOWS\SYSTEM32\txtcemhh.dll
C:\WINDOWS\SYSTEM32\rqtss.bak2
C:\WINDOWS\SYSTEM32\rqtss.bak1
C:\WINDOWS\SYSTEM32\khfffda.dll
C:\WINDOWS\plite731.exe
C:\WINDOWS\SYSTEM32\rMa02yy
C:\Program Files\wvswosvv
C:\temp\abW9


Return to OTMoveIt, right click Paste List of Files/Folders to be moved and choose Paste.
Click the red Moveit! button.

If you are not asked to restart the machine choose, please do so now.

Copy the text on the Results window to provide in your reply.
Close OTMoveIt

~~~~
Next, launch Notepad, (Start > Run, type in: notepad)

Copy/paste all the blue REGEDIT below to it

REGEDIT4
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{346768bf-c626-41e7-aff3-145f5d50dcbb}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9180084F-B128-4E6E-8F0F-932FFE6B40C2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plite731"=-
"009b5092"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xxs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfffda]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ewVGY9ow]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=“”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


In Notepad, go to File (upper menu bar), and select: Save as
In the Save as prompt:
Save in: Desktop
File Name: Fix.reg
Save as Type: All files
Click: Save
Exit out of Notepad.

Back on the Desktop, double-click on the Fix.reg file just saved and click on Yes when asked to merge the information into the Registry.

~~~~
Now, download SilentRunners to the Desktop
Right-click and select: Extract all
Double-click on SilentRunners.vbs

