Log in

echeek · 1 malware threats from hijack this on Sat Apr 17, 2010 7:41 pm

echeek

Member
Member

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:19 PM, on 4/17/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThisInstaller.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bucknuts.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Browser protection - {FB9FFB4B-9680-4256-8178-5ECDB2C19B23} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html
O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147808845828
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147812592843
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Google Update Service (gupdate1c9c5a43cf1327f) (gupdate1c9c5a43cf1327f) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12698 bytes

DragonMaster Jay · 2 Re: malware threats from hijack this on Sat Apr 17, 2010 11:05 pm

DragonMaster Jay

Site Owner

Hello! We need to do some diagnostics to get started.

1. Please download Profiles by noahdfear.

Save it to your desktop.
Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. Please download Cheetah-Anti-Rogue by me, and save to your Desktop.

Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
Double-click on Cheetah-Anti-Rogue.cmd to start.
It will finish quickly and launch a log.
Post the contents of it in your next reply.

4. In your next reply, please post the following logs for my review:

Profiles log (1)
Win32kDiag log (2)
Cheetah log (3)

Thanks! Smile

echeek · 3 Re: malware threats from hijack this on Sun Apr 18, 2010 7:38 am

echeek

Member
Member

When trying to download Win32kDiag I get the following message: "
This request is blocked by the SonicWALL Gateway Anti-Virus Service. Name: Conficker.gen (Worm)"

echeek · 4 Re: malware threats from hijack this on Sun Apr 18, 2010 7:53 am

echeek

Member
Member

Here you go. Got around Sonic Wall issue.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-652681159-1059392522-2798352151-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Owner

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-652681159-1059392522-2798352151-1008

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-652681159-1059392522-2798352151-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

Running from: C:\Documents and Settings\Owner\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Owner\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Cheetah-Anti-Rogue v1.4.1
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 04/18/2010 - Time: 7:52:23 - Arch.: x86

-- Malware removal tools check --
Trend Micro HijackThis 2.0.2
Malwarebytes' Anti-Malware

-- Known infection --

Extra message: Detection only.

EOF

DragonMaster Jay · 5 Re: malware threats from hijack this on Sun Apr 18, 2010 3:13 pm

DragonMaster Jay

Site Owner

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

echeek · 6 Re: malware threats from hijack this on Mon Apr 19, 2010 5:10 pm

echeek

Member
Member

When I start ComboFix it tells me to disable Norton AntiVirus. I uninstalled this many moons ago. I cannot even find it using Control Panel - Add or Remove Programs.

Now what?

echeek · 7 Re: malware threats from hijack this on Mon Apr 19, 2010 5:41 pm

echeek

Member
Member

Here is the Combo Fix result:

ComboFix 10-04-18.04 - Owner 04/19/2010 17:16:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.991 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\2006 TAXES\Personal LOC - Condo .tif
c:\documents and settings\A - POTENTIAL PORTFOLIO PURCHASES\SAMS 1-30-07 HHLDFreshSaleFiletoJacksonCapital .xls
c:\documents and settings\C&Z INFO\Salaries & Raises .wb3
c:\documents and settings\CHEEK FAMILY STUFF\ASSIGNMENT FM BEEKMANS TO RAISING CANES LLC - draft .DOC
c:\documents and settings\Copy of CHEEK FAMILY STUFF\ASSIGNMENT FM BEEKMANS TO RAISING CANES LLC - draft .DOC
c:\documents and settings\Copy of EC'S STUFF\WG INFO ON 01-2237 .xls
c:\documents and settings\EC'S STUFF\WG INFO ON 01-2237 .xls
c:\documents and settings\Emerson\Net Cost .xls
c:\documents and settings\NEW SUBRO NUMBERS\SF COLL COMPARISON .wb3
c:\documents and settings\OHIO RECEIVABLES LLC\REDLINED RAVINIA JV Operating Agreement 3-9-04 .doc
c:\documents and settings\Owner\Application Data\02000000744ac90b879C.manifest
c:\documents and settings\Owner\Application Data\02000000744ac90b879O.manifest
c:\documents and settings\Owner\Application Data\02000000744ac90b879P.manifest
c:\documents and settings\Owner\Application Data\02000000744ac90b879S.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{4b4129d6-c701-45a5-885c-7edcea899f9e}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{4b4129d6-c701-45a5-885c-7edcea899f9e}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{4b4129d6-c701-45a5-885c-7edcea899f9e}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{4b4129d6-c701-45a5-885c-7edcea899f9e}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{4b4129d6-c701-45a5-885c-7edcea899f9e}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{6afddcf2-5b49-4008-81d5-edd4d6b37979}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{6afddcf2-5b49-4008-81d5-edd4d6b37979}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{6afddcf2-5b49-4008-81d5-edd4d6b37979}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{6afddcf2-5b49-4008-81d5-edd4d6b37979}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\extensions\{6afddcf2-5b49-4008-81d5-edd4d6b37979}\install.rdf
c:\documents and settings\Owner\err.log
c:\documents and settings\Owner\ResErrors.log
c:\documents and settings\Owner\System
c:\documents and settings\Owner\System\win_qs8.jqx
c:\documents and settings\TAXES\Personal LOC - Condo .tif
c:\windows\system32\1043580955
c:\windows\system32\gotomon.log
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-19 to 2010-04-19 )))))))))))))))))))))))))))))))
.

