1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Mirar and Pop Ups Maybe More

Discussion in 'All Other Software' started by WFSarmiento, Jul 19, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    Hello Everyone, or Someone!

    I just discovered this website, so I am trying to follow the instructions as best I can, I have Mirar downloaded onto my computer, and possibly other pop up programs. I really don't know how it happend, except that my brother may have accidently done something.

    Dell Dimension DV051, I am on Windows XP, Service Pack 2, 2002 Version.

    If anyone could please help that would be greatly appreciated.

    Thanks again,

    Walter
     
  2. andyspeake

    andyspeake

    Joined:
    May 10, 2007
    Messages:
    1,543
    If you want to remove mirar------

    http://www.spywareremove.com/removeMirar.html

    To ensure you do not have any security problems....

    Download and Run HijackThis
    Download HJTInstall.exe to your Desktop.
    • Doubleclick HJTInstall.exe to install it.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Copy/Paste the log to your next reply please.
    Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Then please be patient whilst an expert log reader goes over your log

    Thanks ;)
     
  3. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    This is what I got, I tried following the instructions to remove Mirar but I was unable to remove it.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:19:31 PM, on 7/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\brunbhz.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1149794738\ee\AOLSoftware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lexmark 8300 Series\ezprint.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\WINDOWS\brunbhzA.exe
    C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
    C:\WINDOWS\system32\lxcjcoms.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\WINDOWS\system32\crotjidw.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sirius.com/servlet/ContentServer?pagename=Sirius/CachedPage&c=Page&cid=1018209032790
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149794738\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [brunbhzA] C:\WINDOWS\brunbhzA.exe
    O4 - HKLM\..\Run: [{ZN}] C:\WINDOWS\TISKY009.exe SKY009
    O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\gvysfxog.dll",forkonce
    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
    O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Startup: TA_Start.lnk = C:\WINDOWS\TISKY009.exe
    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
    O16 - DPF: {C98C3D93-348B-4B22-B237-81EAF2F06F11} (CMSMediaPlayer Object) - http://ksuperstar.com/mskaraoke.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
    O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\brunbhz.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\wuoqyn.html

    --
    End of file - 8633 bytes
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

    Download this file :

    http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
    or
    http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

    Double click combofix.exe & follow the prompts.
    When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

    Note:
    Do not mouseclick combofix's window while its running. That may cause it to stall
    ====================

    Download Superantispyware (SAS) free home version

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This will take some time!!!!!!!!
     
  5. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    ok, i downloaded ComboFix and here is the post, afterwards I will post the hijackthis post, I have not completed the second part of what I was told to do, the downloading of the SUPERAntiSpyware.com software, I am doing that right now and will post up what I do immediatly following this post

    "Damaris" - 2007-07-20 22:12:35 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


    (((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


    C:\WINDOWS\system32\awtqpmn.dll
    C:\WINDOWS\system32\favukatq.dll
    C:\WINDOWS\system32\mljjjjg.dll
    C:\WINDOWS\system32\qxldsgrj.dll
    C:\WINDOWS\system32\crotjidw.exe
    C:\WINDOWS\system32\ftaltono.exe
    C:\WINDOWS\system32\qnpnxqvx.exe
    C:\WINDOWS\system32\ttxeoobw.exe
    C:\WINDOWS\system32\lcccynlm.dll
    C:\WINDOWS\system32\rdawinyr.dll
    C:\WINDOWS\system32\wlpjpbej.dll
    C:\WINDOWS\system32\awtqpmn.dll
    C:\WINDOWS\system32\mljjjjg.dll
    C:\WINDOWS\system32\qtakuvaf.ini
    C:\WINDOWS\system32\cbeeg.bak1
    C:\WINDOWS\system32\cbeeg.bak2
    C:\WINDOWS\system32\cbeeg.ini
    C:\WINDOWS\system32\cbeeg.ini2
    C:\WINDOWS\system32\cbeeg.tmp
    C:\WINDOWS\system32\jrgsdlxq.ini
    C:\WINDOWS\system32\cbeeg.bak1
    C:\WINDOWS\system32\cbeeg.bak2
    C:\WINDOWS\system32\cbeeg.ini
    C:\WINDOWS\system32\cbeeg.ini2
    C:\WINDOWS\system32\cbeeg.tmp
    C:\WINDOWS\system32\cbeeg.bak1
    C:\WINDOWS\system32\cbeeg.bak2
    C:\WINDOWS\system32\cbeeg.ini
    C:\WINDOWS\system32\cbeeg.ini2
    C:\WINDOWS\system32\cbeeg.tmp
    C:\WINDOWS\system32\geebc.dll
    C:\WINDOWS\system32\yayxxwv.dll
    C:\WINDOWS\system32\yayxxwv.dll


    * * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
    C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
    C:\DOCUME~1\Damaris\APPLIC~1.\winantispyware 2007
    C:\DOCUME~1\Damaris\APPLIC~1.\winantispyware 2007\Logs\update.log
    C:\DOCUME~1\Damaris\APPLIC~1\WinTouch\wintouch.cfg
    C:\DOCUME~1\Damaris\APPLIC~1\WinTouch\WinTouch.exe
    C:\DOCUME~1\Damaris\APPLIC~1\WinTouch\WTUninstaller.exe
    C:\DOCUME~1\Damaris\MYDOCU~1.\sstem~1
    C:\DOCUME~1\Damaris\MYDOCU~1.\sstem~1\services.exe
    C:\Documents and Settings\Damaris.\err.log
    C:\Program Files\Common Files\sahuz.dll
    C:\Program Files\Common Files\sahuz124.dll
    C:\Program Files\Common Files\sahuz478.dll
    C:\Program Files\Common Files\sahuz932.dll
    C:\Program Files\Common Files\sahuz991.dll
    C:\Program Files\Common Files\winantispyware 2007
    C:\Program Files\Common Files\winantispyware 2007\err.log
    C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
    C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
    C:\Program Files\Common Files\wuoqyn.html
    C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
    C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
    C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
    C:\Program Files\inetget2
    C:\Program Files\MSN\povegamix83122.dll
    C:\Program Files\network monitor
    C:\Program Files\network monitor\netmon.exe
    C:\Program Files\outerinfo
    C:\Program Files\outerinfo\Terms.rtf
    C:\temp\tn3
    C:\WINDOWS\b136.exe
    C:\WINDOWS\dls0523pmw.exe
    C:\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe
    C:\WINDOWS\offun.exe
    C:\WINDOWS\rau001978.exe
    C:\WINDOWS\retadpu1000106.exe
    C:\WINDOWS\retadpu572.exe
    C:\WINDOWS\RGFtYXJpcyBTYXJtaWVudG8\asappsrv.dll
    C:\WINDOWS\RGFtYXJpcyBTYXJtaWVudG8\command.exe
    C:\WINDOWS\system32\atmtd.dll
    C:\WINDOWS\system32\atmtd.dll._
    C:\WINDOWS\system32\crosof~1.net
    C:\WINDOWS\system32\crosof~1.net\l?gonui.exe
    C:\WINDOWS\system32\dgvkgqaj.exe
    C:\WINDOWS\system32\drivers\core.cache.dsk
    C:\WINDOWS\system32\drivers\core.sys
    C:\WINDOWS\system32\drivers\fopn.sys
    C:\WINDOWS\system32\jsgbe.dll
    C:\WINDOWS\system32\kgunxdho.exe
    C:\WINDOWS\system32\kipabfbp.exe
    C:\WINDOWS\system32\lrbrunfc.exe
    C:\WINDOWS\system32\lvhemyoc.exe
    C:\WINDOWS\system32\stdtxfyi.exe
    C:\WINDOWS\system32\tsuninst.exe
    C:\WINDOWS\system32\vbrjogpc.exe
    C:\WINDOWS\system32\wcpsvsu.exe
    C:\WINDOWS\system32\winnb58.dll
    C:\WINDOWS\system32\yvwdgfvq.exe
    C:\WINDOWS\system32\Z1
    C:\WINDOWS\system32\Z1\mwspasrt83122.exe
    C:\WINDOWS\system32\Z3
    C:\WINDOWS\system32\Z3\w0716.exe
    C:\WINDOWS\system32\Z5
    C:\WINDOWS\system32\Z5\st2.exe
    C:\WINDOWS\system32\Z7
    C:\WINDOWS\TISKY009.exe
    C:\WINDOWS\tk58.exe
    C:\WINDOWS\uninstall_nmon.vbs
    C:\WINDOWS\wr.txt


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_CMDSERVICE
    -------\LEGACY_CORE
    -------\LEGACY_NETWORK_MONITOR
    -------\LEGACY_NET_AGENT
    -------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
    -------\cmdService
    -------\core
    -------\Net Agent
    -------\Network Monitor
    -------\Windows Overlay Components


    ((((((((((((((((((((((((( Files Created from 2007-06-21 to 2007-07-21 )))))))))))))))))))))))))))))))


    2007-07-20 22:11 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-20 09:34 <DIR> d-------- C:\WINDOWS\qzmo
    2007-07-20 09:34 <DIR> d-------- C:\Program Files\Common Files\qzmo
    2007-07-20 09:24 <DIR> d--hs---- C:\WINDOWS\RGFtYXJpcyBTYXJtaWVudG8
    2007-07-20 09:24 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
    2007-07-17 20:39 54,784 --a------ C:\WINDOWS\brunbhz.exe
    2007-07-17 20:39 186,352 -r-hs---- C:\WINDOWS\brunbhzA.exe
    2007-07-17 20:39 <DIR> d-------- C:\WINDOWS\system32\Z11
    2007-07-17 20:39 <DIR> d-------- C:\WINDOWS\system32\driver
    2007-07-17 20:39 <DIR> d-------- C:\WINDOWS\system32\b02FdUe
    2007-07-17 20:39 <DIR> d-------- C:\Temp\brr
    2007-07-17 20:39 <DIR> d-------- C:\Temp\0c2
    2007-07-13 23:38 <DIR> d-------- C:\DOCUME~1\Damaris\APPLIC~1\Yahoo!
    2007-07-13 00:02 <DIR> d-------- C:\DOCUME~1\Andy\APPLIC~1\Yahoo!
    2007-07-13 00:02 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
    2007-07-11 23:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
    2007-07-11 23:22 <DIR> d-------- C:\Program Files\Yahoo!
    2007-07-11 06:29 28,160 --a------ C:\WINDOWS\b103.exe
    2007-07-11 06:29 22,016 --a------ C:\WINDOWS\b138.exe
    2007-07-08 00:13 <DIR> d-------- C:\DOCUME~1\Andy\Contacts
    2007-06-30 22:13 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
    2007-06-27 23:45 <DIR> d-------- C:\DOCUME~1\Andy\APPLIC~1\Sonic
    2007-06-27 21:53 4,096 --a------ C:\WINDOWS\d3dx.dat
    2007-06-27 21:48 <DIR> d-------- C:\My Games
    2007-06-27 21:48 <DIR> d-------- C:\My Download Files
    2007-06-27 21:36 774,144 --a------ C:\Program Files\RngInterstitial.dll
    2007-06-25 22:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL OCP
    2007-06-25 22:14 <DIR> d-------- C:\Program Files\AIM6


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-21 02:20:55 246 ----a-w C:\Program Files\Common Files\sahuz124
    2007-07-20 01:18:52 -------- d-----w C:\Program Files\Trend Micro
    2007-07-20 01:13:26 -------- d-----w C:\Program Files\Lx_cats
    2007-07-19 04:45:53 5,018 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    2007-07-19 04:45:49 88 --sh--r C:\WINDOWS\system32\6E68F487B8.sys
    2007-07-16 17:30:27 104 --sh--r C:\WINDOWS\system32\B887F4686E.sys
    2007-07-14 19:58:38 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-06-30 04:00:57 -------- d-----w C:\Program Files\Common Files\Real
    2007-06-28 01:36:16 -------- d-----w C:\Program Files\Real
    2007-06-26 02:14:37 -------- d-----w C:\Program Files\Viewpoint
    2007-06-23 14:54:17 -------- d-----w C:\DOCUME~1\Damaris\APPLIC~1\AdobeUM
    2007-06-08 02:36:08 -------- d-----w C:\Program Files\palmOne
    2007-05-18 02:22:26 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2006-05-06 14:24:40 19,025,408 ----a-w C:\Program Files\Common Files\InterviewPLUS Workstation.msi
    2006-05-06 13:22:28 19,025,408 ----a-w C:\Program Files\Common Files\TaxWise Workstation.msi
    2005-12-11 03:53:42 1,278,166 ----a-w C:\Program Files\KZ740101.zip
    2005-11-20 02:50:19 117,320 ----a-w C:\Program Files\spongebob.exe
    2005-11-19 16:44:49 4,878,136 ----a-w C:\Program Files\Firefox Setup 1.0.7.exe
    2005-04-25 18:41:48 18,448,384 ----a-w C:\Program Files\Common Files\TaxWise Workstation Setup.msi
    2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\RGFtYXJpcyBTYXJtaWVudG8\l3IQsrLDwV1nsrLQuqpRx3f.vbs


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    2007-05-30 17:18 808472 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-12-18 04:16 59032 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}]
    C:\PROGRA~1\RXTOOL~1\sfcont.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    2004-12-06 03:05 118842 --a------ C:\WINDOWS\system32\dla\tfswshx.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-08-31 20:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
    C:\WINDOWS\system32\WinNB58.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
    2007-02-24 15:33 38584 --a------ C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 19:48]
    "IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 22:12]
    "ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 12:44]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44]
    "Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 18:34]
    "Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 14:04]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-09-16 10:43]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-12-26 20:35]
    "HostManager"="C:\Program Files\Common Files\AOL\1149794738\ee\AOLSoftware.exe" [2006-05-09 20:24]
    "IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 12:59]
    "@"="" []
    "lxcjmon.exe"="C:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [2005-09-30 10:49]
    "EzPrint"="C:\Program Files\Lexmark 8300 Series\ezprint.exe" [2006-04-19 09:57]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WhenUSave"="C:\Program Files\Save\Save.exe" []
    "Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [2006-05-09 20:24]
    "Uaol"="C:\DOCUME~1\Damaris\MYDOCU~1\SSTEM~1\services.exe" []
    "Ffj"="C:\WINDOWS\system32\??crosoft.NET\l?gonui.exe" []
    "qzmo"="C:\PROGRA~1\COMMON~1\qzmo\qzmom.exe" [2006-07-19 14:56]
    "SfKg6w"="C:\Documents and Settings\Damaris\Application Data\Microsoft\Windows\axdxeh.exe" [2007-07-20 09:45]

    C:\DOCUME~1\Damaris\STARTM~1\Programs\Startup
    LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2005-10-25 14:28:15]

    C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
    WinCinema Manager.lnk - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe [2006-12-25 13:10:02]
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe [2007-05-17 22:35:19]
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]
    Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2005-11-19 12:29:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source= C:\Program Files\Common Files\wuoqyn.html
    FriendlyName=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
    AutoRun\command- E:\setup.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-21 02:31:19 C:\WINDOWS\tasks\SDMsgUpdate (SmartDrawTrial).job

    **************************************************************************

    catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-20 22:31:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-20 22:33:17 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-20 22:32

    --- E O F ---

    Here is the Hijackthis post

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:34:11 PM, on 7/20/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\AOL\1149794738\ee\AOLSoftware.exe
    C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
    C:\Program Files\Lexmark 8300 Series\ezprint.exe
    C:\PROGRA~1\COMMON~1\qzmo\qzmom.exe
    C:\WINDOWS\system32\lxcjcoms.exe
    C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\PROGRA~1\COMMON~1\qzmo\qzmoa.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\cmd.exe
    C:\ComboFix\vfind.cfexe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll (file missing)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149794738\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Damaris\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
    O4 - HKCU\..\Run: [Ffj] C:\WINDOWS\system32\??crosoft.NET\l?gonui.exe
    O4 - HKCU\..\Run: [qzmo] C:\PROGRA~1\COMMON~1\qzmo\qzmom.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
    O16 - DPF: {C98C3D93-348B-4B22-B237-81EAF2F06F11} (CMSMediaPlayer Object) - http://ksuperstar.com/mskaraoke.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\wuoqyn.html

    --
    End of file - 8956 bytes
     
  6. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/21/2007 at 00:19 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3272
    Trace Rules Database Version: 1283

    Scan type : Complete Scan
    Total Scan Time : 01:28:00

    Memory items scanned : 384
    Memory threats detected : 3
    Registry items scanned : 5624
    Registry threats detected : 113
    File items scanned : 98990
    File threats detected : 538

    Trojan.Unknown Origin
    C:\PROGRA~1\COMMON~1\QZMO\QZMOM.EXE
    C:\PROGRA~1\COMMON~1\QZMO\QZMOM.EXE
    C:\PROGRA~1\COMMON~1\QZMO\QZMOA.EXE
    C:\PROGRA~1\COMMON~1\QZMO\QZMOA.EXE
    [qzmo] C:\PROGRA~1\COMMON~1\QZMO\QZMOM.EXE
    C:\PROGRAM FILES\COMMON FILES\QZMO\QZMOA.EXE
    C:\PROGRAM FILES\COMMON FILES\QZMO\QZMOL.EXE
    C:\PROGRAM FILES\COMMON FILES\QZMO\QZMOM.EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WCPSVSU.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\UNINSTALL_NMON.VBS.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082208.VBS
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082209.EXE
    C:\WINDOWS\RGFTYXJPCYBTYXJTAWVUDG8\L3IQSRLDWV1NSRLQUQPRX3F.VBS
    C:\WINDOWS\Prefetch\QZMOA.EXE-12BF6144.pf
    C:\WINDOWS\Prefetch\QZMOM.EXE-30D9B161.pf