If an alert about scripting appears from your anti-virus, choose to allow the script to run.
When the scan is done, Notepad opens with a log which is saved in the SilentRunners folder.

~~~~
Please post the contents of the OTMoveIt results, and the SilentRunners log in your reply.

Old duck...


#7 NovaPulse

NovaPulse
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 November 2007 - 09:43 PM

After restarting my computer once i finished the OTmoveit steps, i had no icons show up on my desktop and when i turned my computer back on they showed up again but still no results for it. Is there any way to retrieve the results?

Here is my SilentRunners results:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"pc_flashbang" = "C:\Program Files\PCFlashBang\PCFlashBang.exe -sys" [file not found]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"MsnMsgr" = ""C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background" [file not found]
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" [file not found]
"Aim6" = "(empty string)" [file not found]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"ProxyWay" = "C:\Program Files\ProxyWay\proxyway.exe" [file not found]
"AOL Fast Start" = ""C:\Program Files\America Online 9.0b\AOL.EXE" -b" ["America Online, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"HostManager" = "C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe" ["AOL LLC"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ["Symantec Corporation"]
"RealTray" = "C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER" ["RealNetworks, Inc."]
"Symantec PIF AlertEng" = ""C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"" ["Symantec Corporation"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer"
\StubPath = "C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{2C8FE6F6-5D4D-4912-97F4-CC16AF41E8B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\hgdcd.dll" [null data]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
-> {HKLM...CLSID} = "BitComet Helper"
\InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\khfffda.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "G:\ALCOHO~1\AxShlex.dll" [file not found]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}" = "*i" (unwritable string)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\khfffda.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "hanonvt.ini" [file not found]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> khfffda\DLLName = "khfffda.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "%APPDATA%\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Deric Pujo\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp"


Startup items in "Deric Pujo" & "All Users" startup folders:
------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"America Online 9.0 Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0\aoltray.exe -check" ["America Online, Inc."]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Run Full System Scan - Melissa Pujo" -> launches: "C:\Program Files\Norton AntiVirus\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{F8AD5AA5-D966-4667-9DAF-2561D68B2012}" = (no title provided)
-> {HKLM...CLSID} = "Viewpoint Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll" ["Viewpoint Corporation"]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" = "AOL Toolbar"
-> {HKLM...CLSID} = "AOL Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {HKLM...CLSID} = "Web Browser Applet Control"
\InProcServer32\(Default) = "C:\WINDOWS\system32\msjava.dll" [MS]

{3369AF0D-62E9-4BDA-8103-B4C75499B578}\
"ButtonText" = "AOL Toolbar"
"CLSIDExtension" = "{DE9C389F-3316-41A7-809B-AA305ED9D922}"
-> {HKLM...CLSID} = "AOL Toolbar"
\InProcServer32\(Default) = "C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll" ["America Online, Inc."]

{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"]
AOL TopSpeed Monitor, AOL TopSpeedMonitor, "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" ["America Online, Inc"]
Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Fax, Fax, "C:\WINDOWS\system32\fxssvc.exe" [MS]
HP CUE DeviceDiscovery Service, hpqddsvc, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll" ["Hewlett-Packard Co."]}
hpqcxs08, hpqcxs08, "C:\WINDOWS\system32\svchost.exe -k hpdevmgmt" {"C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll" ["Hewlett-Packard Co."]}
LibUsb-Win32 - Daemon, Version 0.1.10.1, libusbd, "system32\libusbd-nt.exe" ["http://libusb-win32.sourceforge.net"]
LiveUpdate Notice Service Ex, LiveUpdate Notice Ex, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Net Driver HPZ12, Net Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZinw12.dll" ["Hewlett-Packard"]}
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\System32\svchost.exe -k HPZ12" {"C:\WINDOWS\system32\HPZipm12.dll" ["Hewlett-Packard"]}
StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Viewpoint Manager Service, Viewpoint Manager Service, ""C:\Program Files\Viewpoint\Common\ViewpointService.exe"" ["Viewpoint Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
PCL Language Monitor\Driver = "hpz3l4v2.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2007-11-19 21:32:48)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 111 seconds, including 18 seconds for message boxes)

#8 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:09 AM

Posted 19 November 2007 - 10:56 PM

The log from OTMoveIt located at:

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date and time the tool was run.

See if you can find it and post it! :thumbsup:

Old duck...


#9 NovaPulse

NovaPulse
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 19 November 2007 - 11:15 PM

Ok, found it and here it is:


C:\WINDOWS\SYSTEM32\dcdgh.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\hgdcd.dll
C:\WINDOWS\SYSTEM32\hgdcd.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\hgdcd.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\rqtss.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\vmfbelvd.dll
C:\WINDOWS\SYSTEM32\vmfbelvd.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\vmfbelvd.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\vcyfojsy.dll
C:\WINDOWS\SYSTEM32\vcyfojsy.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\vcyfojsy.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\fmredhwt.dll
C:\WINDOWS\SYSTEM32\fmredhwt.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\fmredhwt.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\fobrsosx.dll
C:\WINDOWS\SYSTEM32\fobrsosx.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\fobrsosx.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\hdlmympf.dll
C:\WINDOWS\SYSTEM32\hdlmympf.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\hdlmympf.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\pktbsfml.dll
C:\WINDOWS\SYSTEM32\pktbsfml.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\pktbsfml.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\mnataaha.dll
C:\WINDOWS\SYSTEM32\mnataaha.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\mnataaha.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\swpmofnk.dll
C:\WINDOWS\SYSTEM32\swpmofnk.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\swpmofnk.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\skmafdim.dll
C:\WINDOWS\SYSTEM32\skmafdim.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\skmafdim.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\txtcemhh.dll
C:\WINDOWS\SYSTEM32\txtcemhh.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\txtcemhh.dll moved successfully.
C:\WINDOWS\SYSTEM32\rqtss.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\rqtss.bak1 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\khfffda.dll
C:\WINDOWS\SYSTEM32\khfffda.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\khfffda.dll scheduled to be moved on reboot.
C:\WINDOWS\plite731.exe moved successfully.
C:\WINDOWS\SYSTEM32\rMa02yy moved successfully.
C:\Program Files\wvswosvv moved successfully.
C:\temp\abW9 moved successfully.

Created on 11/19/2007 16:05:54

#10 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:09 AM

Posted 20 November 2007 - 03:42 PM

Please download SuperAntiSpyware
Install the program
  • Run SuperAntiSpyware and click: Check for updates
  • Once the update is finished, on the main screen, click: Scan your computer
  • Check: Perform Complete Scan
  • Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SuperAntiSpyware Scan Log (It opens in your default text editor, such as Notepad)
Please provide the SuperAntiSpyware log in your reply.