2010-04-18 09:27 . 2010-04-18 09:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-04-17 13:51 . 2010-04-17 13:51 -------- d-----w- C:\$AVG
2010-04-17 13:31 . 2010-04-17 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-17 13:29 . 2010-04-17 13:30 -------- d-----w- c:\program files\QuickTime
2010-04-17 13:26 . 2010-04-17 13:26 -------- d-----w- c:\program files\Bonjour
2010-04-17 13:24 . 2010-04-17 13:24 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-12 20:43 . 2010-04-12 20:43 439816 ----a-w- c:\documents and settings\Owner\Application Data\Real\Update\setup3.10\setup.exe
2010-04-10 16:20 . 2010-04-10 16:20 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-10 16:20 . 2010-04-10 16:20 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-10 12:39 . 2010-04-10 12:39 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-04-10 12:39 . 2010-04-10 12:39 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-10 12:39 . 2010-04-10 12:39 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-10 12:39 . 2010-04-10 12:39 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-10 12:39 . 2010-04-10 12:39 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-10 12:39 . 2010-04-10 12:39 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-10 12:39 . 2010-04-10 12:39 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-10 12:38 . 2010-04-10 12:38 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-09 02:25 . 2010-04-09 02:25 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-04-08 21:01 . 2010-04-17 13:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-04-08 20:53 . 2010-02-05 09:04 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe
2010-04-08 20:53 . 2010-04-08 20:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-04-08 20:52 . 2010-04-08 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-04-08 20:49 . 2010-04-08 20:49 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-08 20:49 . 2010-04-08 20:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-08 20:49 . 2010-04-08 20:49 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-08 20:49 . 2010-04-19 13:39 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-08 20:49 . 2010-04-08 20:49 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-08 20:48 . 2010-04-17 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-08 20:48 . 2010-04-08 20:48 -------- d-----w- c:\program files\AVG
2010-04-08 20:43 . 2010-04-08 20:43 -------- d-----w- c:\program files\LimeWire
2010-04-08 20:42 . 2010-04-08 20:42 -------- d-----w- c:\program files\VideoLAN
2010-04-08 20:40 . 2010-04-08 20:40 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-08 20:39 . 2010-04-08 20:39 -------- d-----w- c:\program files\TimeLeft3
2010-04-08 20:39 . 2010-04-08 20:39 -------- d-----w- c:\documents and settings\Owner\Application Data\NesterSoft
2010-04-08 20:38 . 2010-04-08 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeApp
2010-03-28 16:10 . 2010-03-28 16:10 -------- d-----w- c:\program files\Free OCR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-19 21:17 . 2010-04-17 13:17 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-18 11:26 . 2008-12-26 02:23 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-04-17 21:24 . 2009-07-22 23:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-17 20:20 . 2006-02-07 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 13:33 . 2010-01-10 00:35 -------- d-----w- c:\program files\iTunes
2010-04-17 13:31 . 2008-05-26 18:57 -------- d-----w- c:\program files\Common Files\Apple
2010-04-17 13:23 . 2007-08-18 00:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-04-10 16:21 . 2010-04-10 16:21 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-10 16:21 . 2010-04-10 16:21 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-10 16:21 . 2010-04-10 16:21 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-10 16:21 . 2010-04-10 16:21 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-10 16:21 . 2010-04-10 16:21 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-10 16:21 . 2010-04-10 16:21 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-10 16:21 . 2010-04-10 16:21 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-10 16:21 . 2010-04-10 16:21 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-10 16:21 . 2010-04-10 16:21 341272 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-10 16:21 . 2010-04-10 16:21 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-10 16:21 . 2010-04-10 16:21 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-10 16:21 . 2010-04-10 16:21 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-10 16:21 . 2010-04-10 16:21 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-08 20:53 . 2006-12-09 11:47 -------- d-----w- c:\program files\Lavasoft
2010-04-08 20:46 . 2008-02-17 00:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-08 20:38 . 2010-02-19 21:08 -------- d-----w- c:\program files\uTorrent
2010-04-08 20:38 . 2010-02-19 21:07 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-04-05 20:59 . 2007-02-11 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-04-05 20:59 . 2007-07-08 10:57 -------- d-----w- c:\program files\Uniblue
2010-04-05 20:57 . 2006-05-20 11:55 -------- d-----w- c:\program files\Symantec
2010-04-05 20:57 . 2006-05-16 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-05 20:56 . 2006-05-16 23:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-05 20:49 . 2006-02-07 20:18 -------- d-----w- c:\program files\Common Files\AOL
2010-04-05 20:49 . 2006-02-07 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-04-05 20:48 . 2006-02-07 20:19 -------- d-----w- c:\program files\Common Files\Nullsoft
2010-03-30 04:46 . 2009-07-22 23:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-07-22 23:57 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 00:48 . 2008-03-08 11:54 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-20 15:21 . 2010-02-20 14:03 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2010-02-20 15:21 . 2010-02-20 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-02-20 14:03 . 2010-02-20 14:03 -------- d-----w- c:\program files\IObit
2010-02-19 22:17 . 2010-02-19 22:17 -------- d-----w- c:\program files\iPod
2010-02-15 23:41 . 2010-02-15 23:41 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-05 21:48 . 2010-02-05 21:48 1063320 ----a-w- c:\documents and settings\Owner\gotomypc_533.exe
2010-01-26 01:54 . 2009-08-05 21:49 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2008-05-26 23:55 . 2008-05-26 23:55 408 -c--a-w- c:\program files\Common Files\System.class
.

------- Sigcheck -------

[7] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0020\DriverFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2006-10-19 02:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-08-04 09:29 . B9715B9C18BC6C8F4B66733D208CC9F7 . 25088 . . [10.0.3790.4332] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-10 19:00 . 6EAA72FD9EF993EC1FA9A06DE65105DA . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 68856]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StatusClient"="c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" [2002-12-16 36864]
"TomcatStartup"="c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe" [2003-03-31 155648]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 45056]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-25 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2010-4-8 2000112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-08 20:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck PDBoot.exe\0autocheck autochk *\0autocheck smrgdf c:\program files\iolo\System Mechanic 5 Professional\\0autocheck stera\0autocheck daila

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe"=
"c:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/8/2010 4:49 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/8/2010 4:49 PM 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/8/2010 4:49 PM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/5/2010 5:03 AM 1265264]
R2 PDSched;PDScheduler;c:\program files\Raxco\PerfectDisk\PDSched.exe [11/29/2005 11:16 AM 241731]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/15/2007 1:12 AM 24652]
S2 gupdate1c9c5a43cf1327f;Google Update Service (gupdate1c9c5a43cf1327f);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2009 8:49 AM 133104]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [5/16/2006 3:32 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [3/13/2003 8:04 PM 61952]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [5/16/2006 3:32 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [5/16/2006 3:32 PM 10368]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys --> c:\windows\system32\DRIVERS\rcvpn.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 12:39]

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-04-18 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-02-20 18:11]

2010-04-19 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-02-20 17:38]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 12:49]

2010-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 12:49]

2010-04-19 c:\windows\Tasks\User_Feed_Synchronization-{90451DE2-ECBA-499D-B778-6DFDE8CAF964}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.bucknuts.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{21196042-830F-419f-A594-F9D456A6C29A} - {21196042-830F-419f-A594-F9D456A6C29A} c:\program files\TimeLeft3\TLIntergIE.html - c:\program files\timeleft3\tlintergie.html\inprocserver32 does not exist!
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w4mkf2zm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.startup.homepage - www.bucknuts.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-19 17:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-04-19 17:30:31
ComboFix-quarantined-files.txt 2010-04-19 21:30
ComboFix2.txt 2009-10-07 18:50

Pre-Run: 201,428,140,032 bytes free
Post-Run: 201,401,024,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - D12C39F7EC0A1ADF5C653A2305A69A0D

DragonMaster Jay · 8 Re: malware threats from hijack this on Mon Apr 19, 2010 8:17 pm

DragonMaster Jay

Site Owner

Hi

Are these files important:

c:\documents and settings\2006 TAXES\Personal LOC - Condo .tif
c:\documents and settings\A - POTENTIAL PORTFOLIO PURCHASES\SAMS 1-30-07 HHLDFreshSaleFiletoJacksonCapital .xls
c:\documents and settings\C&Z INFO\Salaries & Raises .wb3
c:\documents and settings\CHEEK FAMILY STUFF\ASSIGNMENT FM BEEKMANS TO RAISING CANES LLC - draft .DOC
c:\documents and settings\Copy of CHEEK FAMILY STUFF\ASSIGNMENT FM BEEKMANS TO RAISING CANES LLC - draft .DOC
c:\documents and settings\Copy of EC'S STUFF\WG INFO ON 01-2237 .xls
c:\documents and settings\EC'S STUFF\WG INFO ON 01-2237 .xls
c:\documents and settings\Emerson\Net Cost .xls
c:\documents and settings\NEW SUBRO NUMBERS\SF COLL COMPARISON .wb3
c:\documents and settings\OHIO RECEIVABLES LLC\REDLINED RAVINIA JV Operating Agreement 3-9-04 .doc
c:\documents and settings\TAXES\Personal LOC - Condo .tif

?? They were deleted by ComboFix, but they look important. If you wish to have them back, let me know, and we can remove them from quarantine.

echeek · 9 Re: malware threats from hijack this on Tue Apr 20, 2010 6:34 am

echeek

Member
Member

they are not important in that they are copies of files from my office computer. I have originals on the other computer so these can be deleted without problem.

DragonMaster Jay · 10 Re: malware threats from hijack this on Tue Apr 20, 2010 1:11 pm

DragonMaster Jay

Site Owner

Ok. Just making sure, because there is an email worm that has spread rapidly, and has the same characteristics as those files above. A file with a space between the filename and extension. No biggie.

Please go to VirSCAN.org FREE on-line scan
service
Browse for the following file paths into the "Suspicious files to scan" box on the top of the page (do one at a time):
- c:\windows\system32\mspmsnsv.dll
- c:\windows\system32\drivers\kbdclass.sys
Click on the Upload button
If a pop-up appears saying the file has been scanned already, please select the ReScan button.
Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
Paste the contents of the Clipboard in your next reply.

echeek · 11 Re: malware threats from hijack this on Tue Apr 20, 2010 5:32 pm

echeek

Member
Member

http://www.helpmyos.com/malware-threat-removal-f6/malware-threats-from-hijack-this-t1926.htm#5675

