Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page A number of problems
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-19-2005, 09:22 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


A number of problems
Okay, so i've been trying to get my computer back up to its full speed potential as its been running slowly recently. I've run multiple virus and spyware scanners already.
My first problem is related to what i was trying to do in the first place, i noticed that porgrams that shouldn't be using a lot of CPU, were. For example Microsoft word was using up to 20% for some reason.
The second problem is that whilst i was trying to fix the computer, i started to get constant error messages for Iexplorer, dispite the fact that it wasn't even running. The Dr watson package of programs keeps on opening up windows telling me that there is an error with Iexplorer. I've stopped the windows from opening my disabling error message reports, but it seems that drwtsn32.exe and dxtexts.exe keep loading as background processes.
Any help that you can offer would be appreciated, and here's my HJT log, and 'm sure there are some problems there:

Logfile of HijackThis v1.99.1
Scan saved at 16:21:27, on 19/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thanks in advance.
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-19-2005, 02:52 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Let's begin with this:

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.
Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:


Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/p2pnetwork.bfu

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

Run a new scan with HJT and post that log here.


Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-20-2005, 02:18 AM   #3 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


Okay, here's the Panda activescan report:


Incident Status Location

Adware:adware/ist.istbar No disinfected C:\Documents and Settings\ann kirkpatrick\Local Settings\Temp\iinstall.exe
Adware:adware/bigtrafficnet No disinfected C:\Documents and Settings\ann kirkpatrick\Favorites\1111\1111.url
Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\services.exe
Adware:adware/exact.bargainbuddyNo disinfected C:\WINDOWS\SYSTEM32\bho.dll
Adware:adware/consumeralertsystemNo disinfected C:\PROGRAM FILES\CMSystem
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/pacimedia No disinfected C:\Documents and Settings\ann kirkpatrick\Favorites\1111
Adware:adware/webext No disinfected Windows Registry
Adware:Adware/Maxifiles No disinfected C:\Documents and Settings\ann kirkpatrick\ab.exe[mc-58-12-0000137.exe]
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\ann kirkpatrick\Application Data\rnuo.exe
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\ann kirkpatrick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-534e5212-6b2f417a.zip[Mein.class]
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\ann kirkpatrick\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-534e5212-6b2f417a.zip[Beyond.class]
Adware:Adware/Popper No disinfected C:\Documents and Settings\ann kirkpatrick\Local Settings\Temp\s354.5.exe
Dialer:Dialer.AUU No disinfected C:\Guild Wars [Crack].exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\CMSystem\plugin.dll
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\InetGet2\mc-58-12-0000137.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\mc-58-12-0000137.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\services.exe
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[gui.exe]
Adware:Adware/Maxifiles No disinfected C:\Program Files\Common Files\system32.dll[cwebpage.dll]
Adware:Adware/Maxifiles No disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/WUpd No disinfected C:\Program Files\InetGet\Adperform180safull.exe
Dialer:Dialer.AUU No disinfected C:\unzipped\Guild Wars [Crack].exe
Virus:Trj/Multidropper.AGP Disinfected C:\unzipped\Guild Wars-FLT-KEYGEN.exe
Adware:Adware/Popper No disinfected C:\WINDOWS\offun.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\WINDOWS\pf78.exe
Adware:Adware/IST.ISTBar No disinfected C:\WINDOWS\system32\tb.exe
Adware:Adware/Popper No disinfected C:\WINDOWS\uywajvd.exe

And here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 09:17:06, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Apologies if any of it is a bit difficult to read.
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-20-2005, 06:57 AM   #4 (permalink)
Analyst, Security Team
 
greyknight17's Avatar
 
Join Date: Jul 2004
Location: New York
Posts: 14,331
OS: Windows 98 & Windows XP Home/Pro

My System

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Right click and copy the below lines. Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\Documents and Settings\ann kirkpatrick\ab.exe
C:\Documents and Settings\ann kirkpatrick\Application Data\rnuo.exe
C:\Documents and Settings\ann kirkpatrick\Favorites\1111
C:\Documents and Settings\ann kirkpatrick\Local Settings\Temp\iinstall.exe
C:\Documents and Settings\ann kirkpatrick\Local Settings\Temp\s354.5.exe
C:\Guild Wars [Crack].exe
C:\PROGRAM FILES\CMSystem
C:\Program Files\CMSystem\plugin.dll
C:\Program Files\Common Files\InetGet2\mc-58-12-0000137.exe
C:\Program Files\Common Files\mc-58-12-0000137.exe
C:\PROGRAM FILES\COMMON FILES\services.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\Common Files\system32.dll
C:\Program Files\DNS\
C:\Program Files\DNS\cwebpage.dll
C:\Program Files\InetGet\
C:\Program Files\InetGet\Adperform180safull.exe
C:\Program Files\InetGet2\
C:\Program Files\MsConfigs\MsConfigs.exe
C:\unzipped\Guild Wars [Crack].exe
C:\WINDOWS\offun.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\SYSTEM32\bho.dll
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
C:\WINDOWS\system32\CMD.COM
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\p2pnetwork.exe
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\tb.exe
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\uywajvd.exe

If you get a PendingOperations message, just close it and restart your computer manually.

Restart...

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Make sure to close all open windows. Check and fix the following in HijackThis:

O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)

Delete these if still found:

C:\Documents and Settings\ann kirkpatrick\Favorites\1111
C:\Program Files\CMSystem\
C:\Program Files\DNS\
C:\Program Files\InetGet\
C:\Program Files\InetGet2\
C:\Program Files\MsConfigs\
C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs

Restart and run another Panda scan. Post that log here along with a new HijackThis log.
__________________
Please do NOT PM me. Post whatever questions you may have in the forum and we will take a look at it when we get to it. If you have waited for more than 3 days, you may then and ONLY then PM me for assistance. I will take a look at it.
greyknight17 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-20-2005, 12:17 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:15:34, on 20/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


And new Panda scan:

Incident Status Location

Adware:adware/maxifiles No disinfected C:\PROGRAM FILES\COMMON FILES\Windows
Adware:adware/webext No disinfected Windows Registry
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-20-2005, 12:47 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Please check the contents of this folder, and report them:

C:\PROGRAM FILES\COMMON FILES\Windows


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Choose Save, NOT run, and save to your desktop
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


How is your system behaing now?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-20-2005, 01:20 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


Okay i'm in the process with the scanning, here is whats in that Windows folder:

AutoIt3 script (exe i think)
psapi.dll
request (html)
services32 (exe)

So far if i'm honest, i've not noticed much different, the system is probably a fair bit cleaner now, but applications are still using excessive memory, and dxtexts.exe and drwtsn keep running in the background.
I'll post the scan results once i get them, thanks for the help so far.

Edit: Okay the second scan result turned up nothing, so i don't have a log to give you
Last edited by FreshD; 11-20-2005 at 01:41 PM.
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-20-2005, 06:52 PM   #8 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Please delete this folder:

C:\PROGRAM FILES\COMMON FILES\Windows

If it resists deletion, boot to safe mode and delete it from there.

2 questions....is there a full path given for the dxtexts.exe file? If so, do this:


Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan. Report the results here, please.

If no full path is given, run a search for the file and the use that given path for a jotti scan.

As far as Dr. Watson goes....are you getting an error at startup or are you just worried because it's running at startup (in the running processes).

In addition, please do this (this will take some time, so get a cup and relax):

Download Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

* Download WinPFind http://www.bleepingcomputer.com/files/winpfind.php
o Double click on WinPFind and unzip it to your Desktop.
o Don't do anything with it yet!

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

Double click WinPFind.exe

* Click 'Start Scan'
* It will scan the entire system, so please be patient!
* Once the scan is complete:
1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Copy those results in the next post!

Restart in normal mode.

Perform an online scan with Internet Explorer with

Kaspersky Online Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    • Standard
    • Scan Options:
    • Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.

* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-21-2005, 11:30 AM   #9 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


Hmmm, sorry, it seems that dxtexts and drwtsn have stopped running as suddenly as they started. I wasn't worried that it was openining at startup, but by the fact that both programs kept running once every 5-10 seconds or so, they seem to have stopped now. I'll get to work on the scanning.
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-21-2005, 02:39 PM   #10 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


Okay here goes, i haven't had the time to check dxtexts i will post about it tomorrow if i get the time, things to do, heres the scan results though:


Ewido

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:43:00, 21/11/2005
+ Report-Checksum: 66128EE

+ Scan result:

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} -> Spyware.PowerStrip : Error during cleaning
:mozilla.6:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.8:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.29:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.30:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.35:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.44:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.45:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.46:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.47:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.48:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.56:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.57:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.58:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.59:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.60:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.85:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.87:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.88:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.89:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.92:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.98:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.99:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.101:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.116:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.117:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.118:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.119:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.120:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.122:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.245:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.283:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.284:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.286:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.292:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.293:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.311:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.312:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.313:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.314:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.315:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.316:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.317:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.318:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.319:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.320:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.337:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.338:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.339:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.340:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.341:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.342:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.343:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.344:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.345:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.346:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.347:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.348:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.388:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.389:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.398:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.399:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.400:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.401:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.402:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.403:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.415:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.429:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.445:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.451:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.452:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.468:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.478:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup
:mozilla.498:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.499:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.500:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.501:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.502:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.503:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\pnu37fe0.Default User\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.10:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.20:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.31:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.37:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\ann kirkpatrick\Application Data\Mozilla\Firefox\Profiles\zyhi57mz.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\WINDOWS\blttmwo.exe -> TrojanDownloader.VB.hj : Cleaned with backup


::Report End


winpfind

»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 08/06/2005 17:18:04 42496 C:\lf_16C.tmp
PECompact2 08/06/2005 17:18:04 42496 C:\lf_16C.tmp
PEC2 09/06/2005 06:43:34 42496 C:\lf_2A0.tmp
PECompact2 09/06/2005 06:43:34 42496 C:\lf_2A0.tmp
PEC2 09/06/2005 16:57:50 42496 C:\lf_45C.tmp
PECompact2 09/06/2005 16:57:50 42496 C:\lf_45C.tmp

Checking %ProgramFilesDir% folder...
PEC2 29/09/2005 07:31:20 2757722 C:\Program Files\Deutsch Fable The Lost Chapters crack.exe
PECompact2 29/09/2005 07:31:20 2757722 C:\Program Files\Deutsch Fable The Lost Chapters crack.exe
PEC2 29/09/2005 07:31:24 2757761 C:\Program Files\Fable The Lost Chapters cracked.exe
PECompact2 29/09/2005 07:31:24 2757761 C:\Program Files\Fable The Lost Chapters cracked.exe
PEC2 27/08/2005 18:54:08 2757717 C:\Program Files\US Fable The Lost Chapters crack.exe
PECompact2 27/08/2005 18:54:08 2757717 C:\Program Files\US Fable The Lost Chapters crack.exe

Checking %WinDir% folder...
UPX! 30/10/2005 10:05:38 65536 C:\WINDOWS\IFinst27.exe
PECompact2 17/11/2005 10:32:44 16523781 C:\WINDOWS\lpt$vpn.953
qoologic 17/11/2005 10:32:44 16523781 C:\WINDOWS\lpt$vpn.953
SAHAgent 17/11/2005 10:32:44 16523781 C:\WINDOWS\lpt$vpn.953
UPX! 03/05/2005 11:44:44 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 25/10/2005 11:15:06 170053 C:\WINDOWS\tsc.exe
PECompact2 17/11/2005 10:32:44 16523781 C:\WINDOWS\VPTNFILE.953
qoologic 17/11/2005 10:32:44 16523781 C:\WINDOWS\VPTNFILE.953
SAHAgent 17/11/2005 10:32:44 16523781 C:\WINDOWS\VPTNFILE.953
UPX! 25/10/2005 11:15:04 1044560 C:\WINDOWS\vsapi32.dll
aspack 25/10/2005 11:15:04 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 12/11/2005 14:59:18 473600 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 12/06/2005 00:03:00 42496 C:\WINDOWS\SYSTEM32\czdeqpoq.exe
PECompact2 12/06/2005 00:03:00 42496 C:\WINDOWS\SYSTEM32\czdeqpoq.exe
aspack 18/03/2005 16:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll
PEC2 23/08/2001 15:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 26/10/2004 22:38:24 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 26/10/2004 22:38:24 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PEC2 11/06/2005 18:02:56 42496 C:\WINDOWS\SYSTEM32\fusonjvf.exe
PECompact2 11/06/2005 18:02:56 42496 C:\WINDOWS\SYSTEM32\fusonjvf.exe
PEC2 11/06/2005 00:02:10 42496 C:\WINDOWS\SYSTEM32\jkapyxkl.exe
PECompact2 11/06/2005 00:02:10 42496 C:\WINDOWS\SYSTEM32\jkapyxkl.exe
PEC2 11/06/2005 08:02:20 42496 C:\WINDOWS\SYSTEM32\ktgxkysn.exe
PECompact2 11/06/2005 08:02:20 42496 C:\WINDOWS\SYSTEM32\ktgxkysn.exe
PTech 12/07/2005 18:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 02/11/2005 05:34:18 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 02/11/2005 05:34:18 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 03/08/2004 22:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
PEC2 12/06/2005 02:03:02 42496 C:\WINDOWS\SYSTEM32\oihnyawl.exe
PECompact2 12/06/2005 02:03:02 42496 C:\WINDOWS\SYSTEM32\oihnyawl.exe
PEC2 12/06/2005 12:03:26 42496 C:\WINDOWS\SYSTEM32\okdbvnon.exe
PECompact2 12/06/2005 12:03:26 42496 C:\WINDOWS\SYSTEM32\okdbvnon.exe
PEC2 08/06/2005 11:17:58 42496 C:\WINDOWS\SYSTEM32\pathmahi.exe
PECompact2 08/06/2005 11:17:58 42496 C:\WINDOWS\SYSTEM32\pathmahi.exe
PEC2 11/06/2005 22:02:58 42496 C:\WINDOWS\SYSTEM32\pjleljny.exe
PECompact2 11/06/2005 22:02:58 42496 C:\WINDOWS\SYSTEM32\pjleljny.exe
PEC2 12/06/2005 04:03:02 42496 C:\WINDOWS\SYSTEM32\pmqxzqsi.exe
PECompact2 12/06/2005 04:03:02 42496 C:\WINDOWS\SYSTEM32\pmqxzqsi.exe
Umonitor 03/08/2004 22:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
PEC2 11/06/2005 16:02:54 42496 C:\WINDOWS\SYSTEM32\tkogfymt.exe
PECompact2 11/06/2005 16:02:54 42496 C:\WINDOWS\SYSTEM32\tkogfymt.exe
PEC2 12/06/2005 14:03:36 42496 C:\WINDOWS\SYSTEM32\ulatspmw.exe
PECompact2 12/06/2005 14:03:36 42496 C:\WINDOWS\SYSTEM32\ulatspmw.exe
winsync 23/08/2001 15:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PEC2 12/06/2005 06:03:04 42496 C:\WINDOWS\SYSTEM32\xxfyhlow.exe
PECompact2 12/06/2005 06:03:04 42496 C:\WINDOWS\SYSTEM32\xxfyhlow.exe
PEC2 11/06/2005 06:02:16 42496 C:\WINDOWS\SYSTEM32\zjyultbp.exe
PECompact2 11/06/2005 06:02:16 42496 C:\WINDOWS\SYSTEM32\zjyultbp.exe

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
21/11/2005 19:55:14 S 2048 C:\WINDOWS\bootstat.dat
21/11/2005 19:53:56 H 24 C:\WINDOWS\p5YxZ
05/11/2005 08:53:12 RHS 227 C:\WINDOWS\assembly\Desktop.ini
05/10/2005 20:33:38 S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
05/10/2005 01:17:40 S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
28/09/2005 10:53:30 S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
21/11/2005 19:55:04 H 8192 C:\WINDOWS\system32\config\default.LOG
21/11/2005 19:55:32 H 1024 C:\WINDOWS\system32\config\SAM.LOG
21/11/2005 19:55:16 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
21/11/2005 19:58:34 H 98304 C:\WINDOWS\system32\config\software.LOG
21/11/2005 19:55:22 H 872448 C:\WINDOWS\system32\config\system.LOG
09/11/2005 03:01:06 H 1024 C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
23/10/2005 16:54:54 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\85769919-d063-475c-8ebb-aa653386673e
23/10/2005 16:54:54 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
21/11/2005 19:54:20 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 20/09/2004 14:20:44 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 03/08/2004 22:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 03/08/2004 22:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 03/08/2004 22:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 03/08/2004 22:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 03/08/2004 22:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 03/06/2005 02:52:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 23/08/2001 15:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 03/08/2004 22:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 23/08/2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 03/08/2004 22:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 03/08/2004 22:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
02/08/2005 15:35:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 23/08/2001 15:00:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 03/08/2004 22:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 03/08/2004 22:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 03/08/2004 22:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 23/08/2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 03/08/2004 22:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 03/08/2004 22:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 03/08/2004 22:56:58 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 03/08/2004 22:56:58 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 03/08/2004 22:56:58 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 03/08/2004 22:56:58 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 03/08/2004 22:56:58 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 03/08/2004 22:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 23/08/2001 15:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 03/08/2004 22:56:58 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 23/08/2001 15:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 03/08/2004 22:56:58 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 03/08/2004 22:56:58 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 23/08/2001 15:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 03/08/2004 22:56:58 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 03/08/2004 22:56:58 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 03/08/2004 22:56:58 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 03/08/2004 22:56:58 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 23/08/2001 15:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 03/08/2004 22:56:58 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 03/08/2004 22:56:58 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 26/05/2005 03:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
29/04/2005 18:03:26 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
25/04/2005 18:20:06 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
22/07/2005 14:01:52 1646 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
25/04/2005 18:48:14 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
25/04/2005 18:20:06 HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
25/04/2005 18:48:14 HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
= C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
AlcxMonitor ALCXMNTR.EXE
HPDJ Taskbar Utility C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
MessengerPlus3 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
KernelFaultCheck %systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express Calendar Checker.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express Calendar Checker.lnk
backup C:\WINDOWS\pss\Ulead Photo Express Calendar Checker.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ULEADS~1\ULEADP~1.0TR\CalCheck.exe
item Ulead Photo Express Calendar Checker
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express Calendar Checker.lnk
backup C:\WINDOWS\pss\Ulead Photo Express Calendar Checker.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\ULEADS~1\ULEADP~1.0TR\CalCheck.exe
item Ulead Photo Express Calendar Checker

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\blttmwo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item blttmwo
hkey HKLM
command C:\WINDOWS\blttmwo.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item blttmwo
hkey HKLM
command C:\WINDOWS\blttmwo.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMSystem
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CMSystem
hkey HKCU
command "C:\Program Files\CMSystem\CMSystem.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CMSystem
hkey HKCU
command "C:\Program Files\CMSystem\CMSystem.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Program Files\D-Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item daemon
hkey HKLM
command "C:\Program Files\D-Tools\daemon.exe" -lang 1033
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DNS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-58-12-0000137
hkey HKCU
command C:\Program Files\Common Files\mc-58-12-0000137.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-58-12-0000137
hkey HKCU
command C:\Program Files\Common Files\mc-58-12-0000137.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mmtask
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mmtask
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MMTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mm_tray
hkey HKLM
command "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nwiz
hkey HKLM
command nwiz.exe /install
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\services32
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-58-12-0000137
hkey HKCU
command C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mc-58-12-0000137
hkey HKCU
command C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinampAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command C:\Program Files\Winamp\winampa.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winampa
hkey HKLM
command C:\Program Files\Winamp\winampa.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs MsgPlusLoader.dll


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 21/11/2005 20:05:41

Kaspersky

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 69354
Number of viruses found: 15
Number of infected objects: 68
Number of suspicious objects: 0
Duration of the scan process: 4078 sec

Infected Object Name - Virus Name
C:\lf_16C.tmp Infected: Trojan-Downloader.Win32.Dluca.gen
C:\lf_2A0.tmp Infected: Trojan-Downloader.Win32.Dluca.gen
C:\lf_45C.tmp Infected: Trojan-Downloader.Win32.Dluca.gen
C:\Program Files\Deutsch Fable The Lost Chapters crack.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\Program Files\Deutsch Fable The Lost Chapters crack.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\Deutsch Fable The Lost Chapters crack.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Deutsch Fable The Lost Chapters crack.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Fable The Lost Chapters cracked.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\Program Files\Fable The Lost Chapters cracked.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\Fable The Lost Chapters cracked.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\Program Files\Fable The Lost Chapters cracked.exe Infected: Trojan.Win32.Pakes
C:\Program Files\US Fable The Lost Chapters crack.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\Program Files\US Fable The Lost Chapters crack.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\Program Files\US Fable The Lost Chapters crack.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\Program Files\US Fable The Lost Chapters crack.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043509.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043509.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043509.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043509.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043510.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043510.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043510.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP177\A0043510.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP180\A0044774.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP180\A0044775.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP181\A0044871.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP181\A0044872.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP182\A0045872.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP194\A0047743.dll Infected: Trojan-Downloader.Win32.IstBar.ms
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP198\A0050903.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP198\A0050904.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP198\A0050905.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP198\A0050907.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP198\A0050908.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP198\A0050909.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP198\A0050910.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP199\A0051841.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP233\A0084301.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP233\A0085261.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0088333.exe/csrss.exe Infected: Backdoor.Win32.ServU-based.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0088333.exe/services.exe Infected: Backdoor.Win32.Iroffer.14b2
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0088333.exe Infected: Backdoor.Win32.Iroffer.14b2
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0089332.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0089333.exe Infected: Trojan-Downloader.Win32.Small.bqq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0089338.exe Infected: Trojan-Downloader.Win32.VB.hw
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0089341.exe Infected: Trojan-Dropper.Win32.VB.jx
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP238\A0089342.exe Infected: Trojan-Dropper.Win32.Agent.mu
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP239\A0089549.exe Infected: Trojan-Dropper.Win32.Delf.jp
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP239\A0089550.exe Infected: Trojan-Dropper.Win32.Delf.jp
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP239\A0090575.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP239\A0090577.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP239\A0090578.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP239\A0090579.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP239\A0090600.exe Infected: Trojan-Downloader.Win32.VB.hj
C:\WINDOWS\system32\czdeqpoq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\fusonjvf.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\jkapyxkl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ktgxkysn.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\oihnyawl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\okdbvnon.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pathmahi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pjleljny.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pmqxzqsi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\tkogfymt.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ulatspmw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\xxfyhlow.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zjyultbp.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\winupd.bat Infected: Trojan.BAT.Zapchast

Scan process completed.

Thanks once again.

P.S. sorry for double post if i'm not supposed to do that.
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-21-2005, 07:12 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)


Launch KillBox.exe & select the following options:
  • delete on Reboot
Highlight all the filenames below & then right-click & select Copy
  • C:\WINDOWS\system32\czdeqpoq.exe
    C:\WINDOWS\system32\fusonjvf.exe
    C:\WINDOWS\system32\jkapyxkl.exe
    C:\WINDOWS\system32\ktgxkysn.exe
    C:\WINDOWS\system32\oihnyawl.exe
    C:\WINDOWS\system32\okdbvnon.exe
    C:\WINDOWS\system32\pathmahi.exe
    C:\WINDOWS\system32\pjleljny.exe
    C:\WINDOWS\system32\pmqxzqsi.exe
    C:\WINDOWS\system32\tkogfymt.exe
    C:\WINDOWS\system32\ulatspmw.exe
    C:\WINDOWS\system32\xxfyhlow.exe
    C:\WINDOWS\system32\zjyultbp.exe
    C:\winupd.bat
    C:\WINDOWS\IFinst27.exe
    C:\Program Files\Deutsch Fable The Lost Chapters crack.exe
    C:\Program Files\Fable The Lost Chapters cracked.exe
    C:\Program Files\US Fable The Lost Chapters crack.exe
    C:\lf_16C.tmp
    C:\lf_2A0.tmp
    C:\lf_45C.tmp
    C:\WINDOWS\blttmwo.exe
    C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Run CleanUp again using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Choose Save, NOT run, and save to your desktop
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


Run a new scan with Kaspersky, and post the results here, please.

Restart in normal mode. Please be sure all entries are enabled in MSCONFIG and run a new HijackThis scan. Save the log file and post it here.

Please return with results from:

Jotti scan
Antispyware.log
Kaspersky online scan
HJT
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-22-2005, 11:57 AM   #12 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


I couldn't find dtexts.exe, it seems to have dissappeared, i don't know if thats good or bad. There's also no antispyware log because it didn't find any problems, but here are my HJT and kasperski results:

HJT

Logfile of HijackThis v1.99.1
Scan saved at 18:39:23, on 22/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, November 22, 2005 18:34:52
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 22/11/2005
Kaspersky Anti-Virus database records: 151322
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 59186
Number of viruses found: 5
Number of infected objects: 26
Number of suspicious objects: 0
Duration of the scan process: 4131 sec

Infected Object Name - Virus Name
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090655.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090656.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090657.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090658.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090659.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090660.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090661.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090662.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090663.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090664.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090665.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090666.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090667.bat Infected: Trojan.BAT.Zapchast
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090669.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090669.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090669.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090669.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090670.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090670.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090670.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090670.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090671.exe/username.exe Infected: Trojan-Dropper.Win32.Agent.se
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090671.exe/wudupdate.exe Infected: Trojan-Downloader.Win32.IstBar.lq
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090671.exe/wuauclt10.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{6B027AA2-5206-4E5D-93AF-0AAA4C7ED026}\RP241\A0090671.exe Infected: Trojan.Win32.Pakes
C:\WINDOWS\system32\czdeqpoq.exe Infected: Trojan-Downloader.Win32.Dluca.gen

Scan process completed.


Out of curiosity, what exactly is ctfmon.exe? Its in my startup items, but in my system folder.
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-22-2005, 01:59 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,543
OS: 2000 Pro; XP Pro; XP Home


From CastleCops Startup List Database:

CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don\'t need these features. CTFMON can be disabled from Control Panel, Text & Speech Services. NOTE: The file will always be located in the System32 folder. If it is located elsewhere, it will likely be a worm or trojan.

I have attached a file to this post, regdel.zip. Download it to your desktop. From within the zip file, doubleclick on the reg file, and answer Yes when it asks to merge with the registry. This will eliminate some orphaned reg keys the malware had used.

I know we just flushed System Restore points, but please do so again where I have it in the instructions.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Delete this file:

C:\WINDOWS\system32\czdeqpoq.exe

If it resists deletion, reboot to safe mode and delete it from there.

Other than that......Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK

Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  • IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here
  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. It can be downloaded here - MVPS Hosts file
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial

    Here are two very good free Antivirus products which are available:
  • Avast!
  • AVG

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 3 free ones available for personal use:

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles


Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
Last edited by tetonbob; 01-18-2006 at 08:19 PM.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-23-2005, 10:58 AM   #14 (permalink)
Registered User
 
Join Date: Nov 2003
Posts: 32
OS: WinXP


Almost forgot to reply, thanks very much for all the help, i think thats all.
FreshD is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:20 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85