~~~~
Also download Deckard's System Scanner (DSS)
Save it to the Desktop
Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your firewall offers a warning, allow the program to run
  • When finished, DSS opens two Notepad files: main.txt <- this one is maximized and extra.txt <-this one is minimized
Please post the contents of main.txt in your reply.
(A copy of these files is also found in C:\Deckard\System Scanner)

Also, please attach extra.txt to your post.
To attach the file, do the following:
  • Below the Reply to Thread box, under Attachments > Select a file, go to : Browse to get to the file.
  • Then, click Upload

Old duck...


#11 NovaPulse

NovaPulse
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 20 November 2007 - 09:12 PM

Ok, here is my Superantispyware results:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/20/2007 at 08:12 PM

Application Version : 3.9.1008

Core Rules Database Version : 3347
Trace Rules Database Version: 1348

Scan type : Complete Scan
Total Scan Time : 01:41:04

Memory items scanned : 601
Memory threats detected : 2
Registry items scanned : 4820
Registry threats detected : 38
File items scanned : 51567
File threats detected : 526

Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\KHFFFDA.DLL
C:\WINDOWS\SYSTEM32\KHFFFDA.DLL
HKLM\Software\Classes\CLSID\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}
HKCR\CLSID\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}
HKCR\CLSID\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}\InprocServer32
HKCR\CLSID\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\khfffda

Trojan.WinFixer
C:\WINDOWS\SYSTEM32\HGDCD.DLL
C:\WINDOWS\SYSTEM32\HGDCD.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C0627BF-5B66-44A2-B0E3-0DA319E09D87}
HKCR\CLSID\{5C0627BF-5B66-44A2-B0E3-0DA319E09D87}
HKCR\CLSID\{5C0627BF-5B66-44A2-B0E3-0DA319E09D87}\InprocServer32
HKCR\CLSID\{5C0627BF-5B66-44A2-B0E3-0DA319E09D87}\InprocServer32#ThreadingModel

Adware.Vundo-Variant/Small-A
HKLM\Software\Classes\CLSID\{7d90d98e-35e2-484c-b25a-e88a37edede5}
HKCR\CLSID\{7D90D98E-35E2-484C-B25A-E88A37EDEDE5}
HKCR\CLSID\{7D90D98E-35E2-484C-B25A-E88A37EDEDE5}\InprocServer32
HKCR\CLSID\{7D90D98E-35E2-484C-B25A-E88A37EDEDE5}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\TERSSVUL.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7d90d98e-35e2-484c-b25a-e88a37edede5}
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\FMREDHWT.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\HDLMYMPF.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\PKTBSFML.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\SKMAFDIM.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\TXTCEMHH.DLL
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\SYSTEM32\VMFBELVD.DLL

Adware.Viewpoint Toolbar
HKLM\Software\Classes\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\InProcServer32#ThreadingModel
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\ProgID
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\Programmable
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\TypeLib
HKCR\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}\VersionIndependentProgID
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT TOOLBAR\VIEWBAR.DLL
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{F8AD5AA5-D966-4667-9DAF-2561D68B2012}
HKCR\ViewBar.ViewBar.1
HKCR\ViewBar.ViewBar.1\CLSID
HKCR\ViewBar.ViewBar
HKCR\ViewBar.ViewBar\CLSID
HKCR\ViewBar.ViewBar\CurVer
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\0\win32
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\FLAGS
HKCR\TypeLib\{E060D9D9-E979-4C2F-A840-BE5150F84AC5}\1.0\HELPDIR

Adware.Tracking Cookie
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@rightmedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ar.atwola[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adrevolver[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@h.starware[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.multimania.lycos[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@e-2dj6wjnycjczseo.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@doubleclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@stats.gamestop[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@kanoodle[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@media.adrevolver[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.musicmatch[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@e-2dj6wjnyskcpkhp.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.associatedcontent[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.adbrite[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@burstnet[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@anad.tacoda[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adserver.iefactory[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@perf.overture[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-youtube.hitbox[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@list[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-harleydavidson.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@revenue[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@smartcpc.advertserve[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@zedo[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@bluestreak[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adbrite[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@statcounter[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@advertising[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.veoh[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@clickability[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@fortunecity[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.perfil.e-planning[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@412[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@protect.spyguardpro[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adopt.specificclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@586[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@richmedia.yahoo[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@precisionclick[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@statsync[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@specificclick[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@hotsexylayouts[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@stats.my-tools[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@media.cdmetrix[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@realmedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@dancetracksdigital[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@exitexchange[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@media.adrevolver[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@perfettomedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@vip.clickzs[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adopt.euroclick[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@hollywoodentertainment.122.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ad.yieldmanager[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@bestsellerantivirus[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@598[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.teenabby[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.realcastmedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.addfreestats[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-dig.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@0[11].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@1[9].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@imeem.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.cibleclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@0[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@0[4].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@sexbuddies[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@apmebf[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@questionmarket[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@offeroptimizer[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tremor.adbureau[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@hits.clickandtrack[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-sonyny.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ezzmedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.burstnet[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@mediaplex[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@clickagents[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www10.paypopup[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@atwola[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@cgi-bin[6].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.pointroll[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.infinite-ads[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.pointroll[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.burstbeacon[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@621[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@bs.serving-sys[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@cnstats[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@spyguardpro[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adopt.hotbar[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www3.paypopup[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.warez-vortex[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@partypoker[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@videoegg.adbureau[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@hypertracker[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-bestbuy.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@casalemedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@azjmp[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-sonyelec.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@yadro[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www4.yesadvertising[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tripod[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@247realmedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@clickthrutraffic[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@emarketmakers[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@fastclick[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@atdmt[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.statsync[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tradedoubler[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@weborama[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@333[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@trafficmp[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.googleadservices[6].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tribalfusion[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@indiads[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@eyewonder[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-veohnetworksinc.hitbox[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@localsrv[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tacoda[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.googleadservices[7].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.revsci[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@incentreward.directtrack[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@directtrack[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@serving-sys[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@revsci[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@media6degrees[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.100-gen.tbn[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.adition[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.admarketplace[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.adocean[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.echangnet[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.gen.tbn[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.pro-advertising[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.reunion[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.tbn[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad.virgula.com[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad1.homestead[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ad1.trucoteca[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adidm.supermedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@admarketplace[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adopt.hbmediapro[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adprofile[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.addesktop[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.baventures[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.bigfoot[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.cc214142[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.gamershell[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.jackpot[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.joetec[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.msn.co[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.op-design[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.partyradio[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.planetactive[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.realcastmedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.tripod.lycos.co[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.tripod.lycos[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads.us.e-planning[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ads2.blastro[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adserver.terra.com[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adserver1.isohunt[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adserver1.lokitorrent[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adtrack.wildwabbit[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adtrackz[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adultswim[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adv.chol[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@adv.virgilio[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@advertpro.ya[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@arcadia.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ath.belnk[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@banner-tiscali[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@banner.monacogoldcasino[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@banner3.inet-traffic[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@bannerlandia.com[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@banner[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@belnk[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@bigbanners[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@c.enhance[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@c2.gostats[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@c3.gostats[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@checkmystats.com[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@chokertraffic[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@click-fr[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@clicks.jackpot[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@clicks.ourperfectprofitrightnow[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@clicks.winsweepstakes[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@clkhype.adbureau[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@contentholdings.advertserve[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@counter.fateback[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@counter.sparklit[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@cs.sexcounter[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@dist.belnk[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@e-2dj6wjk4eoczceo.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@e-2dj6wjkougajkco.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@e-2dj6wjny-1mczee.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@e-2dj6wjnyaiazmbp.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@e-2dj6wjnygmcjmfo.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@e-2dj6wjnyopdjofp.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-atariinc.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-cafepress.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-hasbro.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-idgentertainment.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-segaofamerica.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-sgi.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-sonycomputer.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-sonylearning.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-stampsdotcom.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-trilegiant.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-worldwildlifefund.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ehg-xgaming.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@euros4click[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ezz.ezzmedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@fishadultgames[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@free-banners[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@gamestats[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@gunboundcrack.cjb[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@hentaicounter[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@hitstats[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@hurricanedigitalmedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@icc.intellisrv[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@ice.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@image.checkmystats.com[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@intellisrv[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@link.vericlick[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@macromedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@mediats.lostfrog[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@metareward[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@msnportal.