echeek · 12 Re: malware threats from hijack this on Tue Apr 20, 2010 5:35 pm

echeek

Member
Member

VirSCAN.org Scanned Report :
Scanned time : 2010/04/20 17:33:48 (EDT)
Scanner results: Scanners did not find malware!
File Name : mspmsp.dll
File Size : 175616 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 499c090cefa6fda770d214ef67a18f5a
SHA1 : 1cb6d5c4ea4a85eb72a204f3213a08973a2a71ea
Online report : http://virscan.org/report/eba31b877ee274065936afac19c2370a.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100421053127 2010-04-21 6.79 -
AhnLab V3 2010.04.20.01 2010.04.20 2010-04-20 1.10 -
AntiVir 8.2.1.220 7.10.6.145 2010-04-20 0.25 -
Antiy 2.0.18 20100420.4227655 2010-04-20 0.12 -
Arcavir 2009 201004201545 2010-04-20 0.06 -
Authentium 5.1.1 201004201708 2010-04-20 1.31 -
AVAST! 4.7.4 100420-1 2010-04-20 0.01 -
AVG 8.5.720 271.1.1/2823 2010-04-20 0.25 -
BitDefender 7.81008.5686085 7.31308 2010-04-21 3.61 -
ClamAV 0.95.3 10760 2010-04-20 0.04 -
Comodo 3.13.579 4654 2010-04-20 0.92 -
CP Secure 1.3.0.5 2010.04.20 2010-04-20 0.07 -
Dr.Web 5.0.2.3300 2010.04.21 2010-04-21 6.76 -
F-Prot 4.4.4.56 20100420 2010-04-20 1.26 -
F-Secure 7.02.73807 2010.04.20.10 2010-04-20 10.72 -
Fortinet 4.0.14 11.702 2010-04-15 0.20 -
GData 19.11044/19.898 20100420 2010-04-20 6.86 -
ViRobot 20100420 2010.04.20 2010-04-20 0.41 -
Ikarus T3.1.01.80 2010.04.20.75672 2010-04-20 5.79 -
JiangMin 13.0.900 2010.04.20 2010-04-20 1.18 -
Kaspersky 5.5.10 2010.04.20 2010-04-20 0.08 -
KingSoft 2009.2.5.15 2010.4.20.17 2010-04-20 0.66 -
McAfee 5400.1158 5955 2010-04-18 0.02 -
Microsoft 1.5703 2010.04.20 2010-04-20 6.34 -
Norman 6.04.11 6.04.00 2010-04-19 6.01 -
Panda 9.05.01 2010.04.20 2010-04-20 1.74 -
Trend Micro 9.120-1004 7.116.02 2010-04-20 0.03 -
Quick Heal 10.00 2010.04.20 2010-04-20 1.54 -
Rising 20.0 22.44.01.03 2010-04-20 1.18 -
Sophos 3.06.0 4.52 2010-04-21 3.51 -
Sunbelt 3.9.2418.2 6200 2010-04-20 5.07 -
Symantec 1.3.0.24 20100420.008 2010-04-20 0.06 -
nProtect 20100419.01 8028667 2010-04-19 7.35 -
The Hacker 6.5.2.0 v00265 2010-04-20 0.41 -
VBA32 3.12.12.4 20100419.2203 2010-04-19 2.97 -
VirusBuster 4.5.11.10 10.124.19/2029440 2010-04-20 2.43 -

echeek · 13 Re: malware threats from hijack this on Tue Apr 20, 2010 5:38 pm

echeek

Member
Member

VirSCAN.org Scanned Report :
Scanned time : 2010/04/20 17:36:40 (EDT)
Scanner results: Scanners did not find malware!
File Name : kbdclass.sys
File Size : 24576 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : ebdee8a2ee5393890a1acee971c4c246
SHA1 : 9f1cdb27a5c66c13f095e3ae9801813a8dcb9e2d
Online report : http://virscan.org/report/681c2b8f8dff8763aae5b30b1bfaec63.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20100421053127 2010-04-21 4.72 -
AhnLab V3 2010.04.20.01 2010.04.20 2010-04-20 1.07 -
AntiVir 8.2.1.220 7.10.6.145 2010-04-20 0.25 -
Antiy 2.0.18 20100420.4227655 2010-04-20 0.12 -
Arcavir 2009 201004201545 2010-04-20 0.07 -
Authentium 5.1.1 201004201708 2010-04-20 1.31 -
AVAST! 4.7.4 100420-1 2010-04-20 0.01 -
AVG 8.5.720 271.1.1/2823 2010-04-20 0.23 -
BitDefender 7.81008.5686085 7.31308 2010-04-21 3.60 -
ClamAV 0.95.3 10760 2010-04-20 0.01 -
Comodo 3.13.579 4654 2010-04-20 0.89 -
CP Secure 1.3.0.5 2010.04.20 2010-04-20 0.05 -
Dr.Web 5.0.2.3300 2010.04.21 2010-04-21 6.76 -
F-Prot 4.4.4.56 20100420 2010-04-20 1.30 -
F-Secure 7.02.73807 2010.04.20.10 2010-04-20 10.75 -
Fortinet 4.0.14 11.702 2010-04-15 0.17 -
GData 19.11044/19.898 20100420 2010-04-20 6.62 -
ViRobot 20100420 2010.04.20 2010-04-20 0.41 -
Ikarus T3.1.01.80 2010.04.20.75672 2010-04-20 5.73 -
JiangMin 13.0.900 2010.04.20 2010-04-20 1.17 -
Kaspersky 5.5.10 2010.04.20 2010-04-20 0.13 -
KingSoft 2009.2.5.15 2010.4.20.17 2010-04-20 0.63 -
McAfee 5400.1158 5955 2010-04-18 0.02 -
Microsoft 1.5703 2010.04.20 2010-04-20 6.27 -
Norman 6.04.11 6.04.00 2010-04-19 6.01 -
Panda 9.05.01 2010.04.20 2010-04-20 1.71 -
Trend Micro 9.120-1004 7.116.02 2010-04-20 0.03 -
Quick Heal 10.00 2010.04.20 2010-04-20 1.49 -
Rising 20.0 22.44.01.03 2010-04-20 1.09 -
Sophos 3.06.0 4.52 2010-04-21 3.50 -
Sunbelt 3.9.2418.2 6200 2010-04-20 5.14 -
Symantec 1.3.0.24 20100420.008 2010-04-20 0.23 -
nProtect 20100419.01 8028667 2010-04-19 7.43 -
The Hacker 6.5.2.0 v00265 2010-04-20 0.39 -
VBA32 3.12.12.4 20100419.2203 2010-04-19 3.61 -
VirusBuster 4.5.11.10 10.124.19/2029440 2010-04-20 2.34 -

DragonMaster Jay · 14 Re: malware threats from hijack this on Wed Apr 21, 2010 9:04 am

DragonMaster Jay

Site Owner

Hi

Download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
%appdata%\*.*
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
disk.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
usbstor.sys
/md5stop
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

echeek · 15 Re: malware threats from hijack this on Thu Apr 22, 2010 7:59 am

echeek

Member
Member

too large to send, so will break down into multiple emails.

OTL Extras logfile created on: 4/21/2010 10:44:56 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 40.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.79 Gb Total Space | 187.50 Gb Free Space | 81.95% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 2.38 Gb Free Space | 58.30% Space Free | Partition Type: FAT32
Drive E: | 645.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 976.13 Mb Total Space | 316.27 Mb Free Space | 32.40% Space Free | Partition Type: FAT

Computer Name: YOUR-CA38AA8D3F
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [opennew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\temp\HP_WebRelease\setup\HPZnet01.exe" = C:\temp\HP_WebRelease\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- (Hewlett-Packard)
"C:\temp\HP_WebRelease\setup\hponicifs01.exe" = C:\temp\HP_WebRelease\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2D7D9D86-923A-41A8-919F-437332AB1033}" = Nero 7 Ultra Edition
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8735E5E1-EB58-4C79-BD6A-29C5D544EF54}" = Policies Now 601 Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}" = ATI Parental Control & Encoder
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ONENOTER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ONENOTER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ONENOTER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ONENOTER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ONENOTER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ONENOTER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-00A1-0000-0000-0000000FF1CE}" = Microsoft Office OneNote 2007
"{91120000-00A1-0000-0000-0000000FF1CE}_ONENOTER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk
"{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}" = Brother MFL-Pro Suite
"{C5E211F5-7E9A-4D0A-88F0-D5E1FB849ABA}" = ATI Catalyst Control Center
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F4C205-BD52-4E4B-8444-64F2A1A12F45}" = Draft Analyzer
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E06E629E-BA9B-4BBB-8400-9B8F6F14B36B}" = Policies Now 6.01
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED194BDB-B21A-4ADF-B365-D15DE1217360}" = Policies Now 601 Update
"{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E97C07-B897-4C8C-AA9B-C8E0A85BC858}" = ATI MCE Control Panel
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"EPSON Printer and Utilities" = EPSON Printer Software
"freeocr2_is1" = FreeOcr V1
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"HP PrecisionScan" = HP PrecisionScan
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Imation Disk Manager V a Service" = Imation Disk Manager V a Service
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Wizard 3.0
"LimeWire" = LimeWire 5.5.8
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mars Banks Base" = Mars Banks Base 1.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ONENOTER" = Microsoft Office OneNote 2007
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Presto! OCR Pro 4.0" = Presto! OCR Pro 4.0
"RealPlayer 6.0" = RealPlayer
"Silent Package Run-Time Sample" = EPSON PictureMate Deluxe User's Guide
"TIMELEFT3_is1" = TimeLeft
"TValue 5" = TValue 5
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XChange 360_is1" = XChange 360

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"SmartDraw 2007" = SmartDraw 2007

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/6/2010 8:30:39 AM | Computer Name = YOUR-CA38AA8D3F | Source = Google Update | ID = 20
Description =

Error - 4/6/2010 9:30:39 AM | Computer Name = YOUR-CA38AA8D3F | Source = Google Update | ID = 20
Description =

Error - 4/6/2010 10:30:39 AM | Computer Name = YOUR-CA38AA8D3F | Source = Google Update | ID = 20
Description =

Error - 4/6/2010 11:30:38 AM | Computer Name = YOUR-CA38AA8D3F | Source = Google Update | ID = 20
Description =

Error - 4/6/2010 12:01:27 PM | Computer Name = YOUR-CA38AA8D3F | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This operation returned because the timeout period expired.

Error - 4/8/2010 4:53:50 PM | Computer Name = YOUR-CA38AA8D3F | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 4/13/2010 3:57:13 AM | Computer Name = YOUR-CA38AA8D3F | Source = PDEngine | ID = 0
Description = Unable to move file C:\Program Files\Microsoft Digital Image 2006\1033\Movies\organizepro.swf
after many attempts. Skipping file.

Error - 4/17/2010 9:06:15 AM | Computer Name = YOUR-CA38AA8D3F | Source = Steam Client Service | ID = 1
Description =

Error - 4/17/2010 9:57:29 AM | Computer Name = YOUR-CA38AA8D3F | Source = Application Error | ID = 1000
Description = Faulting application quicktime_update_kb511210[1].exe, version 0.0.0.0,
faulting module , version 0.0.0.0, fault address 0x00000000.

Error - 4/20/2010 3:47:45 AM | Computer Name = YOUR-CA38AA8D3F | Source = PDEngine | ID = 0
Description = Volume (C:) is 1.2% fragmented. Fragmentation threshold not exceeded,
optimization will not continue.

[ System Events ]
Error - 4/19/2010 4:58:44 PM | Computer Name = YOUR-CA38AA8D3F | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 4/19/2010 5:06:24 PM | Computer Name = YOUR-CA38AA8D3F | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/19/2010 5:06:24 PM | Computer Name = YOUR-CA38AA8D3F | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 4/19/2010 5:16:45 PM | Computer Name = YOUR-CA38AA8D3F | Source = Service Control Manager | ID = 7016
Description = The BrSplService service has reported an invalid current state 0.

Error - 4/19/2010 5:16:56 PM | Computer Name = YOUR-CA38AA8D3F | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 4/19/2010 5:40:06 PM | Computer Name = YOUR-CA38AA8D3F | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/19/2010 5:40:06 PM | Computer Name = YOUR-CA38AA8D3F | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 4/21/2010 5:39:02 AM | Computer Name = YOUR-CA38AA8D3F | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/21/2010 5:39:02 AM | Computer Name = YOUR-CA38AA8D3F | Source = Service Control Manager | ID = 7001
Description = The Windows Search service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 4/21/2010 12:19:48 PM | Computer Name = YOUR-CA38AA8D3F | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

< End of report >

Ad Bot

Ad Bot

1 malware threats from hijack this on Sat Apr 17, 2010 7:41 pm

echeek

2 Re: malware threats from hijack this on Sat Apr 17, 2010 11:05 pm

DragonMaster Jay

3 Re: malware threats from hijack this on Sun Apr 18, 2010 7:38 am

echeek

4 Re: malware threats from hijack this on Sun Apr 18, 2010 7:53 am

echeek

5 Re: malware threats from hijack this on Sun Apr 18, 2010 3:13 pm

DragonMaster Jay

6 Re: malware threats from hijack this on Mon Apr 19, 2010 5:10 pm

echeek

7 Re: malware threats from hijack this on Mon Apr 19, 2010 5:41 pm

echeek

8 Re: malware threats from hijack this on Mon Apr 19, 2010 8:17 pm

DragonMaster Jay

9 Re: malware threats from hijack this on Tue Apr 20, 2010 6:34 am

echeek

10 Re: malware threats from hijack this on Tue Apr 20, 2010 1:11 pm

DragonMaster Jay

11 Re: malware threats from hijack this on Tue Apr 20, 2010 5:32 pm

echeek

12 Re: malware threats from hijack this on Tue Apr 20, 2010 5:35 pm

echeek

13 Re: malware threats from hijack this on Tue Apr 20, 2010 5:38 pm

echeek

14 Re: malware threats from hijack this on Wed Apr 21, 2010 9:04 am

DragonMaster Jay

15 Re: malware threats from hijack this on Thu Apr 22, 2010 7:59 am

echeek

Ad Bot

Log in