    Unclassified.Unknown Origin/System
    C:\PROGRA~1\COMMON~1\QZMO\QZMOD\QZMOC.DLL
    C:\PROGRA~1\COMMON~1\QZMO\QZMOD\QZMOC.DLL
    C:\PROGRAM FILES\COMMON FILES\QZMO\QZMOD\QZMOC.DLL

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
    HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID
    C:\PROGRA~1\RXTOOL~1\SFCONT.DLL
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MSN\POVEGAMIX83122.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\RGFTYXJPCYBTYXJTAWVUDG8\COMMAND.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082225.EXE

    Adware.RX Toolbar
    HKLM\Software\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32#ThreadingModel
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
    HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483}

    Adware.Mirar/NetNucleus
    HKLM\Software\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Version
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BuildName
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Affiliate
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Show3X
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#ShowType
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#PopupCount
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#BlockEnable
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#WalkThrough
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\Properties#Ticket
    HKCR\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    C:\WINDOWS\SYSTEM32\WINNB58.DLL
    HKLM\Software\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\InprocServer32#ThreadingModel
    HKCR\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}\TypeLib
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}
    HKLM\Software\Microsoft\Internet Explorer\Toolbar#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\0\win32
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\FLAGS
    HKCR\TypeLib\{566DEDE9-9ED8-45DA-9BE6-9B2EEAB17F49}\1.0\HELPDIR
    HKU\S-1-5-21-4206947895-160062496-180305987-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InprocServer32#ThreadingModel
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\ProgID
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Programmable
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\TypeLib
    HKCR\CLSID\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\VersionIndependentProgID
    C:\WINDOWS\SYSTEM32\WINATS.DLL
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\ProxyStubClsid32
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib
    HKCR\Interface\{1037B06C-84B7-4240-8D80-485810A0497D}\TypeLib#Version
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\ProxyStubClsid32
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib
    HKCR\Interface\{54B287F9-FD90-4457-B65E-CB91560C021D}\TypeLib#Version
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\ProxyStubClsid32
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib
    HKCR\Interface\{6E4C7AFC-9915-4036-B7F9-8B3F1710788F}\TypeLib#Version
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CLSID
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1\CurVer
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1
    HKCR\Mirar_Dummy_ATS.Mirar_Dummy_ATS1.1\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#.Owner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/WinATS.dll#{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#SystemComponent
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}#Installer
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\Contains\Files#C:\WINDOWS\system32\WinATS.dll
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#CODEBASE
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\DownloadInformation#INF
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion
    HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8A0DCBDB-6E20-489C-9041-C1E8A0352E75}\InstalledVersion#LastModified
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\System32\WinATS.dll [  ]
    C:\WINDOWS\Downloaded Program Files\WinATS.inf
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WINNB58.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082237.DLL

    Browser Hijacker.Internet Explorer Zone Hijack
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

    Adware.Tracking Cookie
    C:\Documents and Settings\Damaris\Cookies\[email protected][13].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][9].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][8].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][15].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][11].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected]_6c8d[1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
     
  7. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][8].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][4].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][5].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][4].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][6].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected]=0_[3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected]=0_[2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][3].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected]erclick[2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][1].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Andy\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][4].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][5].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][6].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][7].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][8].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][9].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][4].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][5].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][7].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][4].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][5].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][6].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][7].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][8].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][10].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][11].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][12].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][13].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][1].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][2].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][3].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][4].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][5].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][6].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][7].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][8].txt
    C:\Documents and Settings\Damaris\Cookies\[email protected][9].txt

    Adware.WhenU
    HKCR\WUSN.1
    HKCR\WUSN.1#WUSN_Id
    C:\Documents and Settings\Damaris\Start Menu\Programs\WhenU\Customer Support.lnk
    C:\Documents and Settings\Damaris\Start Menu\Programs\WhenU\Learn More About WhenU Save.url
    C:\Documents and Settings\Damaris\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url
    C:\Documents and Settings\Damaris\Start Menu\Programs\WhenU\Uninstall Instructions.lnk
    C:\Documents and Settings\Damaris\Start Menu\Programs\WhenU\WhenU.com Website.url
    C:\Documents and Settings\Damaris\Start Menu\Programs\WhenU

    Adware.180solutions/ZangoSearch
    HKU\S-1-5-21-4206947895-160062496-180305987-1005\Software\Zango
    C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPCLNTAX.DLL

    Adware.ClickSpring/Yazzle
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yazzle1122Oin#UninstallString
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1122OINUNINSTALLER.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINADMIN.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1281OINUNINSTALLER.EXE.VIR
    C:\WINDOWS\PREFETCH\YAZZLE1122OINADMIN.EXE-0F198A06.PF
    C:\WINDOWS\PREFETCH\YAZZLEBUNDLE-1122.EXE-0A70446A.PF

    Adware.Zango Toolbar/Hb
    HKU\S-1-5-21-4206947895-160062496-180305987-1005\Software\Microsoft\Internet Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}

    Adware.ClickSpring/Outer Info Network
    C:\Documents and Settings\Damaris\Start Menu\Programs\Outerinfo\Terms.lnk
    C:\Documents and Settings\Damaris\Start Menu\Programs\Outerinfo\Uninstall.lnk
    C:\Documents and Settings\Damaris\Start Menu\Programs\Outerinfo

    Adware.Vundo/Traff-2
    C:\DOCUMENTS AND SETTINGS\ANDY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0L2ZSD6V\KCEHC_EICOOC20070702[1]
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\CROTJIDW.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\FTALTONO.EXE.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TTXEOOBW.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082249.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082250.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082252.EXE

    Trojan.ZQuest-Installer
    C:\DOCUMENTS AND SETTINGS\ANDY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GPAJO9EB\TK58[1].EXE
    C:\QOOBOX\QUARANTINE\C\WINDOWS\TK58.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP484\A0080986.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP484\A0081021.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP484\A0081039.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082243.EXE

    Adware.RAC
    C:\DOCUMENTS AND SETTINGS\ANDY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W5MR81I3\ACDT-PID67N[1].EXE

    Trojan.Downloader-Gen/TStamp
    C:\DOCUMENTS AND SETTINGS\ANDY\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\W5MR81I3\ADFCOOK[1]
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\QNPNXQVX.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082251.EXE

    Adware.Unknown Origin
    C:\PROGRAM FILES\COMMON FILES\QZMO\QZMOD\CLASS-BARREL
    C:\PROGRAM FILES\COMMON FILES\QZMO\QZMOD\VOCABULARY

    Trojan.Downloader-Gen
    C:\PROGRAM FILES\COMMON FILES\QZMO\QZMOP.EXE

    Adware.ClickSpring-Variant
    C:\QOOBOX\QUARANTINE\C\DOCUME~1\DAMARIS\MYDOCU~1\SSTEM~1\SERVICES.EXE.VIR

    Trojan.ZQuest
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\SAHUZ.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\SAHUZ124.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\SAHUZ478.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\SAHUZ932.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\SAHUZ991.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082219.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082220.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082221.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082222.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082223.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082224.DLL

    Adware.k8l
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\WUOQYN.HTML.VIR

    Trojan.NetMon/DNSChange
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\NETWORK MONITOR\NETMON.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082229.EXE

    Trojan.Downloader-Gen/BasicMath
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DLS0523PMW.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082239.EXE

    Trojan.WinAntiSpyware/WinAntiVirus 2006
    C:\QOOBOX\QUARANTINE\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NETINSTALLER.EXE.VIR

    Trojan.Downloader-VisFX
    C:\QOOBOX\QUARANTINE\C\WINDOWS\OFFUN.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082240.EXE

    Adware.Adservs
    C:\QOOBOX\QUARANTINE\C\WINDOWS\RGFTYXJPCYBTYXJTAWVUDG8\ASAPPSRV.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082226.DLL

    Adware.ClickSpring
    C:\QooBox\Quarantine\C\WINDOWS\system32\CROSOF~1.NET\LGONUI~1.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082230.EXE

    Adware.ClickSpring/Resident
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\JSGBE.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082218.DLL

    Adware.Vundo Variant
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\MLJJJJG.DLL.VIR
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\YAYXXWV.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082247.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082261.DLL

    TargetSaver, Inc. Process
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\TSUNINST.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082236.EXE

    Adware.ZenoSearch
    C:\QOOBOX\QUARANTINE\C\WINDOWS\TISKY009.EXE.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082244.EXE

    Trojan.Downloader-Stera/WinSoftware
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP484\A0080998.EXE

    Trojan.Rootkit-TnCore/Installer
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082233.EXE

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP486\A0082245.DLL

    Trojan.Downloader-Gen/Installer
    C:\WINDOWS\B104.EXE

    Adware.SysMon
    C:\WINDOWS\SYSTEM32\Z11\Z53.EXE

    Trace.Known Threat Sources
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\_affvm[1]
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\WDAZG92V\CA9SKZ95.htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\W5MR81I3\nf404[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\S5MB0LEN\CAKPO1SV.htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\checksoft[1].js
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\win1[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\0L2ZSD6V\nf404[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\2007[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\CHMBCD6F\tb_03[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\W5MR81I3\img_02[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\GPAJO9EB\CASHS1KJ.js
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\4DEFOTUF\img_14[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\CHMBCD6F\test[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\W5MR81I3\CA63G1IN.htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\CHMBCD6F\no[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\0L2ZSD6V\img_03[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\WDAZG92V\nf404[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\GPAJO9EB\tb_01[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\DFRKH7VH\img_11[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\GPAJO9EB\boton1[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\Z2R6HG9R\bg[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet
     
  8. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    Files\Content.IE5\W5MR81I3\img_13[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\bt_bgT[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\728x90-warning-2buttons-v1-a-s-en[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\K5AF4HY3\nf404[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\K5AF4HY3\box2[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\DFRKH7VH\CA4TAJW1.gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\GPAJO9EB\CAVI1SL9.htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\nf404[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\img_37[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\SLMR4T6V\img_01[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\0L2ZSD6V\nf404[2].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\S5MB0LEN\nf404[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\WDAZG92V\img_12[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\B9JBMO5W\728x90-warning-2buttons-v1-a-s-en[2].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\SLMR4T6V\nf404[1].htm
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\S5MB0LEN\favicon[2].ico
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\SLMR4T6V\check[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\GPAJO9EB\win2[1].gif
    C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\4DEFOTUF\160x600-wavp2007-download-v3-en[1].gif



    This is the Hijackthis Post


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:29:18 AM, on 7/21/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\1149794738\ee\AOLSoftware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lexmark 8300 Series\lxcjmon.exe
    C:\Program Files\Lexmark 8300 Series\ezprint.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\lxcjcoms.exe
    C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Verizon Online\bin\mpbtn.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149794738\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
    O4 - HKLM\..\Run: [lxcjmon.exe] "C:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 8300 Series\ezprint.exe"
    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Damaris\MYDOCU~1\SSTEM~1\services.exe" -vt yazb
    O4 - HKCU\..\Run: [Ffj] C:\WINDOWS\system32\??crosoft.NET\l?gonui.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-US\local\search.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
    O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab
    O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab
    O16 - DPF: {C98C3D93-348B-4B22-B237-81EAF2F06F11} (CMSMediaPlayer Object) - http://ksuperstar.com/mskaraoke.cab
    O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\wuoqyn.html

    --
    End of file - 8182 bytes
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    [​IMG] Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

    Ugrading Java:
    • Download the latest version of Java Runtime Environment (JRE) 6u2.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.
    ====================
    You have no active AntiVirus!

    Get the free AVG AntiVirus 7.5 install it, check for updates and run a full scan

    AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/

    ===============
    Add remove programs – remove ALL occurrences of Viewpoint
    ===============
    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

    O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Damaris\MYDOCU~1\SSTEM~1\services.exe" -vt yazb

    O4 - HKCU\..\Run: [Ffj] C:\WINDOWS\system32\??crosoft.NET\l?gonui.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000

    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\wuoqyn.html

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\Program Files\Common Files\wuoqyn.html
    C:\Program Files\Save

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  10. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    I Deleted Java and replaced it with a new version.

    I then Downloaded the AVG Software and ran a scan

    I dont know how to post the results from The AVG Scan that I did, but I think that this is it. The AVG Scan found an additional 24 Threats 23 of which were deleted, and 1 was moved to a vault.