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@mt.valueclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@mv.valueclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@oasis.adserver.m2kcore[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@oinadserve[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@overture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@partners.webmasterplan[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@publicidad.misitioenlared[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@qnsr[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@realcastmedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@roskatrack.roskadirect[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@sexaffair[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@spike.oberon-media[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@stats-tracking[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@stats.adregie[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@stats24[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@teen.any-porn[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@toplist[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@tracking.g3x[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@trafficbiz[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@vhost.oddcast[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@winfixer[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.3d-sexgames[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.adult-swim[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.azoogleads[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.coolcounters[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.directdl[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.emarketmakers[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.euros4click[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.fishadultgames[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.gallerieporno[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.metareward[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.mystats[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.netdebit-counter[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.ragazze-sexy[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.sexwideweb[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.sfxxxplace[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.teensvariety[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.thrixxx[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.totaltraffictracker[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.trackingroi[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.tradingmedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.trafficexplorer[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.xxx-hottitties[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.yfdmedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www.zona-warez[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@www5.yesadvertising[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@xiti[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@xxxsmutmail[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric pujo@yourmedia[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@2.adbrite[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@2.go.globaladsales[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@3.adbrite[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@4.adbrite[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@a.tribalfusion[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@a.websponsors[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ad.zanox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ad1.clickhype[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ad2.adnetinteractive[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ad8.bannerbank[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adbrite[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adecn[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adfarm1.adition[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adinterax[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adlegend[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adrevolver[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.12titans[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.adapterproject[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.adbrite[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.auctionads[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.auctionads[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.bridgetrack[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.e-planning[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.gamesbannernet[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.gametap[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.jolinko[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.newgrounds[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.realtechnetwork[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.realtechnetwork[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.revsci[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads.veoh[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads3.blastro[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ads4.blastro[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adserver.adreactor[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adserver.aol[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adserver.easyad[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adsrevenue[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adstats.cdfreaks[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@adultadworld[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@aff.primaryads[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@anat.tacoda[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ar.atwola[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@bannerspace[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@bizrate[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@brightcove.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@buycom.122.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@cbcnewmedia.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@cgm.adbureau[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@clickaider[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@clickntrack[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@clicksor[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@clicktorrent[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@collective-media[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@counter.search[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@counter3.sextracker[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@directtrack[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@divx.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@e-2dj6wamyqpdjegp.stats.esomniture[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@e-2dj6wgk4gocjefo.stats.esomniture[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@eas.apm.emediate[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-dcshoes.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-globalgamingleague.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-shoes.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-utilityboardsupplyllc.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-veohnetworksinc.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ehg-youtube.hitbox[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@etoys.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@eyewonder[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@ezzs.valueclick[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@faraz-world.tripod[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@findwhat[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@freecodesource.advertserve[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@gms.adbureau[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@go.winantivirus[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@go.winantivirus[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@goclick[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@gostats[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@hotlog[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@i.screensavers[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@incentreward.directtrack[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@interclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@keywordmax[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@komtrack[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@linkto.mediafire[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@login.tracking101[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@media.ds.ign[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@media.injectnet[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@media.ps2.ign[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@media6degrees[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@mediafire[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@nextag[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@nike.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@partner2profit[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@path.pureadstracking[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@phg.hitbox[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@playphone.advertserve[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@precisionclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@prospect.adbureau[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@questionmarket[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@radprofile[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@redorbit[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@reduxads.valuead[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@revsci[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@roiservice[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@rotator.adjuggler[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@screensavers[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@server.cpmstar[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@serving-sys[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@sextracker[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@shopping.112.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@sixapart.adbureau[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@specificclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@starsuperxxx[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@stat.dealtime[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@statcounter[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@stats.gamestop[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@stats1.reliablestats[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tacoda[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tgn.122.2o7[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@thunderbolt.adjuggler[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@track.bestbuy[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@traffic.buyservices[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@trafficmp[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tremor.adbureau[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@tribalfusion[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@try.screensavers[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@try.starware[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@usenext[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@valueclick[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@warezreleases[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@winantivirus[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.burstnet[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.claxonmedia[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.clickxchange[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.fullreleases[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.googleadservices[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.googleadservices[2].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.googleadservices[3].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.googleadservices[4].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.googleadservices[5].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.mediafire[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.romnation[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.screensavers[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www.warezquality[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www2.addfreestats[1].txt
C:\Documents and Settings\Deric Pujo\Cookies\deric_pujo@www8.addfreestats[1].txt
C:\Documents and Settings\Marshall\Cookies\marshall@2o7[2].txt
C:\Documents and Settings\Marshall\Cookies\marshall@ads.pointroll[1].txt
C:\Documents and Settings\Marshall\Cookies\marshall@ads.web.aol[2].txt
C:\Documents and Settings\Marshall\Cookies\marshall@advertising[1].txt
C:\Documents and Settings\Marshall\Cookies\marshall@ar.atwola[2].txt
C:\Documents and Settings\Marshall\Cookies\marshall@atwola[1].txt
C:\Documents and Settings\Marshall\Cookies\marshall@bluestreak[2].txt
C:\Documents and Settings\Marshall\Cookies\marshall@doubleclick[1].txt
C:\Documents and Settings\Marshall\Cookies\marshall@edge.ru4[2].txt
C:\Documents and Settings\Marshall\Cookies\marshall@nextag[2].txt
C:\Documents and Settings\Marshall\Cookies\marshall@revsci[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@112.2o7[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@3.adbrite[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@adultadworld[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@adultdotcom.spicetv[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@campaign.indieclick[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@clickbank[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@commonsensemedia[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@counter3.sextracker[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@counter4.sextracker[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@data3.perf.overture[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@edge.ru4[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@ehg-adaptivemarketing.hitbox[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@ehg-bellsouth.hitbox[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@ehg-playboy.hitbox[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@go.winantivirus[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@hitbox[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@perf.overture[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@pro-market[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@sec1.liveperson[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa pujo@sextracker[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@2o7[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@a.websponsors[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ad.adserverplus[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ad.targetingmarketplace[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ad.yieldmanager[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@adbrite[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@adinterax[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@adopt.euroclick[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@adopt.specificclick[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@adrevolver[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ads.pointroll[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ads.realtechnetwork[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ads.revsci[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ads.web.aol[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@adserving.cpxinteractive[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@advertising[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@alena.122.2o7[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@anat.tacoda[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@ar.atwola[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@atwola[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@azjmp[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@banners.pictures.sprintpcs[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@bluestreak[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@bs.serving-sys[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@casalemedia[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@citi.bridgetrack[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@cpvfeed[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@eyewonder[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@fastclick[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@freecodesource.advertserve[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@icc.intellisrv[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@interclick[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@linksynergy[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@media.adrevolver[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@media.adrevolver[3].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@mediaplex[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@nextag[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@partner2profit[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@precisionclick[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@questionmarket[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@realmedia[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@revsci[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@richmedia.yahoo[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@serving-sys[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@specificclick[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@tacoda[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@trafficmp[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@tremor.adbureau[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@tribalfusion[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@windowsmedia[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@www.burstbeacon[1].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@www.burstnet[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@www.xctrk[2].txt
C:\Documents and Settings\Melissa Pujo\Cookies\melissa_pujo@zedo[2].txt

