1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Outerinfo removal help

Discussion in 'Virus & Other Malware Removal' started by jishin_wave, Jul 4, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    I recently (yesterday in fact) found out that I had something called Outerinfo on my computer, I used the removal tool but I am sure that my bandwidth is getting used without my permission by something as my connection status seems to be constantly receiving and sending, another thing is that after removing the Outerinfo my AVG anti virus went haywire and now does not seem to run - it seems to be running as a process but I can't get the program to run to do manual scans or anything. I am sure I still have spyware or something on the pc - anyhelp will be much appreciated!

    Here is my HJthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 20:36:38, on 04/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {31229AA0-62FB-4C91-BEF4-91975281ADD2} - C:\WINDOWS\system32\vturr.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pukfsxmk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180298122984
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180298113468
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    Right it took a while but heres the antispyware log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/05/2007 at 00:39 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3265
    Trace Rules Database Version: 1276

    Scan type : Complete Scan
    Total Scan Time : 03:49:08

    Memory items scanned : 381
    Memory threats detected : 0
    Registry items scanned : 5799
    Registry threats detected : 18
    File items scanned : 259642
    File threats detected : 356

    Adware.Vundo Variant
    HKLM\Software\Classes\CLSID\{31229AA0-62FB-4C91-BEF4-91975281ADD2}
    HKCR\CLSID\{31229AA0-62FB-4C91-BEF4-91975281ADD2}
    HKCR\CLSID\{31229AA0-62FB-4C91-BEF4-91975281ADD2}\InprocServer32
    HKCR\CLSID\{31229AA0-62FB-4C91-BEF4-91975281ADD2}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\VTURR.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31229AA0-62FB-4C91-BEF4-91975281ADD2}
    C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\NHGTXBCH.DLL.VIR
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP173\A0042442.DLL

    Unclassified.Unknown Origin
    HKLM\Software\Classes\CLSID\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
    HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
    HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32
    HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}\InprocServer32#ThreadingModel
    C:\WINDOWS\SYSTEM32\PUKFSXMK.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
    HKCR\CLSID\{5ADF3862-9E2E-4AD3-86F7-4510E6550CD0}
    APPLEQUICKTIMEPROV7.0.3.25SERIALDOOM\KEYGEN.NFO
    SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP161\A0037589.NFO

    Adware.Tracking Cookie
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][5].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][6].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][4].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][4].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][5].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][3].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][4].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][5].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][6].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][8].txt
    C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][10].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][4].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][5].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][6].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][7].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][8].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][9].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\Documents and Settings\Edwin\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][4].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected]guide[1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
     
  4. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][4].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][3].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][2].txt
    C:\My old Disk Structure -- 07-05-27 0900PM\My old Disk Structure -- 07-04-26 1151PM\Documents and Settings\Vincent\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][2].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt
    C:\RECYCLER\S-1-5-21-1615061138-4097411637-2529006832-500\Dc302\Temp\Cookies\[email protected][1].txt

    Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\MSSMGR
    HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
    HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV

    Malware.Ultimate Defender
    C:\DOCUMENTS AND SETTINGS\EDWIN\LOCAL SETTINGS\TEMP\INSTALL25.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP178\A0046784.EXE

    Trojan.Downloader-Gen/AVP
    C:\DOCUMENTS AND SETTINGS\VINCENT\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8K20GER2\XC23[1].EXE

    Adware.ClickSpring/Outer Info Network
    ANTI\OIUNINSTALLER.EXE

    Adware.180solutions/Search Assistant
    SUPERSLUETH.EXE

    Adware.ClickSpring/Yazzle
    C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\YAZZLE1162OINUNINSTALLER.EXE.VIR

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP171\A0042176.DLL

    Trojan.Downloader-UltimateFixer
    C:\WINDOWS\SYSTEM32\SCCHK32.EXE
     
  5. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    and the hjthis

    Logfile of HijackThis v1.99.1
    Scan saved at 00:44:48, on 05/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Common Files\Real\Update_OB\realevent.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180298122984
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180298113468
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix this with HiJackThis – mark it, close IE, click fix checked

    O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
    =========================
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
    =================
    Empty the recycle bin

    =============

    Clean [​IMG]
    If you feel its is fixed mark it solved via Thread Tools above

    Turn off restore points, boot, turn them back on – here’s how

    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    This clears infected restore points and sets a new, clean one.
     
  7. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    I did everything but it seems my pc is downloading something everytime I connect to the net - in a minute after connection over 100k of traffic had been downloaded already in the 3 minutes of connection and just loading this page up directly I have received over 600k and sent over 500k I swear something is going on here
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    YOu never posted this from Vundofix

    C:\vundofix.txt
     
  9. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    It never found anything
    I tried again as below anyway

    VundoFix V6.5.4

    Checking Java version...

    Scan started at 21:02:23 05/07/2007

    Listing files found while scanning....

    No infected files were found.
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run ActiveScan online virus scan

    http://www.pandasoftware.com/products/activescan.htm

    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

    Post a new HiJackThis log along with the results from ActiveScan
     
  11. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    Incident Status Location
    Spyware:spyware/virtumonde Not disinfected Windows Registry
    Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Edwin\Cookies\[email protected][2].txt

    unfortunately I had to stop it as it was taking too long (and i need to go to sleep) but it did find something before I did so it looks like

    heres the hjthis log as well

    Logfile of HijackThis v1.99.1
    Scan saved at 23:27:50, on 05/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OemReset] %systemroot%\OPTIONS\OEMRESET.EXE /AUDIT
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180298122984
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180298113468
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5D6814F7-B8D3-42DD-AD8E-0028984CC310}: NameServer = 195.8.162.82 195.8.160.64
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5D6814F7-B8D3-42DD-AD8E-0028984CC310}: NameServer = 195.8.162.82 195.8.160.64
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    and the hjscan
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    It must be a non event registry entry as it has no details - I wouldn't worry about it
     
  13. jishin_wave

    jishin_wave Thread Starter

    Joined:
    Jul 4, 2007
    Messages:
    8
    Ok I am just kinda worried about my bandwidth being used so much without even doing anything - IE is crawling sometimes now although I am using Firefox as well yet on stationary pages my net is still constantly sending and receiving....
     
  14. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    I'd try disabling items in msconfig startup and see if that will get the culprit - one of those legit entries may be phoning home for what ever reason
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/591751

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice