Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Think Adz Ucmore 180search Internet Optimizer Deluxcommunications Elitemedia


  • This topic is locked This topic is locked
6 replies to this topic

#1 jamal56783

jamal56783

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 19 November 2006 - 07:03 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:59:40 PM, on 11/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\rwintoem.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\elitemediapop.exe
C:\WINDOWS\system32\mmxvdt.exe
C:\Program Files\180search Assistant\180sa.exe
C:\Documents and Settings\Jamal\Local Settings\Temporary Internet Files\Content.IE5\MTGG47F5\ucmoreiex[1].exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jamal\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180search assistant\180sahook.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [{E3-3E-EF-FB-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwintoem.exe GID003
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKLM\..\Run: [180sa] c:\program files\180search assistant\180sa.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\rwintoem.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: frame.crazywinnings.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: statc.topconverting.com
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O20 - AppInit_DLLs: dxclib303562752.dll

Edited by jamal56783, 19 November 2006 - 09:02 PM.

Jamal

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 PM

Posted 20 November 2006 - 02:28 AM

Hello,

It is important you don't miss a step and perform everything in the right order!!

I notice that you do not seem to be running Antivirus software and a Firewall. This is somewhat suicidal in today's digital world.
That's why I want you to install them first!!

Avira, AVG OR Avast OR Active Virus Shield (uncheck the Security Toolbar during install) are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Agnitum Outpost Free, ZoneAlarm Free OR Kerio are FREE firewalls.

Understanding and using firewalls

* Go to start > controlpanel > software > add/remove programs and uninstall next programs if present:

Think-Adz Search Assistant
Enhanced Ads by Think-Adz
BrowserUpdateSched
ExploreUpdSched
Internet Optimizer
180search Assistant
DeluxeCommunications
TheSearchAccelerator


Reboot afterwards.. really important!


* Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/alcanshorty.bfu

Click Ok.
Then click execute in Brute Force Uninstaller.

Extra note:
If nothing happens after pressing the Execute button, this means that the script didn't download. In that case, download the script
( alcanshorty.bfu ) manually from above url ( rightclick on it and choose 'save as' and save it in your BFU-folder). Then start BFU.exe again and click the browse button next to the 'scriptfile to execute'-window
Browse to the script you downloaded and Click Ok and Execute in Brute Force Uninstaller.


Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

--------------------

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180search assistant\180sahook.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [{E3-3E-EF-FB-ZN}] c:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\rwintoem.exe GID003
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKLM\..\Run: [180sa] c:\program files\180search assistant\180sa.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - Startup: Think-Adz.lnk = C:\WINDOWS\SYSTEM32\rwintoem.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O15 - Trusted Zone: frame.crazywinnings.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: statc.topconverting.com
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180searchassistant.com/180saax.cab
O20 - AppInit_DLLs: dxclib303562752.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Don't worry if some entries won't go away, we'll deal with that later...

---------------------

Please download, install, and update AVG Anti-Spyware
  • Load AVG Anti-Spyware and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware and reboot!!
    I need the log later.
-------------------------

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from AVG Anti-Spyware.
You may need several replies to post the logs.

Edited by miekiemoes, 20 November 2006 - 02:29 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 20 November 2006 - 11:10 PM

Jamal - 06-11-20 17:21:59.87 Service Pack 2
ComboFix 06.11.19 - Running from: "C:\Documents and Settings\Jamal\Desktop"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Jamal\Application Data\Dxcknwrd.dll
C:\Documents and Settings\Jamal\Application Data\Dxcuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\elitemediapop.exe
C:\WINDOWS\zigi.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-20 to 2006-11-20 ))))))))))))))))))))))))))))))))))


2006-11-20 16:54 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-20 16:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\ZoneLabs
2006-11-20 16:52 <DIR> d-------- C:\WINDOWS\Internet Logs
2006-11-20 16:52 <DIR> d-------- C:\Program Files\Zone Labs
2006-11-19 15:53 <DIR> d-------- C:\Program Files\TopConverting
2006-11-19 15:47 <DIR> d---s---- C:\Documents and Settings\Jamal\UserData
2006-11-19 15:44 61,440 --a------ C:\WINDOWS\getnexus.exe
2006-11-19 15:22 67,528 --a------ C:\WINDOWS\SYSTEM32\mmxvdt.exe
2006-11-19 12:47 <DIR> d-------- C:\Documents and Settings\Jamal\Application Data\Macromedia
2006-11-19 12:39 982 --a------ C:\WINDOWS\SYSTEM32\winpfg32.sys
2006-11-19 12:38 53,120 --a------ C:\WINDOWS\optimize.exe
2006-11-19 12:31 22,752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe
2006-11-19 12:23 <DIR> dr-h----- C:\Documents and Settings\Jamal\SendTo
2006-11-19 12:23 <DIR> dr-h----- C:\Documents and Settings\Jamal\Recent
2006-11-19 12:23 <DIR> dr-h----- C:\Documents and Settings\Jamal\Application Data\.
2006-11-19 12:23 <DIR> dr-h----- C:\Documents and Settings\Jamal\Application Data
2006-11-19 12:23 <DIR> dr------- C:\Documents and Settings\Jamal\Start Menu
2006-11-19 12:23 <DIR> dr------- C:\Documents and Settings\Jamal\My Documents
2006-11-19 12:23 <DIR> dr------- C:\Documents and Settings\Jamal\Favorites
2006-11-19 12:23 <DIR> d--h----- C:\Documents and Settings\Jamal\Templates
2006-11-19 12:23 <DIR> d--h----- C:\Documents and Settings\Jamal\PrintHood
2006-11-19 12:23 <DIR> d--h----- C:\Documents and Settings\Jamal\NetHood
2006-11-19 12:23 <DIR> d--h----- C:\Documents and Settings\Jamal\Local Settings
2006-11-19 12:23 <DIR> d---s---- C:\Documents and Settings\Jamal\Cookies
2006-11-19 12:23 <DIR> d---s---- C:\Documents and Settings\Jamal\Application Data\Microsoft
2006-11-19 12:23 <DIR> d-------- C:\Documents and Settings\Jamal\Desktop
2006-11-19 12:23 <DIR> d-------- C:\Documents and Settings\Jamal\Application Data\Identities
2006-11-19 12:23 <DIR> d-------- C:\Documents and Settings\Jamal\Application Data\..
2006-11-19 12:23 <DIR> d-------- C:\Documents and Settings\Jamal\..
2006-11-19 12:23 <DIR> d-------- C:\Documents and Settings\Jamal\.
2006-11-19 12:03 112,128 --a------ C:\WINDOWS\SYSTEM32\mapi32.dll
2006-11-19 12:00 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2006-11-19 11:55 81,920 --a------ C:\WINDOWS\SYSTEM32\isign32.dll
2006-11-19 11:55 81,920 --a------ C:\WINDOWS\SYSTEM32\ils.dll
2006-11-19 11:55 8,192 --a------ C:\WINDOWS\SYSTEM32\bitsprx2.dll
2006-11-19 11:55 73,728 --a------ C:\WINDOWS\SYSTEM32\icwdial.dll
2006-11-19 11:55 73,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sr.sys
2006-11-19 11:55 7,168 --a------ C:\WINDOWS\SYSTEM32\bitsprx3.dll
2006-11-19 11:55 69,632 --a------ C:\WINDOWS\SYSTEM32\msconf.dll
2006-11-19 11:55 678,400 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-19 11:55 67,584 --a------ C:\WINDOWS\SYSTEM32\srclient.dll
2006-11-19 11:55 65,536 --a------ C:\WINDOWS\SYSTEM32\icwphbk.dll
2006-11-19 11:55 64,512 --a------ C:\WINDOWS\SYSTEM32\acctres.dll
2006-11-19 11:55 6,656 --a------ C:\WINDOWS\SYSTEM32\wuauserv.dll
2006-11-19 11:55 48,128 --a------ C:\WINDOWS\SYSTEM32\inetres.dll
2006-11-19 11:55 465,176 --a------ C:\WINDOWS\SYSTEM32\wuapi.dll
2006-11-19 11:55 45,568 --a------ C:\WINDOWS\SYSTEM32\safrslv.dll
2006-11-19 11:55 43,520 --a------ C:\WINDOWS\SYSTEM32\safrcdlg.dll
2006-11-19 11:55 43,520 --a------ C:\WINDOWS\SYSTEM32\racpldlg.dll
2006-11-19 11:55 41,240 --a------ C:\WINDOWS\SYSTEM32\wups.dll
2006-11-19 11:55 382,464 --a------ C:\WINDOWS\SYSTEM32\qmgr.dll
2006-11-19 11:55 34,560 --a------ C:\WINDOWS\SYSTEM32\mnmdd.dll
2006-11-19 11:55 32,768 --a------ C:\WINDOWS\SYSTEM32\mnmsrvc.exe
2006-11-19 11:55 32,768 --a------ C:\WINDOWS\SYSTEM32\isrdbg32.dll
2006-11-19 11:55 29,696 --a------ C:\WINDOWS\SYSTEM32\safrdm.dll
2006-11-19 11:55 28,672 --a------ C:\WINDOWS\SYSTEM32\nmmkcert.dll
2006-11-19 11:55 274,944 --a------ C:\WINDOWS\SYSTEM32\mstask.dll
2006-11-19 11:55 274,432 --a------ C:\WINDOWS\SYSTEM32\inetcfg.dll
2006-11-19 11:55 252,928 --a------ C:\WINDOWS\SYSTEM32\msoeacct.dll
2006-11-19 11:55 239,104 --a------ C:\WINDOWS\SYSTEM32\srrstr.dll
2006-11-19 11:55 22,528 --a------ C:\WINDOWS\SYSTEM32\fltMc.exe
2006-11-19 11:55 194,328 --a------ C:\WINDOWS\SYSTEM32\wuaueng1.dll
2006-11-19 11:55 190,976 --a------ C:\WINDOWS\SYSTEM32\schedsvc.dll
2006-11-19 11:55 18,944 --a------ C:\WINDOWS\SYSTEM32\qmgrprxy.dll
2006-11-19 11:55 173,536 --a------ C:\WINDOWS\SYSTEM32\wuweb.dll
2006-11-19 11:55 172,312 --a------ C:\WINDOWS\SYSTEM32\wuauclt1.exe
2006-11-19 11:55 170,496 --a------ C:\WINDOWS\SYSTEM32\srsvc.dll
2006-11-19 11:55 16,896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-11-19 11:55 16,384 --a------ C:\WINDOWS\SYSTEM32\icfgnt5.dll
2006-11-19 11:55 127,256 --a------ C:\WINDOWS\SYSTEM32\wucltui.dll
2006-11-19 11:55 124,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\fltMgr.sys
2006-11-19 11:55 124,184 --a------ C:\WINDOWS\SYSTEM32\wuauclt.exe
2006-11-19 11:55 12,288 --a------ C:\WINDOWS\SYSTEM32\nmevtmsg.dll
2006-11-19 11:55 12,288 --a------ C:\WINDOWS\SYSTEM32\mstinit.exe
2006-11-19 11:55 11,264 --a------ C:\WINDOWS\SYSTEM32\atrace.dll
2006-11-19 11:55 105,984 --a------ C:\WINDOWS\SYSTEM32\msoert2.dll
2006-11-19 11:55 1,343,768 --a------ C:\WINDOWS\SYSTEM32\wuaueng.dll
2006-11-19 11:50 9,728 --a------ C:\WINDOWS\SYSTEM32\reset.exe
2006-11-19 11:50 82,432 --a------ C:\WINDOWS\SYSTEM32\comrepl.dll
2006-11-19 11:50 80,384 --a------ C:\WINDOWS\SYSTEM32\charmap.exe
2006-11-19 11:50 73,216 --a------ C:\WINDOWS\SYSTEM32\avwav.dll
2006-11-19 11:50 605,696 --a------ C:\WINDOWS\SYSTEM32\getuname.dll
2006-11-19 11:50 56,832 --a------ C:\WINDOWS\SYSTEM32\sol.exe
2006-11-19 11:50 55,296 --a------ C:\WINDOWS\SYSTEM32\freecell.exe
2006-11-19 11:50 54,272 --a------ C:\WINDOWS\SYSTEM32\stclient.dll
2006-11-19 11:50 5,632 --a------ C:\WINDOWS\SYSTEM32\write.exe
2006-11-19 11:50 5,120 --a------ C:\WINDOWS\SYSTEM32\dcomcnfg.exe
2006-11-19 11:50 44,544 --a------ C:\WINDOWS\SYSTEM32\hticons.dll
2006-11-19 11:50 4,096 --a------ C:\WINDOWS\SYSTEM32\rdpcfgex.dll
2006-11-19 11:50 4,096 --a------ C:\WINDOWS\SYSTEM32\mtxex.dll
2006-11-19 11:50 35,328 --a------ C:\WINDOWS\SYSTEM32\winchat.exe
2006-11-19 11:50 33,792 --a------ C:\WINDOWS\SYSTEM32\regini.exe
2006-11-19 11:50 25,600 --a------ C:\WINDOWS\SYSTEM32\comaddin.dll
2006-11-19 11:50 25,088 --a------ C:\WINDOWS\SYSTEM32\mtxlegih.dll
2006-11-19 11:50 227,840 --a------ C:\WINDOWS\SYSTEM32\avtapi.dll
2006-11-19 11:50 22,016 --a------ C:\WINDOWS\SYSTEM32\qwinsta.exe
2006-11-19 11:50 20,992 --a------ C:\WINDOWS\SYSTEM32\msg.exe
2006-11-19 11:50 20,480 --a------ C:\WINDOWS\SYSTEM32\mtxdm.dll
2006-11-19 11:50 16,896 --a------ C:\WINDOWS\SYSTEM32\tsshutdn.exe
2006-11-19 11:50 16,896 --a------ C:\WINDOWS\SYSTEM32\qappsrv.exe
2006-11-19 11:50 16,384 --a------ C:\WINDOWS\SYSTEM32\tskill.exe
2006-11-19 11:50 16,384 --a------ C:\WINDOWS\SYSTEM32\avmeter.dll
2006-11-19 11:50 15,872 --a------ C:\WINDOWS\SYSTEM32\rwinsta.exe
2006-11-19 11:50 15,872 --a------ C:\WINDOWS\SYSTEM32\cdmodem.dll
2006-11-19 11:50 15,360 --a------ C:\WINDOWS\SYSTEM32\logoff.exe
2006-11-19 11:50 147,456 --a------ C:\WINDOWS\SYSTEM32\comsnap.dll
2006-11-19 11:50 14,848 --a------ C:\WINDOWS\SYSTEM32\tsdiscon.exe
2006-11-19 11:50 14,848 --a------ C:\WINDOWS\SYSTEM32\tscon.exe
2006-11-19 11:50 14,848 --a------ C:\WINDOWS\SYSTEM32\shadow.exe
2006-11-19 11:50 138,752 --a------ C:\WINDOWS\SYSTEM32\sndvol32.exe
2006-11-19 11:50 126,976 --a------ C:\WINDOWS\SYSTEM32\mshearts.exe
2006-11-19 11:50 119,808 --a------ C:\WINDOWS\SYSTEM32\winmine.exe
2006-11-19 11:50 114,688 --a------ C:\WINDOWS\SYSTEM32\calc.exe
2006-11-19 11:50 1,161 --a------ C:\WINDOWS\SYSTEM32\usrlogon.cmd
2006-11-19 11:49 949,248 --a------ C:\WINDOWS\SYSTEM32\msdtctm.dll
2006-11-19 11:49 93,696 --a------ C:\WINDOWS\SYSTEM32\tscfgwmi.dll
2006-11-19 11:49 90,112 --a------ C:\WINDOWS\SYSTEM32\mtxoci.dll
2006-11-19 11:49 87,176 --a------ C:\WINDOWS\SYSTEM32\rdpwsx.dll
2006-11-19 11:49 85,504 --a------ C:\WINDOWS\SYSTEM32\catsrvps.dll
2006-11-19 11:49 67,072 --a------ C:\WINDOWS\SYSTEM32\rdshost.exe
2006-11-19 11:49 655,360 --a------ C:\WINDOWS\SYSTEM32\mstscax.dll
2006-11-19 11:49 628,224 --a------ C:\WINDOWS\SYSTEM32\catsrvut.dll
2006-11-19 11:49 62,464 --a------ C:\WINDOWS\SYSTEM32\rdpclip.exe
2006-11-19 11:49 62,464 --a------ C:\WINDOWS\SYSTEM32\colbact.dll
2006-11-19 11:49 60,416 --a------ C:\WINDOWS\SYSTEM32\remotepg.dll
2006-11-19 11:49 6,144 --a------ C:\WINDOWS\SYSTEM32\msdtc.exe
2006-11-19 11:49 58,880 --a------ C:\WINDOWS\SYSTEM32\msdtclog.dll
2006-11-19 11:49 58,880 --a------ C:\WINDOWS\SYSTEM32\licwmi.dll
2006-11-19 11:49 56,320 --a------ C:\WINDOWS\SYSTEM32\servdeps.dll
2006-11-19 11:49 540,160 --a------ C:\WINDOWS\SYSTEM32\comuid.dll
2006-11-19 11:49 538,624 --a------ C:\WINDOWS\SYSTEM32\spider.exe
2006-11-19 11:49 501,248 --a------ C:\WINDOWS\SYSTEM32\clbcatq.dll
2006-11-19 11:49 44,544 --a------ C:\WINDOWS\SYSTEM32\tscupgrd.exe
2006-11-19 11:49 425,472 --a------ C:\WINDOWS\SYSTEM32\msdtcprx.dll
2006-11-19 11:49 407,552 --a------ C:\WINDOWS\SYSTEM32\mstsc.exe
2006-11-19 11:49 40,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\termdd.sys
2006-11-19 11:49 38,912 --a------ C:\WINDOWS\SYSTEM32\cfgbkend.dll
2006-11-19 11:49 345,088 --a------ C:\WINDOWS\SYSTEM32\hypertrm.dll
2006-11-19 11:49 343,040 --a------ C:\WINDOWS\SYSTEM32\mspaint.exe
2006-11-19 11:49 295,424 --a------ C:\WINDOWS\SYSTEM32\termsrv.dll
2006-11-19 11:49 229,888 --a------ C:\WINDOWS\SYSTEM32\catsrv.dll
2006-11-19 11:49 21,896 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdtcp.sys
2006-11-19 11:49 20,480 --a------ C:\WINDOWS\SYSTEM32\qprocess.exe
2006-11-19 11:49 196,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpdr.sys
2006-11-19 11:49 19,968 --a------ C:\WINDOWS\SYSTEM32\rdpsnd.dll
2006-11-19 11:49 185,344 --a------ C:\WINDOWS\SYSTEM32\cmprops.dll
2006-11-19 11:49 183,808 --a------ C:\WINDOWS\SYSTEM32\accwiz.exe
2006-11-19 11:49 17,408 --a------ C:\WINDOWS\SYSTEM32\mmfutil.dll
2006-11-19 11:49 161,280 --a------ C:\WINDOWS\SYSTEM32\msdtcuiu.dll
2006-11-19 11:49 147,968 --a------ C:\WINDOWS\SYSTEM32\rdchost.dll
2006-11-19 11:49 140,800 --a------ C:\WINDOWS\SYSTEM32\sessmgr.exe
2006-11-19 11:49 139,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\rdpwd.sys
2006-11-19 11:49 131,584 --a------ C:\WINDOWS\SYSTEM32\sndrec32.exe
2006-11-19 11:49 13,824 --a------ C:\WINDOWS\SYSTEM32\rdsaddin.exe
2006-11-19 11:49 123,392 --a------ C:\WINDOWS\SYSTEM32\mplay32.exe
2006-11-19 11:49 12,040 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tdpipe.sys
2006-11-19 11:49 110,080 --a------ C:\WINDOWS\SYSTEM32\clbcatex.dll
2006-11-19 11:49 11,776 --a------ C:\WINDOWS\SYSTEM32\xolehlp.dll
2006-11-19 11:49 11,264 --a------ C:\WINDOWS\SYSTEM32\icaapi.dll
2006-11-19 11:49 102,912 --a------ C:\WINDOWS\SYSTEM32\clipbrd.exe
2006-11-19 11:49 1,251,840 --a------ C:\WINDOWS\SYSTEM32\comsvcs.dll
2006-11-19 10:21 <DIR> d-------- C:\Program Files\Grisoft
2006-11-19 10:12 <DIR> d-------- C:\bintheredunthat
2006-11-19 03:43 2,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmkaud.sys
2006-11-19 03:42 82,944 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\wdmaud.sys
2006-11-19 03:42 7,552 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.sys
2006-11-19 03:42 60,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sysaudio.sys
2006-11-19 03:42 52,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\DMusic.sys
2006-11-19 03:42 5,376 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.sys
2006-11-19 03:42 4,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.sys
2006-11-19 03:41 9,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\NtApm.sys
2006-11-19 03:41 6,400 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\splitter.sys
2006-11-19 03:41 54,272 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\swmidi.sys
2006-11-19 03:41 3,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\audstub.sys
2006-11-19 03:41 171,776 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kmixer.sys
2006-11-19 03:41 142,464 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aec.sys
2006-11-19 03:40 93,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cwcwdm.sys
2006-11-19 03:40 10,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys
2006-11-19 03:39 60,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\drmk.sys
2006-11-19 03:39 57,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\redbook.sys
2006-11-19 03:39 4,096 --a------ C:\WINDOWS\SYSTEM32\ksuser.dll
2006-11-19 03:39 21,504 --a------ C:\WINDOWS\SYSTEM32\hidserv.dll
2006-11-19 03:39 145,792 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\portcls.sys
2006-11-19 03:38 75,136 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\atimpae.sys
2006-11-19 03:38 42,368 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS
2006-11-19 03:38 137,216 --a------ C:\WINDOWS\SYSTEM32\atidrae.dll
2006-11-19 03:37 74,240 --a------ C:\WINDOWS\SYSTEM32\usbui.dll
2006-11-19 03:37 36,224 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\an983.sys
2006-11-19 03:37 3,584 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cwcos.sys
2006-11-19 03:37 111,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\cwcspud.sys
2006-11-19 03:31 8,192 -ra------ C:\WINDOWS\SYSTEM32\kbdhept.dll
2006-11-19 03:31 7,168 -ra------ C:\WINDOWS\SYSTEM32\kbdcz.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdycl.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdsl1.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdsl.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdpl.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdhu.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdhela3.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdcz2.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdcz1.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\kbdcr.dll
2006-11-19 03:31 6,656 -ra------ C:\WINDOWS\SYSTEM32\KBDAL.DLL
2006-11-19 03:31 6,144 -ra------ C:\WINDOWS\SYSTEM32\kbdtuq.dll
2006-11-19 03:31 6,144 -ra------ C:\WINDOWS\SYSTEM32\kbdtuf.dll
2006-11-19 03:31 6,144 -ra------ C:\WINDOWS\SYSTEM32\kbdlv1.dll
2006-11-19 03:31 6,144 -ra------ C:\WINDOWS\SYSTEM32\kbdlv.dll
2006-11-19 03:31 6,144 -ra------ C:\WINDOWS\SYSTEM32\kbdhela2.dll
2006-11-19 03:31 6,144 -ra------ C:\WINDOWS\SYSTEM32\kbdgkl.dll
2006-11-19 03:31 6,144 -ra------ C:\WINDOWS\SYSTEM32\kbdest.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdycc.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbduzb.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdur.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdtat.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdru1.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdru.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdro.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdpl1.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdmon.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdlt1.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdlt.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdkyr.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdkaz.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdhu1.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdhe319.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdhe220.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdhe.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdbu.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdblr.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdazel.dll
2006-11-19 03:31 5,632 -ra------ C:\WINDOWS\SYSTEM32\kbdaze.dll
2006-11-19 03:30 9,936 --a------ C:\WINDOWS\SYSTEM\LZEXPAND.DLL
2006-11-19 03:30 9,008 --a------ C:\WINDOWS\SYSTEM\VER.DLL
2006-11-19 03:30 85,020 --a------ C:\WINDOWS\SYSTEM32\dgsetup.dll
2006-11-19 03:30 82,944 --a------ C:\WINDOWS\SYSTEM\OLECLI.DLL
2006-11-19 03:30 8,704 --a------ C:\WINDOWS\SYSTEM32\batt.dll
2006-11-19 03:30 74,752 --a------ C:\WINDOWS\SYSTEM32\storprop.dll
2006-11-19 03:30 69,584 --a------ C:\WINDOWS\SYSTEM\AVICAP.DLL
2006-11-19 03:30 69,120 --a------ C:\WINDOWS\NOTEPAD.EXE
2006-11-19 03:30 68,768 --a------ C:\WINDOWS\SYSTEM\MMSYSTEM.DLL
2006-11-19 03:30 5,120 --a------ C:\WINDOWS\SYSTEM\SHELL.DLL
2006-11-19 03:30 32,816 --a------ C:\WINDOWS\SYSTEM\COMMDLG.DLL
2006-11-19 03:30 24,661 --a------ C:\WINDOWS\SYSTEM32\spxcoins.dll
2006-11-19 03:30 24,064 --a------ C:\WINDOWS\SYSTEM\OLESVR.DLL
2006-11-19 03:30 19,200 --a------ C:\WINDOWS\SYSTEM\TAPI.DLL
2006-11-19 03:30 176,157 --a------ C:\WINDOWS\SYSTEM32\dgrpsetu.dll
2006-11-19 03:30 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2006-11-19 03:30 13,312 --a------ C:\WINDOWS\SYSTEM32\irclass.dll
2006-11-19 03:30 126,912 --a------ C:\WINDOWS\SYSTEM\MSVIDEO.DLL
2006-11-19 03:30 11,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\irenum.sys
2006-11-19 03:30 109,456 --a------ C:\WINDOWS\SYSTEM\AVIFILE.DLL
2006-11-19 03:30 103,424 --a------ C:\WINDOWS\SYSTEM32\EqnClass.Dll
2006-11-19 03:30 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Start Menu
2006-11-19 03:30 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2006-11-19 03:30 <DIR> d--h----- C:\Documents and Settings\All Users.WINDOWS\Templates
2006-11-19 03:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Favorites
2006-11-19 03:30 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Desktop
2006-11-19 03:29 <DIR> dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\.
2006-11-19 03:29 <DIR> dr-h----- C:\Documents and Settings\All Users.WINDOWS\Application Data
2006-11-19 03:29 <DIR> d---s---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2006-11-19 03:29 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\..
2006-11-19 03:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\..
2006-11-19 03:28 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\.
2006-11-07 19:29 <DIR> d-------- C:\WINDOWS\SYSTEM32\bak
2006-11-05 10:30 <DIR> d-------- C:\WINDOWS\ŗdobe
2006-11-04 20:50 <DIR> d--hs---- C:\WINDOWS\SmFtYWwgTWFra291aw


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-20 17:22 -------- d-a------ C:\Program Files\Common Files
2006-11-19 11:51 -------- d-------- C:\Program Files\Online Services
2006-11-19 11:51 -------- d-------- C:\Program Files\Messenger
2006-11-18 18:49 -------- d-------- C:\Program Files\Windows NT
2006-11-18 18:49 -------- d-------- C:\Program Files\Web Publish
2006-11-18 18:48 -------- d-------- C:\Program Files\Accessories
2006-11-16 15:46 -------- d-------- C:\Program Files\Internet Explorer
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\xvjwgubf.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\wtbihcya.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\wtbidaaa.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\vrstyldx.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\vrstelif.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\vrstehcw.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\upkffoxl.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\tncqgagj.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\sltchdhr.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\nbehmntq.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\myvsnuul.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\lwnejgiy.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\jswbuscj.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\iqomrxmf.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\hogxsfkm.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\eihgvbox.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\bcioywuw.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\bcioywmd.t
2006-11-05 12:11 16457 --ah----- C:\Program Files\Common Files\aaaauilp.t
2006-10-24 19:41 -------- d-------- C:\Program Files\Microsoft Works
2006-10-23 16:21 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-23 16:21 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-01 17:54 -------- d-------- C:\Program Files\Common Files\Slmss
2006-09-26 14:31 102400 --a------ C:\Program Files\Common Files\ntldr.sys
2006-09-22 14:26 -------- d-------- C:\Program Files\Outlook Express
2006-09-22 14:26 -------- d-------- C:\Program Files\Common Files\SYSTEM


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c4,01,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e4,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4e,00,00,00,00,00,00,00,b2,03,00,00,e4,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-11-20 17:28:13.43
C:\ComboFix.txt ... 06-11-20 17:28


Logfile of HijackThis v1.99.1
Scan saved at 8:06:58 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jamal\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:20:58 PM 11/20/2006

+ Scan result:



C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003009.exe/clientax.dll -> Adware.180Solutions : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003010.dll -> Adware.180Solutions : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003012.exe -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\ncmyb.SABHO -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\ncmyb.SABHO.1 -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\ncmyb.SABHO\CLSID -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\ncmyb.SABHO\CurVer -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\DeluxeCommunications -> Adware.DeluxeCommunications : No action taken.
HKLM\SOFTWARE\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : No action taken.
HKU\S-1-5-21-725345543-813497703-854245398-1004\Software\DeluxeCommunications -> Adware.DeluxeCommunications : No action taken.
HKU\S-1-5-21-725345543-813497703-854245398-1004\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : No action taken.
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : No action taken.
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : No action taken.
HKU\S-1-5-21-725345543-813497703-854245398-1004\Software\Avenue Media -> Adware.InternetOptimizer : No action taken.
HKU\S-1-5-21-725345543-813497703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : No action taken.
HKU\S-1-5-21-725345543-813497703-854245398-1004\Software\Policies\Avenue Media -> Adware.InternetOptimizer : No action taken.
HKU\S-1-5-21-725345543-813497703-854245398-1004\Software\IST -> Adware.ISTBar : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003005.dll -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003006.dll -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003007.exe -> Adware.SurfSide : No action taken.
[1416] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[416] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[472] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[484] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[656] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[728] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[824] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[896] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
[944] C:\WINDOWS\system32\dxclib303562752.dll -> Adware.SurfSide : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003019.dll -> Adware.Ucmore : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003020.dll -> Adware.Ucmore : No action taken.
HKU\S-1-5-21-725345543-813497703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003029.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003031.exe -> Adware.ZenoSearch : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0000105.exe -> Downloader.Adload.j : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003013.exe -> Downloader.Dyfica : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003014.exe -> Downloader.Dyfica : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003015.dll -> Downloader.Dyfuca : No action taken.
C:\System Volume Information\_restore{48B182C2-84BD-4E0F-B292-09ECF2CC29D5}\RP2\A0003016.exe -> Downloader.Dyfuca.ey : No action taken.
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP14\A0111816.dll -> Proxy.Agent.ji : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@adrevolver[3].txt -> TrackingCookie.Adrevolver : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@findwhat[1].txt -> TrackingCookie.Findwhat : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@ehg-ripedigitalentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@data3.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@trafficmp[1].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@trafic[1].txt -> TrackingCookie.Trafic : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Jamal\Cookies\jamal@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP14\A0111811.exe -> Worm.Glowa.d : No action taken.
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP14\A0111812.exe -> Worm.Glowa.d : No action taken.
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP14\A0111813.exe -> Worm.Glowa.d : No action taken.
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP14\A0111814.exe -> Worm.Glowa.d : No action taken.
C:\System Volume Information\_restore{85382948-7181-4FC5-BD7C-05A391C0FE5A}\RP14\A0111815.exe -> Worm.Glowa.d : No action taken.


::Report end
Jamal

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 PM

Posted 21 November 2006 - 01:22 AM

Yikes,

You're not only dealing with a lot of random crap, You are also dealing with a file infector which infects every exe, scr and rar file on your system.
These files may not get deleted, but cured/disinfected instead.
Problem with this infection is, it happens a lot, when this infection is trying to infect a file, it fails in some cases > result > an uninfected file, but corrupt instead.
Also, some scanners do have problems with disinfecting some files and make it corrupt as well.
This is with what you are dealing:
http://info.drweb.com/show/2971/en
http://www.sophos.com/security/analyses/w32drefo.html
So I can't promise we can fix all damage it already caused though.
That's why in such cases, a format and reinstall is still the fastest, safest and best solution. However, if you want to proceed with this and live with the fact that damage will still be present afterwards, perform next steps.

You didn't follow my instructions how to properly run the AVG Antispywarescan because it didn't delete anything. It says: No action taken.

Most probably you forgot next step:

# Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine.......


and

# Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.


Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please hide your hidden files and folders afterwards again, when we are done with this thread and your problems are solved, because above instructions to set your system to show all files, unhide legit files and folders as well.
And I don't want you to delete them because they may look suspicious. To hide them again, just perform the above instructions in the opposite way.


Delete next folder and files:

C:\WINDOWS\SmFtYWwgTWFra291aw <== folder
C:\WINDOWS\optimize.exe
C:\WINDOWS\SYSTEM32\winpfg32.sys
C:\WINDOWS\getnexus.exe
C:\WINDOWS\SYSTEM32\mmxvdt.exe
C:\Program Files\Common Files\xvjwgubf.t
C:\Program Files\Common Files\wtbihcya.t
C:\Program Files\Common Files\wtbidaaa.t
C:\Program Files\Common Files\vrstyldx.t
C:\Program Files\Common Files\vrstelif.t
C:\Program Files\Common Files\vrstehcw.t
C:\Program Files\Common Files\upkffoxl.t
C:\Program Files\Common Files\tncqgagj.t
C:\Program Files\Common Files\sltchdhr.t
C:\Program Files\Common Files\nbehmntq.t
C:\Program Files\Common Files\myvsnuul.t
C:\Program Files\Common Files\lwnejgiy.t
C:\Program Files\Common Files\jswbuscj.t
C:\Program Files\Common Files\iqomrxmf.t
C:\Program Files\Common Files\hogxsfkm.t
C:\Program Files\Common Files\eihgvbox.t
C:\Program Files\Common Files\bcioywuw.t
C:\Program Files\Common Files\bcioywmd.t
C:\Program Files\Common Files\aaaauilp.t

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv I need that log later.
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Since the log from DrWeb CureIt and the panda log will be huge, I want you to upload them instead of copying and pasting in this thread.
To do this, go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to the Log from DrWeb CureIt (DrWeb.csv) and upload it there.
Do the same for the log from Panda Online.

Then post a NEW Hijackthislog in your next reply. (Don't upload that one)
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 jamal56783

jamal56783
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:01:27 PM

Posted 21 November 2006 - 08:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:41:40 PM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jamal\Desktop\HijackThis.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
Jamal

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 PM

Posted 22 November 2006 - 02:05 AM

jamal56783,

Why did you uninstall your Zonealarm and AVG Antispyware again? This really doesn't make any sense. Your computer was/is terribly infected because nothing is preventing malware - all the entries in your log were malware related.... I asked you to install an antivirus and firewall and now you uninstall it again?

Can you explain please?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:27 PM

Posted 29 November 2006 - 06:08 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users