Unclassified.Unknown Origin
HKCR\CLSID\{4CB8F4B4-5F66-4D9E-BC3B-184596A58824}

Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\C_AMERICA ONLINE 9.0B\OPTCLEAN.EXE

Adware.SysMon
C:\_OTMOVEIT\MOVEDFILES\WINDOWS\PLITE731.EXE



Here is the Main.txt :

Deckard's System Scanner v20071014.68
Run by Deric Pujo on 2007-11-20 20:52:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2007-11-21 01:52:37 UTC - RP478 - Deckard's System Scanner Restore Point
3: 2007-11-20 23:23:46 UTC - RP477 - Installed SUPERAntiSpyware Free Edition
2: 2007-11-19 20:33:38 UTC - RP476 - Last known good configuration
1: 2007-11-19 20:32:54 UTC - RP475 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 446 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-20 20:54:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\SYSTEM32\services.exe
C:\WINDOWS\SYSTEM32\lsass.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\SYSTEM32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\libusbd-nt.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\WINDOWS\SYSTEM32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\Common Files\AOL\1129079549\ee\aolsoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\SYSTEM32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\SYSTEM32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Documents and Settings\Deric Pujo\Desktop\dss.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0b\shellmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/en-us/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [pc_flashbang] C:\Program Files\PCFlashBang\PCFlashBang.exe -sys
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - CmdMapping - (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} () - http://download.microsoft.com/download/0/f...tualEarth3D.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} () - http://pictures.aolcdn.com/ap/Resources/1....der.9.3.2.3.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - AppInit_DLLs: hanonvt.ini
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\SYSTEM32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


--
End of file - 11829 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 libusb0 (LibUsb-Win32 - Kernel Driver, Version 0.1.10.1) - c:\windows\system32\drivers\libusb0.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 catchme - c:\docume~1\dericp~1\locals~1\temp\catchme.sys (file missing)
S3 dump_wmimmc - c:\netmarble\netmarblesdgo\gameguard\dump_wmimmc.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 pepifilter (Volume Adapter) - c:\windows\system32\drivers\lv302af.sys (file missing)
S3 PID_08A0 (QuickCam IM(PID_08A0)) - c:\windows\system32\drivers\lv302av.sys (file missing)
S3 PsSdk30 - c:\windows\system32\drivers\pssdk30.drv (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 libusbd (LibUsb-Win32 - Daemon, Version 0.1.10.1) - system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 aspnet_state (ASP.NET State Service) - c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: SCSI/RAID Host Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: af1gyoy5


-- Scheduled Tasks -------------------------------------------------------------

2007-11-12 20:00:02 570 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Melissa Pujo.job


-- Files created between 2007-10-20 and 2007-11-20 -----------------------------

2007-11-20 18:25:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-20 18:24:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-11-20 18:23:59 0 d-------- C:\Documents and Settings\Deric Pujo\Application Data\SUPERAntiSpyware.com
2007-11-19 16:05:44 433320 --ahs---- C:\WINDOWS\system32\dcdgh.ini2
2007-11-17 23:43:32 0 d-------- C:\Program Files\Lavasoft
2007-11-17 23:43:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-17 23:40:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 23:28:19 0 d-------- C:\Program Files\ProxyWay
2007-11-13 22:19:39 0 d-------- C:\Program Files\AIM6
2007-11-13 20:25:07 0 d-------- C:\Program Files\Common Files\DirectX
2007-11-11 22:55:51 0 d-------- C:\Program Files\Buddy Icon Maker
2007-11-11 16:17:09 0 d-------- C:\Program Files\3DRipperDX
2007-11-09 22:37:44 0 d-------- C:\Program Files\1964
2007-11-01 19:53:01 0 d-------- C:\Program Files\Pcsx2
2007-11-01 19:28:26 0 d-------- C:\Documents and Settings\Deric Pujo\Application Data\U3
2007-11-01 18:40:44 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-29 01:19:47 0 d-------- C:\Documents and Settings\Deric Pujo\Application Data\DivX
2007-10-29 01:14:41 0 d-------- C:\Program Files\DivX
2007-10-27 08:03:49 18944 --a------ C:\WINDOWS\system32\libusbd-nt.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-10-27 08:03:49 19456 --a------ C:\WINDOWS\system32\libusbd-9x.exe <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-10-27 08:03:49 46592 --a------ C:\WINDOWS\system32\libusb0.dll <Not Verified; http://libusb-win32.sourceforge.net; LibUsb-Win32>
2007-10-27 08:03:49 33792 --a------ C:\WINDOWS\system32\drivers\libusb0.sys
2007-10-27 08:03:48 0 d-------- C:\Program Files\LibUSB-Win32-0.1.10.1


-- Find3M Report ---------------------------------------------------------------

2007-11-19 15:40:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-11-17 23:40:59 0 d-------- C:\Program Files\Common Files
2007-11-16 19:58:50 0 d-------- C:\Program Files\Norton AntiVirus
2007-11-13 22:22:31 0 d-------- C:\Program Files\Viewpoint
2007-11-11 14:38:14 0 d-------- C:\Program Files\Project64 v1.5
2007-10-14 19:30:45 0 d-------- C:\Program Files\BitComet
2007-10-14 18:04:09 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-10-08 16:50:13 41 --a------ C:\WINDOWS\plite731_uninstaller_.bat
2007-10-07 21:43:41 0 d-------- C:\Documents and Settings\Deric Pujo\Application Data\Google
2007-10-01 18:36:29 0 d-------- C:\Program Files\LitexMedia
2007-09-30 11:40:58 0 d-------- C:\Program Files\Common Files\AOL
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-17 13:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-09-17 13:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-09-02 16:27:51 130349 --a------ C:\WINDOWS\hpoins13.dat
2007-08-20 19:26:52 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-08-20 19:26:52 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe" [04/12/2007 04:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/15/2006 08:28 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/10/2007 08:54 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [03/12/2007 05:30 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/10/2006 08:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pc_flashbang"="C:\Program Files\PCFlashBang\PCFlashBang.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [08/10/2007 05:48 PM]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway.exe" []
"AOL Fast Start"="C:\Program Files\America Online 9.0b\AOL.exe" [07/12/2005 06:17 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\Deric Pujo\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 9:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [7/4/2005 7:39:37 AM]
DESKTOP.INI [9/3/2002 9:00:00 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1/2/2007 8:40:10 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=hanonvt.ini

