Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups to sites, and malware that refuses to be removed


  • Please log in to reply
15 replies to this topic

#1 Electrono

Electrono

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 December 2008 - 10:07 AM

Recently I've been having a bit of trouble on my computer- it started with my little brother, and long story short, we got a virus. It's been cleaned off, but the malware that came with it is getting really annoying- I'm getting random popups to 1 site, as follows:

//pantomi.com/r_cmtp?u=http%3A%2F%2Fpremium-web-space.com%2Fsoft.php%3Faid%3D0522170802%26d%3D0%26product%3DXPA%26refer%3D8c3c8035f&c=soft-tc&b=6&o=6&cuid=2f21beb42dd6ef4eaabd1ad8e95b7562&suid=1d486678c5b711ddae9100304890471a&affid=170802&tid=inf014&rid=825211

Which forwards to:

//antivirus-pro-scanner.com/360/1/en/freescan.php?sid=770522170802]

I've run Superantispyware several times in safe mode, as well as all of my virus scans and registry fixers- and every time I run Superantispyware, I keep finding at least 20 more of these things, even if I run the scans back-to-back. System
restore refuses to work as well; every time I try to do a system restore it says 'Your system could not be restored to (date and checkpoint time), etc etc.

I'm running Windows XP Media Center Service Pack 3.

Edited by KoanYorel, 11 December 2008 - 01:51 PM.
To disable Hot Link URLs


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:41 AM

Posted 11 December 2008 - 01:30 PM

Do another scan with SAS.
BE sure to update SAS in regular mode and then reboot into "safe mode" and run the scan.
The latest SAS update is Core 3671, Trace 1650

After you run the scan, reboot into regular mode and post the SAS log.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 December 2008 - 03:38 PM

I updated SAS 2 days ago, and have Core 3668 and Trace 1647, and it says there are no updates available. I did a scan just last night, here is the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/10/2008 at 05:57 PM

Application Version : 4.23.1006

Core Rules Database Version : 3668
Trace Rules Database Version: 1647

Scan type : Complete Scan
Total Scan Time : 01:57:05

Memory items scanned : 202
Memory threats detected : 0
Registry items scanned : 6464
Registry threats detected : 7
File items scanned : 221410
File threats detected : 15

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\NOHIYIZI.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Adware.Tracking Cookie
C:\Documents and Settings\Ivan\Cookies\ivan@advancedscanner[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@questionmarket[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@ad.yieldmanager[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@specificmedia[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@media.mtvnservices[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@specificclick[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adtrafficdriver[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@2o7[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@tribalfusion[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@overture[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@richmedia.yahoo[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@collective-media[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@server.cpmstar[2].txt

#4 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 December 2008 - 03:41 PM

Also, an new symptom has erupted; when I go to the SAS website to download the latest version, my internet explorer starts opening up a ton of blank pages under new tabs and I can't stop it- I have to close out of the browser.

#5 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 December 2008 - 04:16 PM

Okay, so I managed to do a new scan with the latest update, hopefully my problem will go away...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/11/2008 at 03:11 PM

Application Version : 4.23.1006

Core Rules Database Version : 3670
Trace Rules Database Version: 1649

Scan type : Complete Scan
Total Scan Time : 00:22:22

Memory items scanned : 193
Memory threats detected : 0
Registry items scanned : 6454
Registry threats detected : 10
File items scanned : 35395
File threats detected : 14

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32

Adware.Vundo Variant/ESET
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fd9adff-48b7-4b6a-b2b3-3fad468a813b}
HKCR\CLSID\{2FD9ADFF-48B7-4B6A-B2B3-3FAD468A813B}
HKCR\CLSID\{2FD9ADFF-48B7-4B6A-B2B3-3FAD468A813B}\InprocServer32
HKCR\CLSID\{2FD9ADFF-48B7-4B6A-B2B3-3FAD468A813B}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\JAPADESU.DLL
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FD9ADFF-48B7-4B6A-B2B3-3FAD468A813B}
HKU\S-1-5-21-2711064103-964567076-2856770734-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FD9ADFF-48B7-4B6A-B2B3-3FAD468A813B}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2FD9ADFF-48B7-4B6A-B2B3-3FAD468A813B}

Adware.Tracking Cookie
C:\Documents and Settings\Ivan\Cookies\ivan@antivirus-pro-scanner[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@ad.yieldmanager[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@specificmedia[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@specificclick[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@toplist[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@2o7[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adopt.specificclick[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adlegend[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@tribalfusion[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adopt.euroclick[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@revsci[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@server.cpmstar[2].txt

#6 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:41 AM

Posted 11 December 2008 - 05:19 PM

You are missing the last update. It had several Vundo items added. Open SAS and click on update. You should be able to get it. I had no problem getting the last update. Update SAS, reboot into safe mode and run another scan.

There is another program that you can scan with, too. Malwarebytes Antimalware
Here is a link to instructions for its use.
http://www.bleepingcomputer.com/forums/ind...st&p=944365

Post both logs and there will be further instructions.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 December 2008 - 11:54 PM

I installed the latest version straight from their site, and I still have Core 3670 and Trace 1649. Here's SAS:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/11/2008 at 08:01 PM

Application Version : 4.23.1006

Core Rules Database Version : 3670
Trace Rules Database Version: 1649

Scan type : Complete Scan
Total Scan Time : 03:16:48

Memory items scanned : 204
Memory threats detected : 0
Registry items scanned : 6464
Registry threats detected : 3
File items scanned : 203046
File threats detected : 48

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32

Adware.Tracking Cookie
C:\Documents and Settings\Ivan\Cookies\ivan@ad.yieldmanager[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@specificmedia[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@specificclick[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adopt.specificclick[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@ads.pointroll[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@tribalfusion[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a.websponsors[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbooth[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@exitexchange[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@indextools[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lynxtrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.ntsserve[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@precisionclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@publishers.clickbooth[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serv.clicksor[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@smashonemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tag.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trackzz[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.clickxchange[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt

Adware.Vundo/Variant-Trace
C:\WINDOWS\SYSTEM32\ADALOWEV.INI
C:\WINDOWS\SYSTEM32\ASOVOJOP.INI
C:\WINDOWS\SYSTEM32\AZIBUGOT.INI
C:\WINDOWS\SYSTEM32\EDAHIROS.INI
C:\WINDOWS\SYSTEM32\ULUBEPOW.INI

Adware.Vundo Variant/ESET
C:\WINDOWS\SYSTEM32\BERIKEKI.DLL
C:\WINDOWS\SYSTEM32\JINUWAYI.DLL
C:\WINDOWS\SYSTEM32\PODOBIRA.DLL
C:\WINDOWS\SYSTEM32\POJOVOSA.DLL
C:\WINDOWS\SYSTEM32\VEWOLADA.DLL
C:\WINDOWS\SYSTEM32\WOPEBULU.DLL
C:\WINDOWS\SYSTEM32\ZEKIZUMA.DLL

Trace.Known Threat Sources
C:\Documents and Settings\Ivan\Local Settings\Temporary Internet Files\Content.IE5\1Y0GP4G2\favicon[1].ico


And MB:


Malwarebytes' Anti-Malware 1.31
Database version: 1475
Windows 5.1.2600 Service Pack 3

12/11/2008 10:47:03 PM
mbam-log-2008-12-11 (22-46-58).txt

Scan type: Full Scan (C:\|D:\|E:\|M:\|)
Objects scanned: 274735
Time elapsed: 2 hour(s), 45 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 21
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 1
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\bamukitu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zeginizo.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fd9adff-48b7-4b6a-b2b3-3fad468a813b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{2fd9adff-48b7-4b6a-b2b3-3fad468a813b} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{c24d7016-d00f-41ef-9781-984b6b5ff38f} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ec88fcd0-2ed5-4d65-9b4c-71d146b43a2e} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e532cfb1-5edd-4663-8c22-bcd67b5e5bd4} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.AscentivePerformance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.AscentivePerformance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\AdvRemoteDbg (Adware.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b8b07f51 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kadoreyose (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbb834ccd (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\bamukitu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\bamukitu.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\zeginizo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\zeginizo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\zeginizo.dll -> No action taken.

Folders Infected:
C:\WINDOWS\system32\375013 (Trojan.Zlob) -> No action taken.

Files Infected:
C:\WINDOWS\system32\pojovosa.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\asovojop.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\vewolada.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\adalowev.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\wopebulu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ulubepow.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zekizuma.dll (Trojan.Vundo.H) -> No action taken.
c:\WINDOWS\system32\bamukitu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zeginizo.dll (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Gustave\Local Settings\Application Data\Mozilla\Firefox\Profiles\xhn1xewo.default\Cache(3)\689A3DE7d01 (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP395\A0116568.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP396\A0116606.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP397\A0116720.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP397\A0117091.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP397\A0117092.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP397\A0117093.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP398\A0117123.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP398\A0117124.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP398\A0117125.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP398\A0117126.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP398\A0117151.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117262.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117263.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117264.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117265.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117288.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117389.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117392.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ConTest.dll (Rogue.AscentivePerformance) -> No action taken.
C:\WINDOWS\system32\podobira.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\rekuroju.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\susizeko.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\SysRestore.dll (Rogue.AscentivePerformance) -> No action taken.
C:\WINDOWS\system32\t1a48851.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\verabamu.dll.tmp (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
C:\WINDOWS\system32\t1a48851.exe.a_a (Trojan.Agent) -> No action taken.
C:\Program Files\Setup.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Gustave\My Documents\My Videos\My Video.url (Trojan.Zlob) -> No action taken.
C:\Documents and Settings\Gustave\My Documents\My Documents.url (Trojan.Zlob) -> No action taken.

#8 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:41 AM

Posted 12 December 2008 - 05:22 AM

It appears that you are not allowing the programs to remove the malware they find. For instance, it says "no action taken".
Rescan with both programs and post their logs. Be sure to update both before scanning. Just click on the update button in each program and allow them to find the updates and install them. SAS has updated twice since your last scan. Core 3672
You should avoid using your computer except to update as it appears you are getting reinfected and new malware is showing up. Once you have updated the programs, unplug from the internet and run the scans in safe mode.

Check the instructions you were given for MalwareBytes and make sure you are following them.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Here are the instructions for SAS:
If asked to update the program definitions, click "Yes". If not, update the
definitions before scanning by selecting "Check for Updates".
* Under the "Configuration and Preferences", click the Preferences... button.
* Click the "General and Startup" tab, and under
Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
* Click the "Scanning Control" tab, and under Scanner
Options, make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit the program.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

* Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.

Edited by buddy215, 12 December 2008 - 06:00 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#9 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 12 December 2008 - 09:38 AM

Core Definitions: 3623 11/04/2008 03:22PM PST
Trace Definitions: 1607 11/04/2008 03:22PM PST

The following are the updates and additions for the current version of our definition files.

Database Version 3623 11-04-2008

Adware.Starware (1 Items Added/Updated)
Adware.Vundo Variant (5 Items Added/Updated)
Keylogger.SpectorPro (2 Items Added/Updated)
Rogue.FakeAlert (1 Items Added/Updated)
Rootkit.Buritos/Beep-Fake (1 Items Added/Updated)
Rootkit.USB-MSN/Fake (1 Items Added/Updated)
Trojan.Dropper/Win-NV (4 Items Added/Updated)
Trojan.FakeAlert-IEBT (2 Items Added/Updated)
Trojan.Unclassified/KWave (1 Items Added/Updated)
Trojan.Unknown Origin (2 Items Added/Updated)

This is what it says when I download the latest update from the SAS website, because it says that there are no updates available when I click "Check for Updates" in SAS. When I'm on the site, I click on the link that says 'Download Installer" next to the latest definitions update.

#10 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:41 AM

Posted 12 December 2008 - 10:22 AM

I don't know where you are going to see that. Here is a link to the manual download page.
At the bottom of the page are instructions for doing the manual download if you are unable to get the updates otherwise.

http://www.superantispyware.com/definitions.html
This is what it says: If you would like to manually update your definitions simply exit SUPERAntiSpyware, then click the "Download" link here. Save the file to your desktop and double-click it to run the installer. Once the installation is complete, you must exit and restart SUPERAntiSpyware for the new definitions to be active.
Core Definitions 3672 12/11/2008 05:17PM PST 2445KB
Download
Installer
Trace Definitions 1651 12/11/2008 05:17PM PST 158KB

Your SAS program may be corrupt. If you are not able to get the updates without manually loading them.
Suggest you uninstall SAS and reinstall.
Here is a link to download SAS free program.
http://www.superantispyware.com/

Did you rerun MBAM and allow it to remove the malware it found? Did you reboot as the instructions stated?
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#11 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 12 December 2008 - 03:31 PM

Yes, I ran MBAM, and here is the log:

Malwarebytes' Anti-Malware 1.31
Database version: 1492
Windows 5.1.2600 Service Pack 3

12/12/2008 9:39:50 AM
mbam-log-2008-12-12 (09-39-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 274627
Time elapsed: 53 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\luyusowa.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fd9adff-48b7-4b6a-b2b3-3fad468a813b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2fd9adff-48b7-4b6a-b2b3-3fad468a813b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b8b07f51 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kadoreyose (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbb834ccd (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\luyusowa.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\luyusowa.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pamatuma.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amutamap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\luyusowa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117419.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117421.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117423.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117426.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117428.dll (Rogue.AscentivePerformance) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117429.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117430.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117434.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP399\A0117435.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bamukitu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


So far, I haven't gotten any random pop-ups, but I'm going to re-install SAS and run that regardless.

#12 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:41 AM

Posted 12 December 2008 - 04:37 PM

Did you reboot after scanning with MBAM? The reason I ask is because of this:
c:\WINDOWS\system32\luyusowa.dll (Trojan.Vundo.H) -> Delete on reboot.

MBAM's latest update is 1494.
Be sure to update in regular mode before running a quick scan with it.

The items listed in C:\System Volume Information\_restore we will remove after your scans come up clean. Those are harmless unless you use system restore.

Definitely do another scan with both programs and post their results.
The latest update for SAS is Core 3673

Use Ccleaner to clean up the temporary files, logs, etc. on your computer. Use the default settings for now. During install
you will be offered the Yahoo Toolbar. UNcheck if not wanted.
http://www.ccleaner.com/

Use Secunia online scanner to find the programs that need security updates. Vundo is known to exploit old Java programs. So after updating Java go to the Add/Remove program and remove all old Java programs.
http://secunia.com/vulnerability_scanning/online/

Please post the two logs and let us know how the computer is doing.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#13 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 12 December 2008 - 05:24 PM

Yes, I rebooted after scanning with MBAM, when it prompted me to. I reinstalled SAS, and here's the log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/12/2008 at 04:14 PM

Application Version : 4.23.1006

Core Rules Database Version : 3673
Trace Rules Database Version: 1652

Scan type : Complete Scan
Total Scan Time : 01:36:54

Memory items scanned : 193
Memory threats detected : 0
Registry items scanned : 6456
Registry threats detected : 3
File items scanned : 202560
File threats detected : 0

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32


I already use Ccleaner.

My MBAM Core is 1492 after updating right before I scanned, wtf? How often do they make updates for these things???

Anyway, I haven't gotten anything like I was, no random windows opening up, no infinite new tabs opening, nothing. I'll run two scans in a row tomorrow from each program and post both logs at once.

Also, does it have to be a quick scan with MBAM? wouldn't it be smarter to do a full scan?

Edited by Electrono, 12 December 2008 - 05:24 PM.


#14 buddy215

buddy215

  • Moderator
  • 13,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:02:41 AM

Posted 12 December 2008 - 06:13 PM

Use your computer online as little as possible. Until you have removed all of the malware you risk getting more. You have/had two of the most aggressive malwares. Vundo and Zlob.

Be sure to update all of your programs.

If you prefer to do a full system scan, go ahead. Best to do both scans while in safe mode after updating in regular mode.

Hey, if you wait till tomorrow, there will be more updates.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#15 Electrono

Electrono
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 13 December 2008 - 02:08 PM

Okay, so I unplugged the internet and ran both scans and am trying to use the internet as little as possible. Here's the MBAM Log and the SAS log.

Malwarebytes' Anti-Malware 1.31
Database version: 1494
Windows 5.1.2600 Service Pack 3

12/12/2008 11:20:32 PM
mbam-log-2008-12-12 (23-20-32).txt

Scan type: Quick Scan
Objects scanned: 80830
Time elapsed: 9 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\vedofumu.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2fd9adff-48b7-4b6a-b2b3-3fad468a813b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2fd9adff-48b7-4b6a-b2b3-3fad468a813b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b8b07f51 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kadoreyose (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbb834ccd (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\vedofumu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\vedofumu.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\mizukobe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ebokuzim.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vedofumu.dll (Trojan.Vundo.H) -> Delete on reboot.

---------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/13/2008 at 01:00 PM

Application Version : 4.23.1006

Core Rules Database Version : 3661
Trace Rules Database Version: 1652

Scan type : Complete Scan
Total Scan Time : 01:34:15

Memory items scanned : 195
Memory threats detected : 0
Registry items scanned : 6455
Registry threats detected : 5
File items scanned : 200474
File threats detected : 10

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32

Unclassified.Unknown Origin
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D}

Adware.Tracking Cookie
C:\Documents and Settings\Ivan\Cookies\ivan@ad.yieldmanager[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@ads.bridgetrack[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@protected-clicks-system[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adlegend[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@tribalfusion[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@microsoftgamestudio.112.2o7[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@insightexpressai[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@revsci[1].txt
C:\Documents and Settings\Ivan\Cookies\ivan@adbrite[2].txt
C:\Documents and Settings\Ivan\Cookies\ivan@server.cpmstar[1].txt




So now what?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users