Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Obnoxious Spyware/malware


  • Please log in to reply
13 replies to this topic

#1 Huskisson

Huskisson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 19 November 2007 - 11:20 PM

OK I have some very annoying spyware/viruses running on my comp. I've run all sorts of anti-malware and virus scans to no avail. Encluded are some screen shots of the pop ups I've been getting.

Posted Image
Posted Image
Posted Image

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:53 PM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\bdkhvkmq.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {05B8F635-1F07-42D0-BAE9-9626F3B618C7} - C:\WINDOWS\system32\qomnkhf.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: {c760d60c-902e-0feb-0924-8d40f0068e77} - {77e8600f-04d8-4290-bef0-e209c06d067c} - C:\WINDOWS\system32\agrasxwt.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\rneihkam.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rneihkam.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [24644b0b] rundll32.exe "C:\WINDOWS\system32\biclhanp.dll",b
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146981536635
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://dar.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll (file missing)
O20 - Winlogon Notify: qomnkhf - C:\WINDOWS\SYSTEM32\qomnkhf.dll
O20 - Winlogon Notify: rneihkam - C:\WINDOWS\SYSTEM32\rneihkam.dll
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\bdkhvkmq.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7807 bytes

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 03 December 2007 - 04:57 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.

#3 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 11 December 2007 - 03:23 PM

Since there has been no reply to this topic in the last 7 days, it is now closed

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 12 December 2007 - 02:35 PM

Topic reopened
Please post a new HijackThis log

#5 Huskisson

Huskisson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 12 December 2007 - 05:52 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:53:53 PM, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\rneihkam.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [24644b0b] rundll32.exe "C:\WINDOWS\system32\atynduqd.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146981536635
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://dar.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol hijack: mhtml -
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7208 bytes

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 12 December 2007 - 06:02 PM

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#7 Huskisson

Huskisson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 13 December 2007 - 11:19 AM

ComboFix 07-12-12.3 - Bobby Maddox 2007-12-13 8:55:18.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.269 [GMT -7:00]
Running from: C:\Documents and Settings\Bobby Maddox\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
c:\documents and settings\bobby maddox\favorites\Online Security Guide.lnk
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\agrasxwt.dll
C:\WINDOWS\system32\ahgrnuvd.dll
C:\WINDOWS\system32\ajgjxuti.dll
C:\WINDOWS\system32\atynduqd.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\bbfqaucy.dll
C:\WINDOWS\system32\bdkhvkmq.exe
C:\WINDOWS\system32\biclhanp.dll
C:\WINDOWS\system32\bjgejmxl.dll
C:\WINDOWS\system32\bkyqjmrn.exe
C:\WINDOWS\system32\bvxrcifs.dll
C:\WINDOWS\system32\ccfuhmhr.ini
C:\WINDOWS\system32\cealjakf.dll
C:\WINDOWS\system32\ciujuvlm.exe
C:\WINDOWS\system32\cnewcoqb.exe
C:\WINDOWS\system32\dcpdyyav.dll
C:\WINDOWS\system32\dexpanrv.dll
C:\WINDOWS\system32\dkcnqwts.exe
C:\WINDOWS\system32\dqudnyta.ini
C:\WINDOWS\system32\dvunrgha.ini
C:\WINDOWS\system32\eoksjljn.ini
C:\WINDOWS\system32\erjsshgg.exe
C:\WINDOWS\system32\fdfpxcga.dll
C:\WINDOWS\system32\fekusbhj.ini
C:\WINDOWS\system32\fkajlaec.ini
C:\WINDOWS\system32\fxpepvrs.dll
C:\WINDOWS\system32\gcqnwcdg.dll
C:\WINDOWS\system32\gevnuheo.exe
C:\WINDOWS\system32\hadntrsr.exe
C:\WINDOWS\system32\iolnexhk.dll
C:\WINDOWS\system32\ituxjgja.ini
C:\WINDOWS\system32\iypjjjws.dll
C:\WINDOWS\system32\jclmssos.ini
C:\WINDOWS\system32\jhbsukef.dll
C:\WINDOWS\system32\jhsoqrgm.dll
C:\WINDOWS\system32\kppynhdj.dll
C:\WINDOWS\system32\lhdqksnw.dll
C:\WINDOWS\system32\lutstphk.dll
C:\WINDOWS\system32\lxmjegjb.ini
C:\WINDOWS\system32\mdxukvqe.exe
C:\WINDOWS\system32\mehktdjy.ini
C:\WINDOWS\system32\mgfqyyka.dll
C:\WINDOWS\system32\mkurbmjv.exe
C:\WINDOWS\system32\njljskoe.dll
C:\WINDOWS\system32\nobvyqgl.dll
C:\WINDOWS\system32\ogswcmpr.exe
C:\WINDOWS\system32\oivfkajh.dll
C:\WINDOWS\system32\otjnkbex.dll
C:\WINDOWS\system32\pedaggjx.dll
C:\WINDOWS\system32\pnahlcib.ini
C:\WINDOWS\system32\qeubtjjl.exe
C:\WINDOWS\system32\qomnkhf.dll
C:\WINDOWS\system32\qqvplsnw.dll
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\rhmhufcc.dll
C:\WINDOWS\system32\rneihkam.dll
C:\WINDOWS\system32\rneihkam.dllbox
C:\WINDOWS\system32\smmsalbw.ini
C:\WINDOWS\system32\sossmlcj.dll
C:\WINDOWS\system32\srvpepxf.ini
C:\WINDOWS\system32\swsferbv.dll
C:\WINDOWS\system32\sznf.ascii
C:\WINDOWS\system32\uojljipy.dll
C:\WINDOWS\system32\vbrefsws.ini
C:\WINDOWS\system32\vcbvflcv.exe
C:\WINDOWS\system32\vkkmgtmx.dll
C:\WINDOWS\system32\voyisnxa.dll
C:\WINDOWS\system32\vrlkfugx.ini
C:\WINDOWS\system32\vrnapxed.ini
C:\WINDOWS\system32\wblasmms.dll
C:\WINDOWS\system32\whbvjkgt.exe
C:\WINDOWS\system32\xebknjto.ini
C:\WINDOWS\system32\xgufklrv.dll
C:\WINDOWS\system32\xmtgmkkv.ini
C:\WINDOWS\system32\xpqwenqa.exe
C:\WINDOWS\system32\ycuaqfbb.ini
C:\WINDOWS\system32\yihpnypb.dll
C:\WINDOWS\system32\yjdtkhem.dll
C:\WINDOWS\system32\yjucvpue.exe
C:\WINDOWS\system32\ypijljou.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-10 19:36 . 2007-12-13 00:19 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-10 19:36 . 2007-12-10 19:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-10 08:34 . 2007-12-10 08:34 268 --ah----- C:\sqmdata06.sqm
2007-12-10 08:34 . 2007-12-10 08:34 244 --ah----- C:\sqmnoopt06.sqm
2007-12-08 20:22 . 2007-12-08 20:30 <DIR> d-------- C:\Program Files\PokerStars
2007-12-05 02:17 . 2007-12-05 02:17 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-04 21:55 . 2007-12-06 01:45 807,528 --ahs---- C:\WINDOWS\system32\wuyvytni.ini
2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Program Files\OGPlanet
2007-12-01 21:50 . 2007-12-02 21:50 793,664 --ahs---- C:\WINDOWS\system32\yvohvaqs.ini
2007-11-24 21:04 . 2007-11-24 21:04 949,747 --a------ C:\wake.mp3
2007-11-24 21:02 . 2007-11-24 21:02 10,469,434 --a------ C:\WINDOWS\nctFD6.tmp
2007-11-24 21:00 . 2007-11-24 21:00 10,469,434 --a------ C:\WINDOWS\nctFD4.tmp
2007-11-24 20:59 . 2007-11-24 20:59 10,469,434 --a------ C:\WINDOWS\nctFD3.tmp
2007-11-20 16:38 . 2007-11-20 16:38 <DIR> d-------- C:\Program Files\Jed's Half-Life Model Viewer 1.3.6
2007-11-19 21:18 . 2007-11-19 21:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 13:26 . 2007-11-16 13:27 <DIR> d-------- C:\OutputFolder
2007-11-16 12:47 . 2007-11-16 12:47 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2007-11-13 15:33 . 2007-11-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 15:32 . 2007-11-13 15:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 15:20 . 2007-11-16 13:30 317 --ahs---- C:\WINDOWS\system32\klkkj.ini
2007-11-13 12:19 . 2007-11-13 12:23 <DIR> d-------- C:\Program Files\GameTap
2007-11-13 12:19 . 2007-11-13 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-11-13 12:17 . 2007-11-13 12:17 <DIR> d-------- C:\Documents and Settings\Bobby Maddox\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 19:42 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\uTorrent
2007-12-12 16:53 --------- d-----w C:\Program Files\TextAloud
2007-12-12 15:46 --------- d-----w C:\Program Files\mIRC
2007-12-12 05:52 --------- d-----w C:\Program Files\Trillian Pro
2007-12-11 08:24 --------- d-----w C:\Program Files\Music Alarm Clock
2007-12-11 06:17 --------- d-----w C:\Program Files\FolderSizes
2007-12-05 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 09:09 --------- d-----w C:\Program Files\Sega
2007-12-05 09:07 --------- d-----w C:\Program Files\Full Tilt Poker
2007-12-03 01:23 --------- d-----w C:\Program Files\chatClient
2007-11-21 05:06 --------- d-----w C:\Program Files\FlashFXP
2007-11-21 01:27 --------- d-----w C:\Program Files\Steam
2007-11-14 19:22 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\AVG7
2007-11-14 19:17 --------- d-s---w C:\Program Files\Xfire
2007-11-14 01:39 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\Xfire
2007-11-13 22:33 --------- d-----w C:\Program Files\Lavasoft
2007-11-10 02:07 --------- d-----w C:\Program Files\Toribash-2.6
2007-11-09 20:56 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\dvdcss
2007-11-09 16:59 --------- d-----w C:\Program Files\ewido anti-malware
2007-11-09 16:26 --------- d-----w C:\Program Files\Xilisoft
2007-11-07 21:57 --------- d-----w C:\Program Files\Gpotato
2007-10-30 22:56 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\SecondLife
2007-10-30 22:51 --------- d-----w C:\Program Files\SecondLife
2007-10-26 06:03 --------- d-----w C:\Program Files\iTunes
2007-10-26 06:01 --------- d-----w C:\Program Files\iPod
2007-10-22 19:40 --------- d-----w C:\Program Files\uTorrent
2007-10-22 15:36 --------- d-----w C:\Program Files\CCleaner
2007-10-22 15:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-20 20:24 --------- d-----w C:\Program Files\Funcom
2007-10-20 20:17 --------- d-----w C:\Program Files\eMule
2007-10-19 21:33 --------- d-----w C:\Program Files\Common Files\L&H
2007-10-19 21:28 --------- d-----w C:\Program Files\Microsoft Works
2007-10-19 19:26 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\OpenOffice.org2
2007-10-16 19:02 --------- d-----w C:\Program Files\EndItAll
2006-11-27 05:17 56 --sh--r C:\WINDOWS\system32\0A966CBEEA.sys
2006-11-24 04:15 168 --sh--r C:\WINDOWS\system32\EABE6C960A.sys
2006-11-27 05:17 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-10-22_13.33.43.60 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 12:03:30 136,192 ----a-w C:\WINDOWS\catchme.exe
+ 2007-12-10 02:04:27 142,336 ----a-w C:\WINDOWS\catchme.exe
- 2007-03-13 16:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 17:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-10-26 06:09:31 102,400 ----a-r C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe
+ 2007-11-13 22:34:05 1,038,336 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe
+ 2007-11-13 22:34:05 178,688 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe
+ 2007-11-13 22:34:05 171,008 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe
+ 2007-11-13 22:34:05 8,704 ----a-r C:\WINDOWS\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe
- 2007-08-17 07:37:26 19,795 ----a-w C:\WINDOWS\mozver.dat
+ 2007-12-06 00:58:39 19,795 ----a-w C:\WINDOWS\mozver.dat
- 2007-06-17 06:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-06-17 07:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
- 2006-12-19 21:52:18 8,453,632 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 -c----w C:\WINDOWS\system32\dllcache\shell32.dll
- 2006-09-05 16:03:16 3,968 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
+ 2007-05-30 12:10:42 10,872 ----a-w C:\WINDOWS\system32\drivers\AvgAsCln.sys
+ 2007-07-11 20:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
+ 2007-08-07 19:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
+ 2007-08-07 19:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
+ 2007-04-13 21:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
- 2007-09-28 05:19:39 18,089,592 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2007-11-02 07:12:57 18,238,072 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-10-16 18:59:31 71,076 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-26 06:19:30 71,076 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-10-16 18:59:32 422,128 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-26 06:19:30 422,128 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-12-19 21:52:18 8,453,632 ----a-w C:\WINDOWS\system32\shell32.dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32.dll
- 2007-04-02 20:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-23 01:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
- 2007-08-21 10:20:02 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2007-10-29 10:26:53 115,712 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 11:49]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-03 16:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]
msldr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\polymorphreg]
C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-07-03 23:19 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Bobby Maddox\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0mcamcap]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24644b0b]
rundll32.exe C:\WINDOWS\system32\njljskoe.dll,b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4beb4c0e.exe]
C:\WINDOWS\System32\4beb4c0e.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apizj32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2005-05-06 17:47 2224128 --a------ C:\Program Files\BitLord\BitLord.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe /StartupJobs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvlos.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor]
C:\Program Files\Folder Guard XP\FGKey.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Halo 3 News Reader]
2007-07-24 05:18 758704 --a------ C:\Program Files\Halo 3 News Reader\Halo_3_News_Reader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipof32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\javaed.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2004-01-20 10:45 1757184 --a------ C:\WINDOWS\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 15:21 54832 --a------ C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 13:00 28739 --a------ c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgn.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnx32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Music Alarm Clock]
2006-01-18 18:39 970240 --a------ C:\PROGRA~1\MUSICA~1\mac.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroNETTrayIcon]
2003-02-18 17:00 212992 --------- C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netil.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoiseNak]
2004-04-23 09:01 323072 --a------ C:\Program Files\ComSoft\NoiseNak\NoiseNak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbcmcg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealPlayer\realplay.exe /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-07 15:24 71216 --------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
rundll32.exe C:\WINDOWS\system32\qjwrkigq.dll,sitypnow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartButler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syslc32.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-10 21:15 111816 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolumeLock]
C:\Program Files\VolumeLock\vollock.exe /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 15:22 35328 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSP]
REGEDIT.EXE -s c:/ireg.reg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMedia16]
wmedia16.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 14:48 479232 --a------ C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"rpcapd"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NetSvc"=3 (0x3)
"NeroNET"=2 (0x2)
"MDM"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"ewido security suite control"=2 (0x2)
"DomainService"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 X4HSX32;X4HSX32;\??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys
S3 FGUARD32;FGUARD32;\??\C:\Program Files\Folder Guard XP\FGUARD32.SYS
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys
S4 NeroNET;NeroNET;C:\Program Files\Ahead\NeroNET\NeroNET.exe -w
S4 VisualCron4;VisualCron 4;"C:\Program Files\VisualCron 4\VisualCronService.exe" S

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f15bb45b-ec84-11db-a2ea-000cf1ceb189}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 14:35:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-13 15:49:19 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-12-10 15:21:45 C:\WINDOWS\Tasks\rundefrag.job"
- C:\Program Files\AutoMacroRecorder\rundefrag.scp
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 09:15:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\PROGRA~1\Google\GOOGLE~2\GOOGLE~3.DLL
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2007-12-13 9:18:32 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-13 15:23
C:\ComboFix3.txt ... 2007-10-22 12:36
.
2007-11-15 10:05:17 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:42 AM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146981536635
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://dar.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol hijack: mhtml -
O20 - Winlogon Notify: msldr32 - msldr32.dll (file missing)
O20 - Winlogon Notify: polymorphreg - C:\Documents and Settings\All Users\Documents\Settings\polymorph.dll (file missing)
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7419 bytes

#8 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 13 December 2007 - 03:55 PM

  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    File::
    C:\WINDOWS\system32\wuyvytni.ini
    C:\WINDOWS\system32\yvohvaqs.ini
    C:\WINDOWS\nctFD6.tmp
    C:\WINDOWS\nctFD4.tmp
    C:\WINDOWS\nctFD3.tmp
    C:\WINDOWS\system32\klkkj.ini
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\msldr32]
    [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\polymorphreg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0mcamcap]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\24644b0b]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4beb4c0e.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\apizj32.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipof32.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\javaed.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msgn.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnx32.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\netil.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbcmcg]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syslc32.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSP]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMedia16]
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Posted Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


#9 Huskisson

Huskisson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 13 December 2007 - 05:04 PM

ComboFix 07-12-12.3 - Bobby Maddox 2007-12-13 14:40:52.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.305 [GMT -7:00]
Running from: C:\Documents and Settings\Bobby Maddox\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bobby Maddox\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\WINDOWS\nctFD3.tmp
C:\WINDOWS\nctFD4.tmp
C:\WINDOWS\nctFD6.tmp
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\wuyvytni.ini
C:\WINDOWS\system32\yvohvaqs.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\nctFD3.tmp
C:\WINDOWS\nctFD4.tmp
C:\WINDOWS\nctFD6.tmp
C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\wuyvytni.ini
C:\WINDOWS\system32\yvohvaqs.ini

.
((((((((((((((((((((((((( Files Created from 2007-11-13 to 2007-12-13 )))))))))))))))))))))))))))))))
.

2007-12-10 19:36 . 2007-12-13 09:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-10 19:36 . 2007-12-10 19:36 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-10 08:34 . 2007-12-10 08:34 268 --ah----- C:\sqmdata06.sqm
2007-12-10 08:34 . 2007-12-10 08:34 244 --ah----- C:\sqmnoopt06.sqm
2007-12-08 20:22 . 2007-12-08 20:30 <DIR> d-------- C:\Program Files\PokerStars
2007-12-05 02:17 . 2007-12-05 02:17 4,096 --a------ C:\WINDOWS\d3dx.dat
2007-12-03 16:33 . 2007-12-03 16:33 <DIR> d-------- C:\Program Files\OGPlanet
2007-11-24 21:04 . 2007-11-24 21:04 949,747 --a------ C:\wake.mp3
2007-11-20 16:38 . 2007-11-20 16:38 <DIR> d-------- C:\Program Files\Jed's Half-Life Model Viewer 1.3.6
2007-11-19 21:18 . 2007-11-19 21:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 13:26 . 2007-11-16 13:27 <DIR> d-------- C:\OutputFolder
2007-11-16 12:47 . 2007-11-16 12:47 <DIR> d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2007-11-13 15:33 . 2007-11-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-13 15:32 . 2007-11-13 15:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-13 12:19 . 2007-11-13 12:23 <DIR> d-------- C:\Program Files\GameTap
2007-11-13 12:19 . 2007-11-13 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GameTap
2007-11-13 12:17 . 2007-11-13 12:17 <DIR> d-------- C:\Documents and Settings\Bobby Maddox\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 21:40 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\uTorrent
2007-12-13 21:02 --------- d-----w C:\Program Files\TextAloud
2007-12-12 15:46 --------- d-----w C:\Program Files\mIRC
2007-12-12 05:52 --------- d-----w C:\Program Files\Trillian Pro
2007-12-11 08:24 --------- d-----w C:\Program Files\Music Alarm Clock
2007-12-11 06:17 --------- d-----w C:\Program Files\FolderSizes
2007-12-05 09:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-05 09:09 --------- d-----w C:\Program Files\Sega
2007-12-05 09:07 --------- d-----w C:\Program Files\Full Tilt Poker
2007-12-03 01:23 --------- d-----w C:\Program Files\chatClient
2007-11-21 05:06 --------- d-----w C:\Program Files\FlashFXP
2007-11-21 01:27 --------- d-----w C:\Program Files\Steam
2007-11-14 19:22 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\AVG7
2007-11-14 19:17 --------- d-s---w C:\Program Files\Xfire
2007-11-14 01:39 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\Xfire
2007-11-13 22:33 --------- d-----w C:\Program Files\Lavasoft
2007-11-10 02:07 --------- d-----w C:\Program Files\Toribash-2.6
2007-11-09 20:56 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\dvdcss
2007-11-09 16:59 --------- d-----w C:\Program Files\ewido anti-malware
2007-11-09 16:26 --------- d-----w C:\Program Files\Xilisoft
2007-11-07 21:57 --------- d-----w C:\Program Files\Gpotato
2007-10-30 22:56 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\SecondLife
2007-10-30 22:51 --------- d-----w C:\Program Files\SecondLife
2007-10-26 06:03 --------- d-----w C:\Program Files\iTunes
2007-10-26 06:01 --------- d-----w C:\Program Files\iPod
2007-10-22 19:40 --------- d-----w C:\Program Files\uTorrent
2007-10-22 19:04 102,400 ----a-w C:\WINDOWS\system32\drvluk.dll
2007-10-22 15:36 --------- d-----w C:\Program Files\CCleaner
2007-10-22 15:35 --------- d-----w C:\Program Files\Yahoo!
2007-10-20 20:24 --------- d-----w C:\Program Files\Funcom
2007-10-20 20:17 --------- d-----w C:\Program Files\eMule
2007-10-19 21:33 --------- d-----w C:\Program Files\Common Files\L&H
2007-10-19 21:28 --------- d-----w C:\Program Files\Microsoft Works
2007-10-19 19:26 --------- d-----w C:\Documents and Settings\Bobby Maddox\Application Data\OpenOffice.org2
2007-10-19 07:32 102,400 ----a-w C:\WINDOWS\system32\drvlos.dll
2007-10-16 19:02 --------- d-----w C:\Program Files\EndItAll
2006-11-27 05:17 56 --sh--r C:\WINDOWS\system32\0A966CBEEA.sys
2006-11-24 04:15 168 --sh--r C:\WINDOWS\system32\EABE6C960A.sys
2006-11-27 05:17 4,184 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-11 11:49]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-03 16:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-07-03 23:19 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 2.lnk]
backup=C:\WINDOWS\pss\Device Detector 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
backup=C:\WINDOWS\pss\PowerReg Scheduler.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Bobby Maddox^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Bobby Maddox\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2005-05-06 17:47 2224128 --a------ C:\Program Files\BitLord\BitLord.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe /StartupJobs

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
C:\Program Files\DAP\DAP.EXE /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor]
C:\Program Files\Folder Guard XP\FGKey.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Halo 3 News Reader]
2007-07-24 05:18 758704 --a------ C:\Program Files\Halo 3 News Reader\Halo_3_News_Reader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2004-01-20 10:45 1757184 --a------ C:\WINDOWS\kdx\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2007-02-07 15:21 54832 --a------ C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 13:00 28739 --a------ c:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Music Alarm Clock]
2006-01-18 18:39 970240 --a------ C:\PROGRA~1\MUSICA~1\mac.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroNETTrayIcon]
2003-02-18 17:00 212992 --------- C:\Program Files\Ahead\NeroNET\NNServiceCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoiseNak]
2004-04-23 09:01 323072 --a------ C:\Program Files\ComSoft\NoiseNak\NoiseNak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
C:\Program Files\Real\RealPlayer\realplay.exe /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-07 15:24 71216 --------- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartButler]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 --a------ C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
C:\Program Files\Norton Internet Security\UrlLstCk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
2004-11-10 21:15 111816 --a------ C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolumeLock]
C:\Program Files\VolumeLock\vollock.exe /m

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 15:22 35328 --a------ C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 14:48 479232 --a------ C:\Program Files\Google\Gmail Notifier\gnotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"Symantec Core LC"=2 (0x2)
"rpcapd"=3 (0x3)
"RichVideo"=2 (0x2)
"ose"=3 (0x3)
"NetSvc"=3 (0x3)
"NeroNET"=2 (0x2)
"MDM"=2 (0x2)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"ewido security suite control"=2 (0x2)
"DomainService"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)

R1 ewido security suite driver;ewido security suite driver;\??\C:\Program Files\ewido anti-malware\guard.sys
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\C:\Program Files\CyberLink\PowerDVD\000.fcl
R2 X4HSX32;X4HSX32;\??\C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
R3 kbdcap;kbdcap;C:\WINDOWS\system32\drivers\kbdcap.sys
S3 FGUARD32;FGUARD32;\??\C:\Program Files\Folder Guard XP\FGUARD32.SYS
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);C:\WINDOWS\system32\DRIVERS\CamDrO21.sys
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys
S4 NeroNET;NeroNET;C:\Program Files\Ahead\NeroNET\NeroNET.exe -w
S4 VisualCron4;VisualCron 4;"C:\Program Files\VisualCron 4\VisualCronService.exe" S

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f15bb45b-ec84-11db-a2ea-000cf1ceb189}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 14:35:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-13 15:49:19 C:\WINDOWS\Tasks\Disk Cleanup.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2007-12-10 15:21:45 C:\WINDOWS\Tasks\rundefrag.job"
- C:\Program Files\AutoMacroRecorder\rundefrag.scp
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 14:49:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-13 14:51:01
C:\ComboFix2.txt ... 2007-12-13 09:18
C:\ComboFix3.txt ... 2007-11-13 15:23
.
2007-11-15 10:05:17 --- E O F ---










Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:03:00 PM, on 12/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146981536635
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://dar.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O18 - Protocol hijack: mhtml -
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7104 bytes

Edited by Huskisson, 13 December 2007 - 05:06 PM.


#10 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 14 December 2007 - 02:10 PM

Ewdio is now AVG antispyware (Which we shall install shortly), so please uninstall Ewido security suite

You do not appear to be running a realtime antivirus, this is leaving you open to infection
Please install one of the following free antivirus programs:Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 .
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O18 - Protocol hijack: mhtml -
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - (no file)

Then close all windows except HijackThis and click Fix Checked

Use windows explorer to find and delete these files:

C:\WINDOWS\system32\drvluk.dll
C:\WINDOWS\system32\drvlos.dll

As an example:
To delete C:\WINDOWS\system32\filetogo.bye
Double click the My Computer icon on your Desktop.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Double click on the System 32 folder,
Right click on filetogo.bye and from the menu that appears, click on 'Delete'


AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
  • Under How to act? - make sure that Quarantine is selected.
  • Under How to scan? - All checkboxes should be ticked.
  • Under Possibly unwanted software - All checkboxes should be ticked.
  • Under Reports - Select Do not automatically generate reports.
  • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Post back with the AVG antispyware report and a new HijackThis log

#11 Huskisson

Huskisson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 15 December 2007 - 04:42 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:29:28 PM 12/15/2007

+ Scan result:



C:\System Volume Information\_restore{D29C36E0-A054-4AC3-8E60-7C35F3A99B95}\RP30\A0018625.dll -> Not-A-Virus.Adware.SecToolBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D29C36E0-A054-4AC3-8E60-7C35F3A99B95}\RP30\A0018684.dll -> Not-A-Virus.Adware.SecToolBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{D29C36E0-A054-4AC3-8E60-7C35F3A99B95}\RP30\A0018690.dll -> Not-A-Virus.Adware.SecToolBar : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\fdfpxcga.dll.vir -> Not-A-Virus.Adware.SecToolBar : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\rneihkam.dll.vir -> Not-A-Virus.Adware.SecToolBar : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\catchme2007-12-13_ 91507.48.zip/rneihkam.dll -> Not-A-Virus.Adware.SecToolBar : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\system32\nusrmgr.exe.vir -> Not-A-Virus.Hoax.Win32.Renos.kj : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.124:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.125:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.126:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.127:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.128:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.129:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.130:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.131:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.133:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.134:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.770:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.832:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.286:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.497:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.498:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.143:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.144:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.145:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.146:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.148:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.149:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.150:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.316:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.317:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.318:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.319:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.320:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@advertising[5].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.142:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.796:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.642:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.549:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.550:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.551:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.238:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.239:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.240:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.241:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.242:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.243:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.244:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.245:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.246:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.247:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.282:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.52:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.265:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.266:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.267:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.268:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.269:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.270:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.44:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.45:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.46:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.47:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.49:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.160:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.891:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.867:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.868:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.869:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.323:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.303:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.306:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.499:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.151:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.152:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@auto.search.msn[1].txt -> TrackingCookie.Msn : Cleaned.
:mozilla.801:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Navrcholu : Cleaned.
:mozilla.39:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.535:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.835:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.537:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.538:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.539:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.540:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.541:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.542:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.543:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.544:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.545:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.546:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.227:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.432:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.433:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.434:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.435:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.436:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.437:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.438:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.439:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.440:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.104:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.105:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.106:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.107:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.108:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.234:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.235:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.236:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.76:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.77:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.80:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.82:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.83:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.84:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.85:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.86:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.87:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.88:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.89:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.90:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.91:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.97:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.98:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.99:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.762:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.763:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.764:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.597:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.598:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.599:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.600:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.601:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.603:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.604:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.355:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.359:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.360:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.361:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.362:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.363:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.364:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.365:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.366:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.367:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.368:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.369:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.370:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.371:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.372:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.554:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.555:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.556:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.557:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.811:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.454:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.455:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.456:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.457:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.459:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.54:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.58:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.909:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.910:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.911:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.534:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.184:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.185:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.186:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.187:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.188:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.189:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.190:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.100:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.101:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.102:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.103:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.109:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.92:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.93:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.94:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.95:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.96:C:\Documents and Settings\Bobby Maddox\Application Data\Mozilla\Firefox\Profiles\gxl1mq8v.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Bobby Maddox\Cookies\bobby maddox@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:46 PM, on 12/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1146981536635
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://play.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc4.webresponse.one.microsoft.com/...p/TLIEFlash.CAB
O16 - DPF: {B69F2A9C-E470-11D3-AFA3-525400DB7692} (Actimage Room Control) - http://dar.armstrong.com/ib/databases/actimage30717.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7797 bytes

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 15 December 2007 - 06:13 PM

How's your PC running now?

#13 Huskisson

Huskisson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:02 PM

Posted 15 December 2007 - 10:30 PM

It's running pretty well so far. No pop ups or anything unusual going on. I think were good! Thanks!!!

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:02 PM

Posted 16 December 2007 - 05:29 PM

You now appear to be clean. Congratulations!

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.

Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
    Restart
    • Turn System Restore on
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Uncheck *Turn off System Restore*.
    • Click Apply, and then click OK.
    Note: only do this once, and not on a regular basis
  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Install and use a firewall with outbound protection
    While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
    I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Zonealarm
    See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
    Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.
  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month
  • Make Internet Explorer more secure
    Click Start > Run
    Type Inetcpl.cpl & click OK
    Click on the Security tab
    Click Reset all zones to default level
    Make sure the Internet Zone is selected & Click Custom level
    In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    If you don't know what activex controls are, see here
    You can download SpywareBlaster from here
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
    • Run Spybot Search & Destroy
    • Click on Mode, and then place a tick next to Advanced mode
    • Click Yes
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
    • Click on Add Spybot-S&D hosts list
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window
    For a more detailed explanation of the HOSTS file, click here
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users