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgdcd.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=C:\WINDOWS\pss\Utility Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
C:\WINDOWS\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton AntiVirus\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
C:\WINDOWS\System32\keyhook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57440df1-3155-11dc-be6a-00038a000015}]
AutoRun\command- F:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-11-20 20:56:03 ------------



and of course the Extra.txt is located in the attachments.

Attached Files



#12 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:09 AM

Posted 20 November 2007 - 10:59 PM

Please download the following to the Desktop: VundoFix.exe
  • Double-click VundoFix.exe to run it
  • Click: Scan for Vundo
  • Once done scanning, click: Remove Vundo
  • A prompt asking if you want to remove the files appears, click: Yes
  • The Desktop goes blank as it starts removing Vundo.
  • When completed, a prompt to shutdown the computer appears, click OK
  • Please turn the computer back on.
A log is created and found in C:\vundofix.txt.

~~~~
Please post the C:\vundofix.txt in your reply.

Old duck...


#13 NovaPulse

NovaPulse
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 20 November 2007 - 11:26 PM

ok so vundofix did not find any infected files so therefore i have no log to post.

#14 Aaflac

Aaflac

    Doin' Dis 'n Dat...


  • Malware Response Team
  • 2,307 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:USA
  • Local time:12:09 AM

Posted 21 November 2007 - 12:59 PM

Please download SmitfraudFix
Extract the files to the Desktop

~~~~
Start the computer in Safe Mode :
  • When the machine reboots, tap the F8 key before Windows starts
  • You are presented with a Windows XP Advanced Options menu.
  • Select the option for Safe Mode using the arrow keys.
  • Press Enter to boot into Safe Mode.
~~~~
Open SmitfraudFix
  • Double-click smitfraudfix.cmd
  • Select Option 2 - Clean by typing 2 and press Enter (Deletes infected files)
  • You are prompted: Do you want to clean the registry? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool also checks if a relevant file, wininet.dll, is infected.
You may be prompted to replace the infected file (if found).
Replace infected file? Answer Y (yes) and hit Enter to restore a clean file.

When it is done, a log named rapport.txt is created, listing infected files (if present).

~~~~
Restart the computer to complete the removal process.

~~~~
Please post the SmitFraudFix report located at C:\rapport.txt , and a new HijackThis log.

Old duck...


#15 NovaPulse

NovaPulse
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:01:09 AM

Posted 21 November 2007 - 02:57 PM

Here is the rapport.txt:

SmitFraudFix v2.253

Scan done at 14:34:42.04, Wed 11/21/2007
Run from C:\Documents and Settings\Deric Pujo\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FDBC89AB-9908-4A9F-8652-2042D446A455}: DhcpNameServer=24.25.5.150 24.25.5.149
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FDBC89AB-9908-4A9F-8652-2042D446A455}: DhcpNameServer=24.25.5.150 24.25.5.149
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FDBC89AB-9908-4A9F-8652-2042D446A455}: DhcpNameServer=24.25.5.150 24.25.5.149
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.150 24.25.5.149
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.150 24.25.5.149
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.25.5.150 24.25.5.149


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



and the new HJT Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:17 PM, on 11/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\America Online 9.0b\shellmon.exe
C:\Program Files\Norton AntiVirus\NAVW32.exe
C:\Documents and Settings\Deric Pujo\Desktop\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129079549\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [pc_flashbang] C:\Program Files\PCFlashBang\PCFlashBang.exe -sys
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.4.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} - http://pictures.aolcdn.com/ap/Resources/1....der.9.3.2.3.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10348 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users