    <history>
    <!-- 01c7cc9fbe6895e0 -->
    <rec time="2007/07/22 20:34:46" user="SYSTEM" source="Update">
    <value>@HL_UpdateOK</value>
    <attr name="version">avi:1071-1048;iavi:922-875;</attr>
    </rec>
    <rec time="2007/07/22 20:35:51" user="Andy" source="General">
    <value>@HL_TestStarted</value>
    <attr name="testname">@TestName_02</attr>
    </rec>
    <rec time="2007/07/22 20:44:08" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\K5AF4HY3\masiyxanidi[1]</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 20:45:48" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\WDAZG92V\_jnvm[1]</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Generic5.PUP</attr>
    </rec>
    <rec time="2007/07/22 20:57:08" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\Program Files\spongebob.exe</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Collected.8.AP</attr>
    </rec>
    <rec time="2007/07/22 21:10:00" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\Program Files\Real\RealArcade\GDSSetup.exe</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Generic5.IJI</attr>
    </rec>
    <rec time="2007/07/22 21:16:49" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\catchme2007-07-20_223148.85.zip</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">BackDoor.Generic7.GTL</attr>
    </rec>
    <rec time="2007/07/22 21:16:50" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Downloader.Generic5.DUR</attr>
    </rec>
    <rec time="2007/07/22 21:16:50" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\retadpu572.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Downloader.Generic5.DUR</attr>
    </rec>
    <rec time="2007/07/22 21:16:50" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\awtqpmn.dll.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Downloader.Small.PM</attr>
    </rec>
    <rec time="2007/07/22 21:16:50" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\dgvkgqaj.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\geebc.dll.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Clicker.GSA</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\kgunxdho.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\kipabfbp.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\lrbrunfc.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\lvhemyoc.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\rdawinyr.dll.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Generic5.PUP</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\stdtxfyi.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\vbrjogpc.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\wlpjpbej.dll.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Generic5.PUP</attr>
    </rec>
    <rec time="2007/07/22 21:16:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\yvwdgfvq.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">SHeur.ZQ</attr>
    </rec>
    <rec time="2007/07/22 21:16:52" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\Z3\w0716.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Downloader.Generic5.DYH</attr>
    </rec>
    <rec time="2007/07/22 21:16:52" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\QooBox\Quarantine\C\WINDOWS\system32\Z5\st2.exe.vir</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Dropper.Agent.EDZ</attr>
    </rec>
    <rec time="2007/07/22 21:19:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\WINDOWS\brunbhz.exe</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Dropper.Agent.EAK</attr>
    </rec>
    <rec time="2007/07/22 21:19:51" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\WINDOWS\brunbhzA.exe</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Downloader.Generic5.DMS</attr>
    </rec>
    <rec time="2007/07/22 21:28:54" user="Andy" source="Virus">
    <value>@HL_ReportFind</value>
    <attr name="where">C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe</attr>
    <attr name="type">@EID_Id_trj</attr>
    <attr name="what">Downloader.Generic4.WSP</attr>
    </rec>
    <rec time="2007/07/22 21:30:17" user="Andy" source="General">
    <value>@HL_TestEnded</value>
    <attr name="testname">@TestName_02</attr>
    <attr name="infectedfiles">24</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\K5AF4HY3\masiyxanidi[1]</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\Documents and Settings\Andy\Local Settings\Temporary Internet Files\Content.IE5\WDAZG92V\_jnvm[1]</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\Program Files\spongebob.exe</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\Program Files\Real\RealArcade\GDSSetup.exe</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\catchme2007-07-20_223148.85.zip</attr>
    <attr name="action">@HL_ActVVInserted</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\retadpu1000106.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\retadpu572.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:18" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\awtqpmn.dll.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\dgvkgqaj.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\geebc.dll.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\kgunxdho.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\kipabfbp.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\lrbrunfc.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\lvhemyoc.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\rdawinyr.dll.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\stdtxfyi.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\vbrjogpc.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:19" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\wlpjpbej.dll.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:20" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\yvwdgfvq.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:20" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\Z3\w0716.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:20" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\QooBox\Quarantine\C\WINDOWS\system32\Z5\st2.exe.vir</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:20" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\WINDOWS\brunbhz.exe</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:20" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\WINDOWS\brunbhzA.exe</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    <rec time="2007/07/22 21:30:20" user="Andy" source="Virus">
    <value>@HL_ActionTaken</value>
    <attr name="filename">C:\WINDOWS\system32\b02FdUe\b02FdUe1065.exe</attr>
    <attr name="action">@HL_ActCleaned</attr>
    </rec>
    </history>
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Do all I posted and then a new hijack log
     
  12. WFSarmiento

    WFSarmiento Thread Starter

    Joined:
    Jul 18, 2007
    Messages:
    23
    These were the next 8 things that I was suppose to delete

    R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"

    O4 - HKCU\..\Run: [Uaol] "C:\DOCUME~1\Damaris\MYDOCU~1\SSTEM~1\services.exe" -vt yazb

    O4 - HKCU\..\Run: [Ffj] C:\WINDOWS\system32\??crosoft.NET\l?gonui.exe

    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZCfox000

    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\wuoqyn.html

    of the 8 I only found 2 on my HijackThis

    this one
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    and this one
    O24 - Desktop Component 0: (no name) - C:\Program Files\Common Files\wuoqyn.html
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    What does that mean??????????????

    Read carefully and do ALL i posted, don't make it up!!!!!!!!
     
  14. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/597615

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice