I got something called XRUN.exe or whatever pop up and luckily it got blocked by ZoneAlarm, but it makes me worry if I have something on my system that should be rooted out and I hope that the reliable staff can help me out once again.

Logfile of HijackThis v1.99.1
Scan saved at 12:41:05 AM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK[/url]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Also if you are familiar with how RAM works, could you tell me (based on this picture I took after using CPU-Z) what I need to look at when buying RAM and what kind of RAM I can buy (sticks of 512 MB SDRAM and anything lower seems to be about right)??

EDIT: Picture...:

[url]http://img106.imageshack.us/img106/9969/ramjq7.png[/url]

You have at least one infection... I am at a conference and it is harder to sort it out... You can wait until I return home on Tuesday for specific feedback or someone else might be by before then... Either way, you have done this before, so run some of the scans like AVG antispyware and an online virus scan, then post whatever logs you get here so we have more to work with...

Please do this:

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

and then:

Download AVG Anti-Spyware from HERE (http://www.ewido.net/en/download/)
Install AVG Anti-Spyware
Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
On the top of the main screen click Shield and then [active] to change it to inactive
On the top of the main screen click Update and then Start Update.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".


Close ALL open Windows / Programs / Folders. Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

* Click Scanner and then the Scan tab
* Click Complete System Scan to begin scanning.

Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Once finished, click the Save report button, then click Save Report As and save it to your Desktop. (make sure to remember where you saved that file, this is important).

Close AVG Anti-Spyware and Reboot.

and finally...

* Click here (http://support.f-secure.com/enu/home/ols.shtml) to use the F-Secure Online Scanner
Then click the Start Scanning button below.
You should get a notification (bar on top) to install the activeX. Click on it and select to install the ActiveX.
Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
In case you are having problems with installing the ActiveX/starting the scan, please read here (http://support.f-secure.com/enu/home/ols-faq.shtml).
Click the Full System Scan button.
It will start to download scanner components and databases. This can take a while.
The main scan will start.
Once the scan finished scanning, click the Automatic cleaning (recommended) button
It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
The cleaning can take a while, so please be patient.
Then click the Show report button and copy and paste what's present under results in your next reply.


Post each of the logs in your next reply and note how you computer is running....

Recent HJT Log (btw, this nerocheck.exe thing, could it possibly be making this prompt telling me that I need "advrcntr2.dll appear every time I single-click on certain avi or the like files that I already had on my computer before this prompt started showing up (that prompt started showing up today)??):

Logfile of HijackThis v1.99.1
Scan saved at 7:37:22 PM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK[/url]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:35:23 PM 6/27/2007

+ Scan result:



HKU\S-1-5-21-1229272821-963894560-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Adan Dozal\Local Settings\Temp\xpre.exe -> Downloader.VB.axa : Cleaned with backup (quarantined).
C:\Documents and Settings\Adan Dozal\Local Settings\Temp\poolsv.exe -> Downloader.VB.aya : Cleaned with backup (quarantined).
C:\WINDOWS\poolsv.exe -> Downloader.VB.aya : Cleaned with backup (quarantined).
:mozilla.899:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.900:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.901:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.902:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.903:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.909:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.910:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.911:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.912:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.913:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.914:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.446:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.447:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.448:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.450:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.451:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.452:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.456:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.457:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.458:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.459:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.460:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.462:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.463:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.464:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.465:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.466:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.467:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.468:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.469:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.470:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.471:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.472:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.473:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.787:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.797:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.738:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.739:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.740:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.741:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.742:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.743:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.744:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.172:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.173:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.174:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.180:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.189:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.190:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.191:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.192:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.193:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.194:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.195:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.196:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.197:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.198:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.199:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.201:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.881:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.882:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.136:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.137:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.138:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.139:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.140:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.141:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.883:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.884:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.732:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.733:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.734:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.736:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.449:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.894:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.895:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.306:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.307:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.308:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.309:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.310:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.311:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.567:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.777:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.492:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan dozal@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.122:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.77:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan dozal@guide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan dozal@music.guide.real[2].txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan dozal@real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.640:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.641:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.642:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.643:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.644:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.645:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.646:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.647:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.648:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.649:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.650:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.651:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.652:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.653:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.654:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.

:mozilla.655:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.656:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.657:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.658:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.659:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.660:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.661:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.662:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.663:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.664:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.665:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.666:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.667:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.668:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.669:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.670:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.671:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.672:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.673:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.675:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.676:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.677:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.678:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.679:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.680:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.681:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.142:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.143:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.144:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.145:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.146:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.147:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.148:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.149:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.150:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.151:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.152:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.441:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.324:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.325:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.326:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.327:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.328:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.329:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.474:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.475:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.476:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.477:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.527:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.528:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.529:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.530:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.531:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.532:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.533:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.534:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.535:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.536:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.537:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.538:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.539:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.540:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.541:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.542:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.543:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.544:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.545:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.546:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.547:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.548:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.549:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.550:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.551:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.552:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.553:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.554:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.555:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.556:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.557:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.175:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.176:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.177:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.178:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.179:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.851:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.97:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.849:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.850:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.32:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.724:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.725:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.726:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.727:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

"Adan Dozal" - 2007-06-27 19:49:47 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\video activex object


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))


2007-06-27 19:48 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-27 18:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-27 17:57 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-27 16:29 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-06-27 16:29 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-25 21:06 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-06-25 21:06 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2007-06-25 21:06 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2007-06-25 21:06 733,184 --a------ C:\WINDOWS\system32\NCTAudioLibrary2.dll
2007-06-25 21:06 614,400 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll
2007-06-25 21:06 471,040 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-06-25 21:06 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-06-25 21:06 286,720 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-06-25 21:06 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-25 21:06 196,608 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-06-25 21:06 159,744 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-06-25 21:06 106,496 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-06-25 21:06 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-06-25 21:06 1,662,976 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-06-25 21:06 <DIR> d-------- C:\Program Files\SoftWareClub.ws
2007-06-13 18:07 <DIR> d-------- C:\Program Files\Helpsoft
2007-06-08 01:30 95,232 -ra------ C:\WINDOWS\system32\HPcam_03.dll
2007-06-08 01:30 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-06 22:02 <DIR> d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\HP
2007-06-06 21:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-06-06 21:54 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2007-06-06 21:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-06-06 21:53 <DIR> d-------- C:\Program Files\Common Files\HP
2007-06-06 21:52 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-06-06 21:50 <DIR> d-------- C:\Program Files\HP
2007-06-06 21:45 99,318 --a------ C:\WINDOWS\hpiins04.dat
2007-06-06 21:45 0 --------- C:\WINDOWS\hpimdl04.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-06-27 23:04:51 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-06-27 23:04:51 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-06-27 21:52:07 -------- d-----w C:\Program Files\Ahead
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-27 19:06:55 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-06-26 23:41:49 -------- d-----w C:\Program Files\Trillian
2007-06-26 16:42:30 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-06-21 11:46:04 5,738 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-06-05 09:48:20 -------- d-----w C:\Program Files\QuickTime
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-14 07:59:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-14 07:55:44 -------- d-----w C:\Program Files\Creative
2007-05-01 14:51:50 -------- d-----w C:\Program Files\WiFiConnector
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 23:08]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:24 C:\WINDOWS\system32\cthelper.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"NWEReboot"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableCMD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]

*Newly Created Service* - AVG_ANTI-SPYWARE_DRIVER
*Newly Created Service* - AVG_ANTI-SPYWARE_GUARD

Contents of the 'Scheduled Tasks' folder
2007-06-27 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-06-27 07:52:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [1764]


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-06-27 7:53:31

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 7:55:35 AM, on 6/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital

Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital

Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\v

I'll check back later on tonight (8 PM here) and see what needs to be done. I couldn't do the scan on F-Scanner because it told me this:

"Your browser is not supported. F-Secure Online Scanner requires Microsoft® Internet Explorer 5™ or later with ActiveX enabled."


I went through their recommended process of updating and after going through the process and all and having to restart I still get that message... Any thoughts?

Could you guys have missed me, since you have been busy or something?

*continues waiting*

You have to use Internet Explorer for F-Secure..... Try it and post back.

Scanning Report
Tuesday, July 03, 2007 03:25:56 - 04:36:35
Computer name: MUGIWARA-2C075M
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 361 malware found
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Text/Rontokbro.II (virus)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\AKIRA@ZAKU-MAINFRAME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALEX@NEUBER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALEXSANDRA@USA.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALLMARD@CABLEONE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALLYKATAVR@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALORTIE@ULTRANET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ANDREWJA@HOME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ASHTON.ANCHORS@MDCPLUS.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\AZURA_STARDUST@HOTMAIL.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\B@CME.GIF.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BC65040@NAVIX.CON.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BC65040@NAVIX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BOBJKR@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRADATA@MAIL.BG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRISTALC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRUNOT@DVA.LV.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BUEHLER@STARGATE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\C.CONLIFFE@LIBERTY-IT.CO.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CHIRLIND@MAILCITY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CHRIS@BARKING-DOG.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CIDOLFAS@RPGCLASSICS.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CKING@PANDORA.BE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CLAUDE111@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CLIFFE@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COOLDUDE123589@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COPYKAT@ESKILS.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COYOTE@EUDORAMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRESCENTSABER@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRIMINALCATTERPILLAR@HOTMAI L.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRINITY@EMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CROUPIER@TERRA.COM.BR.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DAVID2001@INFONEGOCIO.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DCI@WIZARDS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEASDALE@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEATHLAZER@HOTBOT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEVIOUS923@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DIGICHAOS@HOTSHEEP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DIOGO.MC@SAPO.PT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DMIKE@NMTRIX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOC.KHAN@SYMPATICO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DONATIONS@KAIZOKU-FANSUBS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DONI77@TELERING.AT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@2O7.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@7SEARCH.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADREVOLVER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.ADDYNAMIX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.POINTROLL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.REVSCI.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADSERVE.WEBTOOLCAFE.C OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADVERTISING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@APMEBF.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS-EU.FALKAG.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS-US.FALKAG.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS1.FALKAG.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ATDMT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BFAST.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BLUESTREAK.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BRAVENET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BS.SERVING-SYS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@CASALEMEDIA.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@COUNTER.HITSLINK.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@CS.SEXCOUNTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@DEVART.ADBUREAU.NET.I NI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4CNCZKEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4KMAZABO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4QOAZGKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4SMAJEEQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4UOC5CBP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKIEMD5CKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOSJCZCDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOSLCJOFP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOUHCZALO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4KJCPMBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4KPCZMGP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4QMAJIFQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4WMCJCDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLICJD5AEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLICJD5EDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLIUJDPKLO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOCNDJCLQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOOKCPIGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOUGAZKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLYOOC5ODP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFMISMDPSEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFMIWPDPWAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGK4GNAZMLQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGK4QGC5CFO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKISGAJAGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKIWMDZCGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKOKMAJECQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKOOLC5IEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKYKLCJIHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGL4AGD5KKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGLYQJDJEDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGMYOHDPEBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOKHAJMKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOQJDJKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOUIAZGGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKYCJCJWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4AICJMKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4AIDZOAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4CGDZOBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4CMCPKAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4EODPKAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4GHCJAKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4SIDZGFQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4SNAJODO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4WMCPWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOGODZKGP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOOMDPOCP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOSNCZCEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYCGD5OGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYCLDJEEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYKPD5IAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYONDZIDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYSGDPADP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4ANCPSAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4GJAZOCO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4KLCZWFP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIKNDJMHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIOIAJODO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIQOCZGEQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIUHD5MAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOCJAZWEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOOIAZCAO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOSGCPCKP.STATS.ESOMNITURE.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOUKD5SAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLYWMCPWDQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMIKLC5AHQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMISGDZCKP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMIUGCJSEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1GDZGE.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1ND5IG.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1OAJAH.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYCICPKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYCIDZKAO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGMDPMEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGNAJAAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGPD5KLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOICJCKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOID5KLO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOJAJOGQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOKAJWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOPAJKDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYSODZSFO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EDGE.RU4.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EDGE.RU4.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-ADIDASUS.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-BOLTMEDIA.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-ETOYS.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-INFORSPACEINC.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-METAGAME.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-POKEMONUSA.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-TIGERDIRECT2.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-UPPERDECK.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-VCOMMERCECORPORATION.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@FINDWHAT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HEAVYCOM.122.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HEAVYCOM.122.2O7.NET. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HOTLOG.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@LINKSYNERGY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@LIST.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MAXSERVING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEDIA.ADREVOLVER.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEDIAPLEX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEETUPCOM.122.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEETUPCOM.122.2O7.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MSNPORTAL.112.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MSNPORTAL.112.2O7.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@NETSTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@OVERSTOCK.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PARTYGAMING.122.2O7.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PARTYGAMING.122.2O7.N ET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PAYPAL.112.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PAYPAL.112.2O7.NET.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@QKSRV.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@QUESTIONMARKET.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@RAMBLER.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REAL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REALMEDIA.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REUNIONCOM.112.2O7.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REUNIONCOM.112.2O7.NE T.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REVENUE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REVSCI.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ROTATOR.ADJUGGLER.COM .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SEEQ.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SERVING-SYS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SEXLIST.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SIXAPART.ADBUREAU.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STAT.DEALTIME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STAT.ONESTAT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STATCOUNTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TARGETNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TICKLE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRADEDOUBLER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRAFFICMP.COM.INI (Submit

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRIBALFUSION.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRIPOD.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ZEDO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DRISCOLL_787_@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DSTEPP@U.WASHINGTON.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DV@BTINTERNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DX10687@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\D_MIKE@SONERAMAIL.NL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EBAY@MILEHIGHCOMICS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDA@FAULHUBER.AT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDMAE@MINDSPRING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDO_HRZIC@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EIKE.FROST@GMX.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ELEMENT77@MYWAY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EMPEROROFCHAOS32@HOTMAIL.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ENBERM88@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EWOODS@ISTAR.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FAQS@ODDCO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FCON@HADES.RO.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FLAMING_FAIRY69@HOTMAIL.COM .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FURYHIKARI@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GAICEHAWK7@COX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GAMER777@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GKLLAM@SYMPATICO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GLENC@HOTSHEEP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GOOSEMAN@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GROUMPF.YOGI@BLUEWIN.CH.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GUMBY000@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HEARTLESSCARDS@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HEELFLIP720@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HIRYUU@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOBBIT@BELLATLANTIC.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOBBIT@NODREAM.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOTPURSUIT@ANGELFIRE.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOULE@MSC.CORNELL.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IDO@DNAI.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IKELLEY@MAIL.SAS.UPENN.EDU. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IKELLEY@SAS.UPENN.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ILPATIO@MSN.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IMHIEN@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\INDI@HOTTUB.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ION475@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\J6NG@ENGMAIL.UWATERLOO.CA.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JAYGIBBS3@COGECO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JEF@ACME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JEREMY_RUBECK@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JESTER115@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JGAMEFAQS@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JLOUP@GZIP.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOGI@NETADS.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOHNSONKIDS@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOVAES@EDU.XUNTA.ES.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JSEWARD@ACM.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KAISER1720@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KIDVID2@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOLK@SCF.USC.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOSMA@INTER.PL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOSTAS@EUROWEB.GR.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KUNY709@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\K_BROCK69@HOTMAIL.CO.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LBDANGC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LMUUR@DLC.FI.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LOONERSTRIDE@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\L_JANKOVIC@INMAIL.SK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MACMANINFI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MADLER@ALUMNI.CALTECH.EDU.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MAGEKNIGHT@MINDSPRING.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MAGICWEASEL@COMCAST.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MARIC_I@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MARTIN@GRAYLING.PRESTEL.CO. UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MEEEEDIC@GMX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MEJLAJMI@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_AM@HTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_SAM@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_SAM@HTMAIL.COM.IN I (Su

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MJOHANSE@DTD1.SLPS.K12.MO.U S.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MLR32@CAM.AC.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MOGKUPO7@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MRPURPLE@EASYWAY.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MRYAY@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MSPSS@GTO.NET.OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MTS@LEBANON-ONLINE.COM.LB.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MURDEROUS_BREEZE@HOTMAIL.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\N0TH1NG@MAILCITY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NARBY@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NNGUYEN11490@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NOODLES136@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ODDITY@GARBAGE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\OOH44@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\OPERINKO@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ORBIT@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PAULDINGES@EARTHLINK.NET.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PAULOSSOUZA@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PELLERINGA@WANADOO.ES.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PLKACHU@BANET.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAGNAROK@RPGTEMPLE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAKOWNACKI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RANDEG@ALUM.RPI.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAREHUNTER101@SOLOMONGAMESH OP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAVENBORNE@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAVENJAC17@EMAIL.MSN.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RCOEH@VGH.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\REBST45@PITT.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\REDBARONII@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDK@PRTC.NE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDK@PRTC.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDSAMLI@FANFICTION.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ROGGELS@DDS.NL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RTILGNER@HCWORKSHOP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RUSTYROSE@ADELPHIA.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RWHE423723@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\S1007576@ADMIRAL.UMSL.EDU.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SAILOR_BACON@ANIMELYRICS.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SAIZEN@IRC.RIZON.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SCLACORE@KIH.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SEXY_SCOTT_12@HOTMAIL.CO.UK .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SH1NY@OPTUSHOME.COM.AU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SHINIGAMI_OBELISK_002@HOTMA IL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SHMED@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SILVERSPY@SHAW.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SIR_ARONAR@MSN.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SOASHTONA@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SPX4JMK@CF.AC.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SQUIRTLE_90909@HOTMAIL.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STARRYNOVA@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STEENRAS@STOFANET.DK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STROMER@CHELLO.CZ.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SUPERSONIC607@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SUPERSONIC@SOLOMONGAMESHOP. COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TANKY91@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TENCHI4EVER@MASAKISHRINE.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TFIDLER@SIOL.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\THE1NDONLYALLMARD@HOTMAIL.C OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TOOCOOL12CA@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TRAVISGILLIAM@ATTBI.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TYR@BARKING-DOG.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TYROUGEZERO@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\VBV@PRIS.EEAP.CWRU.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\VENTES@ELEMENT5-FRANCE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WARDYZ_ERE_07@HOTMAIL.CO.UK .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WARRIOR_X@ZELDACLASSIC.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WEBCREATURE123@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WEBPSYCHO_@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WILDER@CLEANWEB.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WITCHDAWN@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WOODWARD@IO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WWJDBRI@AOL.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\XDANNYPOOX@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YAVUZ@BATMAZNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YELSEYKING@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YHTEYDENOTTO@FOTONI.BIZ.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YOUASAKURASK@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YSF@PACIFIC.NET.SG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZAPHOD@MAPCORE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZDANEK@COMCH.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZK4LYFE@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZYY2006@MSN.COM.INI (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
Trojan-Downloader.Win32.VB.aya (virus)
C:\WINDOWS\POOLSV.EXE (Renamed & Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\TEMP\POOLSV.EXE (Renamed & Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 34037
System: 4619
Not scanned: 2
Actions:
Disinfected: 2
Renamed: 2
Deleted: 0
None: 357
Submitted: 358
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-06-30
F-Secure AVP: 7.0.171, 2007-07-03
F-Secure Orion: 1.2.37, 2007-07-03
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 2007-06-25
F-Secure Pegasus: 1.19.0, 2007-05-29
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

Logfile of HijackThis v1.99.1
Scan saved at 4:53:18 AM, on 7/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK[/url]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Sorry for the delay, please let me know what you think based on what you see at your leisure and thanks again for the continued help.

So how is the system running?

Pretty good, the Nero problem I had is gone (thanks to the eventual help from their people) and all, but I was wondering if anything I might not have noticed might be hidden in the FScanner read out or the new HJT log?

Thanks a lot for your continued help.

Your log looks clean. You need to get rid of some crap in your e-mail inbox other than that, you are good to go:

How to Protect Yourself While On-Line


Make sure you have an up to date Antivirus. Scan Regularly. There are many free versions:

AVAST (http://www.avast.com/eng/download-avast-home.html)
AVG (http://free.grisoft.com/freeweb.php/doc/2/)
Antivir (http://www.free-av.com/antivirus/allinonen.html)


Make sure you have a software firewall and if you are on broadband, get behind a NAT router. There are also free versions:

Kerio (http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/)
Sygate (http://www.filehippo.com/download_sygate_personal_firewall/)
Zone Alarm (http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp%3bjsessionid=BzJnZDxzyCUCcyZMB2t0Q co5IgutuYlrOMI5snmy1ZptQ2vOr1l1!776180791!-1062696904!7551!7552!-2099742426!-1062696903!7551!7552)

Keep Windows up to date.
Keep all of your software up to date. You can check on your software with the Secunia Software Inspector (http://secunia.com/software_inspector/). Sign up for e-mail notification and they will tell you when to check your system again.
Use Firefox (http://www.mozilla.org/products/) with the NoScript (http://noscript.net/) extension as your web browser.
Download, install and keep an updated version of SpywareBlaster (http://www.javacoolsoftware.com/sbdownload.html).
Do NOT click on links in any I.M. program.
Use Thunderbird (http://www.mozilla.com/en-US/thunderbird/) in place of Outlook or Outlook Express.
DO NOT open attachments from ANYONE. Download them, and scan them with your AV before opening and only if your expect to receive them.
If you use IE download a copy of IE-Spyad (http://www.spywarewarrior.com/uiuc/resource.htm).

Sorry to intrude, but there is still some dreck in that log...

O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"

appears to be PurityScan...

and it should have been killed by ComboFix... Download a fresh copy of ComboFix and try it again... Post the log here...

My bad, I thought, the F-Secure got it.....:eek:

Logfile of HijackThis v1.99.1
Scan saved at 8:55:50 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\poolsv.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe
C:\WINDOWS\svhost.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [poolsv] "C:\WINDOWS\poolsv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe"
O4 - HKLM\..\Run: [svhost] "C:\WINDOWS\svhost.exe"
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\rrrrnnjf.dll",forkonce
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - [url]http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK[/url]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

2007-07-17 9:02:14 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\rrrrnnjf.dll
C:\WINDOWS\system32\gteudcvr.exe
C:\WINDOWS\system32\luptiygm.exe
C:\WINDOWS\system32\hgleumir.dll
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\fjnnrrrr.ini
C:\WINDOWS\system32\vycdd.bak1
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\ssqqqpm.dll
C:\WINDOWS\system32\ssqqqpm.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADANDO~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ADANDO~1\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\ADANDO~1.\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\Common Files\winantispyware 2007\uwas7cw.exe
C:\Program Files\Common Files\winantispyware 2007\WAS7Mon.exe
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\poolsv
C:\Program Files\poolsv\k11u72.exe
C:\Program Files\poolsv\svhost.exe
C:\Program Files\poolsv\WinAntiSpyware2007FreeInstall.exe
C:\Program Files\poolsv\wr-1-0000077.exe
C:\Program Files\poolsv\YazzleBundle-1549.exe
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\WINDOWS\poolsv.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\abskpoti.exe
C:\WINDOWS\system32\drivers\fopn.sys


((((((((((((((((((((((((( Files Created from 2007-06-17 to 2007-07-17 )))))))))))))))))))))))))))))))


2007-07-16 21:53 <DIR> d-------- C:\WINDOWS\system32\b10FdUe
2007-07-16 21:53 <DIR> d-------- C:\temp\brr
2007-07-16 21:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-15 03:20 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-15 03:20 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-15 03:20 13,044 --a------ C:\WINDOWS\scunin.dat
2007-07-14 07:38 <DIR> d-------- C:\Program Files\Starcraft
2007-07-02 17:27 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-07-02 17:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-07-02 17:27 <DIR> d-------- C:\Program Files\Ahead
2007-07-01 01:27 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-06-27 19:48 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-06-27 18:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-27 17:57 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-06-27 16:29 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-06-27 16:29 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-06-25 21:06 966,144 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-06-25 21:06 877,568 --a------ C:\WINDOWS\system32\NCTAudioFile2.dll
2007-06-25 21:06 835,584 --a------ C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
2007-06-25 21:06 733,184 --a------ C:\WINDOWS\system32\NCTAudioLibrary2.dll
2007-06-25 21:06 614,400 --a------ C:\WINDOWS\system32\NCTMPEGFile.dll
2007-06-25 21:06 471,040 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll
2007-06-25 21:06 413,760 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-06-25 21:06 286,720 --a------ C:\WINDOWS\system32\NCTAVIFile.dll
2007-06-25 21:06 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll
2007-06-25 21:06 196,608 --a------ C:\WINDOWS\system32\NCTWMAFile2.dll
2007-06-25 21:06 159,744 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2007-06-25 21:06 106,496 --a------ C:\WINDOWS\system32\NCTVideoFile.dll
2007-06-25 21:06 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-06-25 21:06 1,662,976 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll
2007-06-25 21:06 <DIR> d-------- C:\Program Files\SoftWareClub.ws


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-07-17 14:08:27 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-07-17 14:08:27 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-14 00:04:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-12 12:42:34 -------- d-----w C:\Program Files\Trillian
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-21 11:46:04 5,738 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-06-16 10:03:45 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\HP
2007-06-13 23:07:54 -------- d-----w C:\Program Files\Helpsoft
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2007-06-07 02:52:26 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-07 02:50:02 -------- d-----w C:\Program Files\HP
2007-06-05 09:48:20 -------- d-----w C:\Program Files\QuickTime
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-17 03:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-17 03:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:24 C:\WINDOWS\system32\cthelper.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-24 00:38]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-07-16 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-07-17 09:09:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-07-17 9:10:02 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-17 09:10
C:\ComboFix2.txt ... 2007-06-27 07:53

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 9:15:03 AM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZK
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I think I should go and run F-Secure and AVG again, can't be too careful.

My brother may have installed this WinAntiSpyware 2007 thing that I think I got rid of (if it is indeed the thing I got rid of...) I believe it was some sort of anti-virus thing that popped up as soon as I booted up the computer and then I also got a prompt from ZoneAlarm asking me to allow poolsv and svchost or whatever to be allowed access to the internet. I denied them, and then my computer rebooted during the beginning of a Adaware Full System Scan (#&%*$!!), so I allowed them access, got rid of that program after doing that first HJT scan, and then here I am after doing that Combofix thing and the last HJT scan.

I'll try to report back with AVG and F-Secure in a couple of hours (F-Secure takes forever...).

Too much text to copy and paste, so after taking some "Mentos" I decided this was a lot easier to do:
http://www.geocities.com/the_x_black_x_swordsman/New_Text_Document.txt <-----AVG Report


I gotta go out for a while, I'll try to get that F-Secure in before the day is done.

F-Secure report:

http://www.geocities.com/the_x_black_x_swordsman/F-Secure.txt

I will not go to other sites or download files to read logs... I don't think classicsoftware does either... You can remove all of the "tracking cookies" from the AVG AS report and use as many posts as it takes to post it all here...

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 08:23 2007-08-05

+ Scan result:



:mozilla.185:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.186:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.187:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.188:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.189:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.190:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.191:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.192:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.193:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.194:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.197:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.198:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.249:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.331:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.332:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.359:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.487:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.488:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.74:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.77:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.78:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.79:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.80:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.199:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.200:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.201:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.202:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.203:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.204:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.205:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.207:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.38:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.387:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.388:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.389:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.390:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.250:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.439:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.544:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.545:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.401:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.385:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.386:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.559:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.367:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.303:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.304:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.305:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Live : Cleaned.
:mozilla.512:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.513:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.131:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.215:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.216:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.230:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.231:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.320:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.321:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.323:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.324:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.325:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.327:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.296:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.297:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.170:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.171:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.172:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.173:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.174:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.175:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.176:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.333:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.103:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.104:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.105:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.396:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.397:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.398:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.399:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.400:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

"Adan Dozal" - 2007-08-05 8:26:36 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-07-31 07:23 <DIR> d-------- C:\Program Files\Ares
2007-07-30 14:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III
2007-07-17 18:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-17 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-16 21:53 <DIR> d-------- C:\WINDOWS\system32\b10FdUe
2007-07-16 21:53 <DIR> d-------- C:\temp\brr
2007-07-16 21:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-15 03:20 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-15 03:20 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-15 03:20 35,382 --a------ C:\WINDOWS\scunin.dat
2007-07-14 07:38 <DIR> d-------- C:\Program Files\Starcraft


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-05 19:36:53 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-05 19:36:53 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-05 08:40:43 -------- d-----w C:\Program Files\Trillian
2007-07-29 00:16:27 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
2007-07-27 06:50:09 7,092 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-07-25 09:09:09 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-17 23:44:32 -------- d-----w C:\Program Files\QuickTime
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 22:30:34 -------- d-----w C:\Program Files\Common Files\Nero
2007-07-02 22:28:03 -------- d-----w C:\Program Files\Ahead
2007-07-02 22:27:54 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:35:26 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-26 02:06:44 -------- d-----w C:\Program Files\SoftWareClub.ws
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-16 10:03:45 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\HP
2007-06-13 23:07:54 -------- d-----w C:\Program Files\Helpsoft
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2007-06-07 02:52:26 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-07 02:50:02 -------- d-----w C:\Program Files\HP
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:24 C:\WINDOWS\system32\cthelper.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 16:54]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-08-02 22:45:03 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-05 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-05 08:29:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-05 8:29:33
C:\ComboFix-quarantined-files.txt ... 2007-08-05 08:29
C:\ComboFix2.txt ... 2007-08-02 15:11
C:\ComboFix3.txt ... 2007-07-30 13:58

--- E O F ---

Scanning Report
Sunday, August 05, 2007 08:36:25 - 09:54:29
Computer name: MUGIWARA-2C075M
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 356 malware found
Text/Rontokbro.II (virus)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\AKIRA@ZAKU-MAINFRAME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALEX@NEUBER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALEXSANDRA@USA.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALLMARD@CABLEONE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALLYKATAVR@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALORTIE@ULTRANET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ANDREWJA@HOME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ASHTON.ANCHORS@MDCPLUS.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\AZURA_STARDUST@HOTMAIL.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\B@CME.GIF.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BC65040@NAVIX.CON.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BC65040@NAVIX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BOBJKR@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRADATA@MAIL.BG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRISTALC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRUNOT@DVA.LV.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BUEHLER@STARGATE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\C.CONLIFFE@LIBERTY-IT.CO.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CHIRLIND@MAILCITY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CHRIS@BARKING-DOG.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CIDOLFAS@RPGCLASSICS.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CKING@PANDORA.BE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CLAUDE111@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CLIFFE@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COOLDUDE123589@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COPYKAT@ESKILS.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COYOTE@EUDORAMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRESCENTSABER@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRIMINALCATTERPILLAR@HOTMAI L.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRINITY@EMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CROUPIER@TERRA.COM.BR.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DAVID2001@INFONEGOCIO.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DCI@WIZARDS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEASDALE@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEATHLAZER@HOTBOT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEVIOUS923@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DIGICHAOS@HOTSHEEP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DIOGO.MC@SAPO.PT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DMIKE@NMTRIX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOC.KHAN@SYMPATICO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DONATIONS@KAIZOKU-FANSUBS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DONI77@TELERING.AT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@2O7.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@7SEARCH.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADREVOLVER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.ADDYNAMIX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.POINTROLL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.REVSCI.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADSERVE.WEBTOOLCAFE.C OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADVERTISING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@APMEBF.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS-EU.FALKAG.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS-US.FALKAG.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS1.FALKAG.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ATDMT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BFAST.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BLUESTREAK.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BRAVENET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BS.SERVING-SYS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@CASALEMEDIA.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@COUNTER.HITSLINK.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@CS.SEXCOUNTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@DEVART.ADBUREAU.NET.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4CNCZKEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4KMAZABO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4QOAZGKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4SMAJEEQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4UOC5CBP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKIEMD5CKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOSJCZCDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOSLCJOFP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOUHCZALO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4KJCPMBO.STATS.ESOMNITURE.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4KPCZMGP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4QMAJIFQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4WMCJCDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLICJD5AEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLICJD5EDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLIUJDPKLO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOCNDJCLQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOOKCPIGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOUGAZKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLYOOC5ODP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFMISMDPSEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFMIWPDPWAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGK4GNAZMLQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGK4QGC5CFO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKISGAJAGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKIWMDZCGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKOKMAJECQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKOOLC5IEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKYKLCJIHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGL4AGD5KKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGLYQJDJEDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGMYOHDPEBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOKHAJMKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOQJDJKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOUIAZGGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKYCJCJWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4AICJMKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4AIDZOAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4CGDZOBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4CMCPKAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4EODPKAP.STATS.ESOMNITURE.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4GHCJAKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4SIDZGFQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4SNAJODO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4WMCPWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOGODZKGP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOOMDPOCP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOSNCZCEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYCGD5OGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYCLDJEEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYKPD5IAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYONDZIDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYSGDPADP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4ANCPSAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4GJAZOCO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4KLCZWFP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIKNDJMHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIOIAJODO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIQOCZGEQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIUHD5MAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOCJAZWEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOOIAZCAO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOSGCPCKP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOUKD5SAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLYWMCPWDQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMIKLC5AHQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMISGDZCKP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMIUGCJSEP.STATS.ESOMNITURE.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1GDZGE.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1ND5IG.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1OAJAH.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYCICPKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYCIDZKAO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGMDPMEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGNAJAAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGPD5KLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOICJCKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOID5KLO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOJAJOGQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOKAJWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOPAJKDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYSODZSFO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EDGE.RU4.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EDGE.RU4.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-ADIDASUS.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-BOLTMEDIA.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-ETOYS.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-INFORSPACEINC.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-METAGAME.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-POKEMONUSA.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-TIGERDIRECT2.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-UPPERDECK.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-VCOMMERCECORPORATION.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@FINDWHAT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HEAVYCOM.122.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HEAVYCOM.122.2O7.NET. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HOTLOG.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@LINKSYNERGY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@LIST.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MAXSERVING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEDIA.ADREVOLVER.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEDIAPLEX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEETUPCOM.122.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEETUPCOM.122.2O7.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MSNPORTAL.112.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MSNPORTAL.112.2O7.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@NETSTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@OVERSTOCK.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PARTYGAMING.122.2O7.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PARTYGAMING.122.2O7.N ET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PAYPAL.112.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PAYPAL.112.2O7.NET.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@QKSRV.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@QUESTIONMARKET.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@RAMBLER.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REAL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REALMEDIA.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REUNIONCOM.112.2O7.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REUNIONCOM.112.2O7.NE T.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REVENUE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REVSCI.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ROTATOR.ADJUGGLER.COM .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SEEQ.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SERVING-SYS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SEXLIST.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SIXAPART.ADBUREAU.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STAT.DEALTIME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STAT.ONESTAT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STATCOUNTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TARGETNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TICKLE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRADEDOUBLER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRAFFICMP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRIBALFUSION.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRIPOD.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ZEDO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DRISCOLL_787_@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DSTEPP@U.WASHINGTON.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DV@BTINTERNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DX10687@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\D_MIKE@SONERAMAIL.NL.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EBAY@MILEHIGHCOMICS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDA@FAULHUBER.AT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDMAE@MINDSPRING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDO_HRZIC@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EIKE.FROST@GMX.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ELEMENT77@MYWAY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EMPEROROFCHAOS32@HOTMAIL.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ENBERM88@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EWOODS@ISTAR.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FAQS@ODDCO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FCON@HADES.RO.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FLAMING_FAIRY69@HOTMAIL.COM .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FURYHIKARI@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GAICEHAWK7@COX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GAMER777@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GKLLAM@SYMPATICO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GLENC@HOTSHEEP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GOOSEMAN@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GROUMPF.YOGI@BLUEWIN.CH.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GUMBY000@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HEARTLESSCARDS@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HEELFLIP720@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HIRYUU@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOBBIT@BELLATLANTIC.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOBBIT@NODREAM.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOTPURSUIT@ANGELFIRE.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOULE@MSC.CORNELL.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IDO@DNAI.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IKELLEY@MAIL.SAS.UPENN.EDU. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IKELLEY@SAS.UPENN.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ILPATIO@MSN.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IMHIEN@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\INDI@HOTTUB.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ION475@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\J6NG@ENGMAIL.UWATERLOO.CA.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JAYGIBBS3@COGECO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JEF@ACME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JEREMY_RUBECK@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JESTER115@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JGAMEFAQS@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JLOUP@GZIP.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOGI@NETADS.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOHNSONKIDS@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOVAES@EDU.XUNTA.ES.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JSEWARD@ACM.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KAISER1720@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KIDVID2@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOLK@SCF.USC.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOSMA@INTER.PL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOSTAS@EUROWEB.GR.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KUNY709@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\K_BROCK69@HOTMAIL.CO.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LBDANGC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LMUUR@DLC.FI.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LOONERSTRIDE@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\L_JANKOVIC@INMAIL.SK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MACMANINFI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MADLER@ALUMNI.CALTECH.EDU.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MAGEKNIGHT@MINDSPRING.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MAGICWEASEL@COMCAST.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MARIC_I@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MARTIN@GRAYLING.PRESTEL.CO. UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MEEEEDIC@GMX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MEJLAJMI@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_AM@HTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_SAM@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_SAM@HTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MJOHANSE@DTD1.SLPS.K12.MO.U S.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MLR32@CAM.AC.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MOGKUPO7@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MRPURPLE@EASYWAY.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MRYAY@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MSPSS@GTO.NET.OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MTS@LEBANON-ONLINE.COM.LB.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MURDEROUS_BREEZE@HOTMAIL.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\N0TH1NG@MAILCITY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NARBY@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NNGUYEN11490@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NOODLES136@HOTMAIL.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ODDITY@GARBAGE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\OOH44@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\OPERINKO@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ORBIT@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PAULDINGES@EARTHLINK.NET.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PAULOSSOUZA@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PELLERINGA@WANADOO.ES.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PLKACHU@BANET.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAGNAROK@RPGTEMPLE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAKOWNACKI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RANDEG@ALUM.RPI.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAREHUNTER101@SOLOMONGAMESH OP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAVENBORNE@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAVENJAC17@EMAIL.MSN.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RCOEH@VGH.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\REBST45@PITT.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\REDBARONII@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDK@PRTC.NE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDK@PRTC.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDSAMLI@FANFICTION.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ROGGELS@DDS.NL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RTILGNER@HCWORKSHOP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RUSTYROSE@ADELPHIA.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RWHE423723@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\S1007576@ADMIRAL.UMSL.EDU.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SAILOR_BACON@ANIMELYRICS.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SAIZEN@IRC.RIZON.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SCLACORE@KIH.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SEXY_SCOTT_12@HOTMAIL.CO.UK .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SH1NY@OPTUSHOME.COM.AU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SHINIGAMI_OBELISK_002@HOTMA IL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SHMED@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SILVERSPY@SHAW.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SIR_ARONAR@MSN.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SOASHTONA@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SPX4JMK@CF.AC.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SQUIRTLE_90909@HOTMAIL.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STARRYNOVA@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STEENRAS@STOFANET.DK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STROMER@CHELLO.CZ.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SUPERSONIC607@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SUPERSONIC@SOLOMONGAMESHOP. COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TANKY91@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TENCHI4EVER@MASAKISHRINE.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TFIDLER@SIOL.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\THE1NDONLYALLMARD@HOTMAIL.C OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TOOCOOL12CA@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TRAVISGILLIAM@ATTBI.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TYR@BARKING-DOG.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TYROUGEZERO@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\VBV@PRIS.EEAP.CWRU.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\VENTES@ELEMENT5-FRANCE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WARDYZ_ERE_07@HOTMAIL.CO.UK .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WARRIOR_X@ZELDACLASSIC.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WEBCREATURE123@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WEBPSYCHO_@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WILDER@CLEANWEB.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WITCHDAWN@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WOODWARD@IO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WWJDBRI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\XDANNYPOOX@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YAVUZ@BATMAZNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YELSEYKING@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YHTEYDENOTTO@FOTONI.BIZ.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YOUASAKURASK@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YSF@PACIFIC.NET.SG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZAPHOD@MAPCORE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZDANEK@COMCH.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZK4LYFE@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZYY2006@MSN.COM.INI (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 32631
System: 4537
Not scanned: 2
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 356
Submitted: 356
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-07-30
F-Secure AVP: 7.0.171, 2007-08-06
F-Secure Orion: 1.2.37, 2007-08-03
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Pegasus: 1.19.0, 2007-07-01
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

Sorry for the big delay, but I was on vacation and away from my computer, please let me know if you can find something that might be causing my browser to redirect from random websites I visit to "www.megaclicks.com/gibberish/www.youtube/hotmail/yahoo/ebay/etc, etc.com".

I also get redirected to a page that just "dies" and says "Error Lander" on the browser title...thingie...

Please let me know if you can help me out.

Forgot this:

Logfile of HijackThis v1.99.1
Scan saved at 12:01:29 PM, on 8/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

What program do you use to get your e-mail? Can you afford to loose all of your e-mails?

I have 3 Hotmail accounts, one I check on a semi-regular basis and two that I had prior to making the one I check on a semi-regular basis.

Which ones are giving me the most difficulty, so much so that you would feel that I need to get rid of them?

I have a Yahoo one, but I only use that to access my Geocities, and Groups accounts, I don't think I get any mail at that one...


I also have a Gmail account and another one that seems to be Gmail, but it was customized by the administrator of a website I moderate at (it has www.google.com/blahblah name of the administrator's company blahblah in it, so it must be some gmail variation...).

Those last two are my newest accounts, but probably the less spam-free accounts I have (unless I haven't been getting any mail at my Yahoo one (I never check it)).


Please try to give me a more detailed version of what you think the problem might be and what you think I should do to curb this influx of adware/spyware.


Also, do you know anything about that Error Lander/megaclick.com error I have been getting?

No point in putting a link here since you (rightfully so) don't want to click links...can I use the [img] code and put up a picture of the page for you?

"Adan Dozal" - 2007-08-15 13:54:26 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.bak2
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\system32\ssttt.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADANDO~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ADANDO~1\APPLIC~1.\winantispyware 2007\Logs\update.log
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\salesmonitor
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\Abbr
C:\DOCUME~1\ALLUSE~1\APPLIC~1.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\ADANDO~1.\err.log
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\MSN\rtesekijo.html
C:\Program Files\svhost
C:\Program Files\svhost\wr-1-0000077.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\B1
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\X1
C:\WINDOWS\system32\X1\x22011.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))


2007-08-15 14:03 135,168 --a------ C:\WINDOWS\tk58.exe
2007-08-15 12:36 125,504 --a------ C:\WINDOWS\system32\pepokuom.dll
2007-08-15 12:31 69,184 --a------ C:\WINDOWS\system32\ooccebbp.dll
2007-08-15 12:24 75,328 --a------ C:\WINDOWS\system32\rwcobcur.exe
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 31,254 --a------ C:\WINDOWS\system32\jkkihfc.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\f10WtR
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-14 20:48 <DIR> d-------- C:\temp\fse
2007-08-14 20:48 <DIR> d-------- C:\temp\1cb
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-08-05 10:59 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-08-05 10:59 <DIR> d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\MegauploadToolbar
2007-07-30 14:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III
2007-07-17 18:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-17 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-16 21:53 <DIR> d-------- C:\WINDOWS\system32\b10FdUe
2007-07-16 21:53 <DIR> d-------- C:\temp\brr
2007-07-16 21:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-07-15 03:20 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-15 03:20 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-15 03:20 35,382 --a------ C:\WINDOWS\scunin.dat


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-15 19:01:03 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-15 19:01:03 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-14 14:23:03 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-14 00:03:28 -------- d-----w C:\Program Files\Trillian
2007-07-29 00:16:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-07-27 06:50:09 7,092 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-07-19 20:47:48 -------- d-----w C:\Program Files\Starcraft
2007-07-17 23:44:32 -------- d-----w C:\Program Files\QuickTime
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 22:30:34 -------- d-----w C:\Program Files\Common Files\Nero
2007-07-02 22:28:03 -------- d-----w C:\Program Files\Ahead
2007-07-02 22:27:54 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:35:26 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-26 02:06:44 -------- d-----w C:\Program Files\SoftWareClub.ws
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-16 10:03:45 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\HP
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-07-31 11:25 1933256 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{802BA9B8-AB40-4EFE-3880-A859C83402E6}]
2007-08-15 14:03 70144 --a------ C:\Program Files\MSN\qukavopa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
2007-08-15 12:31 69184 --a------ C:\WINDOWS\system32\ooccebbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:24 C:\WINDOWS\system32\cthelper.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"mege"="C:\Program Files\Common Files\mege22011.exe" [2007-08-07 15:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"ares"="C:\Program Files\Ares\Ares.exe" []

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"="C:\WINDOWS\system32\hggeffg.dll" [2007-08-14 20:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll --a------ 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-14 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-15 14:02:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-15 14:05:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-15 14:05
C:\ComboFix2.txt ... 2007-08-09 11:06
C:\ComboFix3.txt ... 2007-08-05 10:57

--- E O F ---

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 13:51 2007-08-15

+ Scan result:



C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files\Content.IE5\DWZP8ZBR\tk58[1].exe -> Adware.ZQuest : Cleaned.
C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files\Content.IE5\HSGRX9W1\tk58[1].exe -> Adware.ZQuest : Cleaned.
C:\WINDOWS\tk58.exe -> Adware.ZQuest : Cleaned.
C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files\Content.IE5\CLA78TA7\retadpu[1].exe -> Downloader.Agent.bls : Cleaned.
C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files\Content.IE5\S9IFKPI3\retadpu[2].exe -> Downloader.Agent.bls : Cleaned.
C:\WINDOWS\retadpu1000106.exe -> Downloader.Agent.bls : Cleaned.
C:\WINDOWS\retadpu77.exe -> Downloader.Agent.bls : Cleaned.
C:\WINDOWS\system32\temp9\MTIDoxNg.exe -> Downloader.Small.buy : Cleaned.
C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files\Content.IE5\DWZP8ZBR\kcehc_eicooc[1] -> Downloader.Tiny.id : Cleaned.
C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files\Content.IE5\J73BEAKK\adfcookmazafuka[1] -> Downloader.Tiny.id : Cleaned.
C:\WINDOWS\system32\dyroeavd.exe -> Downloader.Tiny.id : Cleaned.
C:\WINDOWS\system32\galloapv.exe -> Downloader.Tiny.id : Cleaned.
C:\Program Files\MSN\qukavopa.dll -> Hijacker.StartPage : Cleaned.
C:\Program Files\MSN\qukavopa942.dll -> Hijacker.StartPage : Cleaned.
C:\Documents and Settings\Adan Dozal\Local Settings\Temp\WinAntiSpyware 2007 FreeInstall.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned.
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe -> Not-A-Virus.Downloader.Win32.WinFixer.x : Cleaned.
:mozilla.157:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.158:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.389:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.53:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.57:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.59:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.60:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.61:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.62:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.63:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.368:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.369:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Addcontrol : Cleaned.
:mozilla.308:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.309:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.310:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.311:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.312:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.313:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.314:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.103:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.102:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.104:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.105:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.69:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.76:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.77:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.151:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.230:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.422:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.423:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.424:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.425:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
:mozilla.455:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.457:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.640:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.641:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.440:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.441:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.442:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.443:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.444:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.87:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.88:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.89:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.90:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.91:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.92:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.665:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.666:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Fortunecity : Cleaned.
:mozilla.497:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.498:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Imrworldwide : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.94:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.525:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.526:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
:mozilla.963:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Real : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@real[1].txt -> TrackingCookie.Real : Cleaned.
:mozilla.510:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.511:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.515:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.219:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.220:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.221:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.222:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.346:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.384:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.385:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.386:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.387:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.388:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.390:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.152:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.153:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.154:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.156:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
:mozilla.414:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.417:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.418:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.419:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.420:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Adan Dozal\Cookies\adan_dozal@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.38:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.46:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.49:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\Documents and Settings\Adan Dozal\Application Data\Mozilla\Firefox\Profiles\czz866e9.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe -> Trojan.Fakealert.fb : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:12:01 AM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mege] C:\Program Files\Common Files\mege22011.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

This is getting much worse after I thought it was tamed (I don't think allowing my brother to keep using the computer "late at night" helps either...).

I'm taking the power cable and putting it under my mattress.


I've been seeing these weird things popping up in the Windows task Manager like galloapv.exe, mege22011.exe, rwcobcur.exe (this one seems to have disappeared and when I tried to "end it's process" ZoneAlarm would tell me that DDC or DCD or something was trying to access the internet and I always denied it access. Also before using AVG to scan my HD (took 1hr 30min, longest it took before this was 36-ish min) I was getting iexplore.exe pop up on my WinTaskMgr a lot, but a window wouldn't open for the Internet Explorer (at times though I would get random pop-ups/-unders from Internet Explorer (jack.com comes to mind, but I don't remember if that is one of the sites that popped up)). I used Combofix after AVG and like 6 or 7 mins into it it re-started my computer and then finished up in a weird fashion (it showed me its rootkit detecter, something that it has never done) and then the report that always pops up after it is done popped up like 1 min or so later instead of immediately after the program was finished.


Here is a current picture of what I have on my WinTaskMgr:

http://img505.imageshack.us/img505/8497/wintaskmgrcj3.jpg



I'll post the F-Secure in a bit (hopefully won't take as long as AVG...*sigh*

Please help me out here classicsoftware; I hope nothing has happened to make you shun me or something, but if so I am sorry and hope you can help me get rid of these nagging problems in my system (it's just that you asked me if I could afford to lose my email accounts and then didn't post back...I hope nothing bad has happened to you or yours or something that would prevent you being a good Samaritan like all of the other mods and helpful members on here).

Scanning Report
Wednesday, August 15, 2007 02:38:15 - 03:53:32
Computer name: MUGIWARA-2C075M
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\


--------------------------------------------------------------------------------

Result: 373 malware found
Text/Rontokbro.II (virus)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\AKIRA@ZAKU-MAINFRAME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALEX@NEUBER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALEXSANDRA@USA.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALLMARD@CABLEONE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALLYKATAVR@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ALORTIE@ULTRANET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ANDREWJA@HOME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ASHTON.ANCHORS@MDCPLUS.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\AZURA_STARDUST@HOTMAIL.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\B@CME.GIF.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BC65040@NAVIX.CON.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BC65040@NAVIX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BOBJKR@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRADATA@MAIL.BG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRISTALC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BRUNOT@DVA.LV.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\BUEHLER@STARGATE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\C.CONLIFFE@LIBERTY-IT.CO.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CHIRLIND@MAILCITY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CHRIS@BARKING-DOG.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CIDOLFAS@RPGCLASSICS.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CKING@PANDORA.BE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CLAUDE111@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CLIFFE@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COOLDUDE123589@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COPYKAT@ESKILS.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\COYOTE@EUDORAMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRESCENTSABER@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRIMINALCATTERPILLAR@HOTMAI L.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CRINITY@EMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\CROUPIER@TERRA.COM.BR.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DAVID2001@INFONEGOCIO.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DCI@WIZARDS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEASDALE@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEATHLAZER@HOTBOT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DEVIOUS923@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DIGICHAOS@HOTSHEEP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DIOGO.MC@SAPO.PT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DMIKE@NMTRIX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOC.KHAN@SYMPATICO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DONATIONS@KAIZOKU-FANSUBS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DONI77@TELERING.AT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@2O7.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@7SEARCH.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADREVOLVER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.ADDYNAMIX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.POINTROLL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADS.REVSCI.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADSERVE.WEBTOOLCAFE.C OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ADVERTISING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@APMEBF.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS-EU.FALKAG.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS-US.FALKAG.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@AS1.FALKAG.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ATDMT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BFAST.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BLUESTREAK.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BRAVENET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@BS.SERVING-SYS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@CASALEMEDIA.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@COUNTER.HITSLINK.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@CS.SEXCOUNTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@DEVART.ADBUREAU.NET.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION

DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4CNCZKEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4KMAZABO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4QOAZGKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4SMAJEEQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFK4UOC5CBP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKIEMD5CKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOSJCZCDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOSLCJOFP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFKOUHCZALO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4KJCPMBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4KPCZMGP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4QMAJIFQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFL4WMCJCDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLICJD5AEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLICJD5EDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLIUJDPKLO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOCNDJCLQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOOKCPIGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLOUGAZKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFLYOOC5ODP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFMISMDPSEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WFMIWPDPWAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGK4GNAZMLQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGK4QGC5CFO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKISGAJAGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKIWMDZCGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKOKMAJECQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKOOLC5IEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGKYKLCJIHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGL4AGD5KKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGLYQJDJEDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WGMYOHDPEBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOKHAJMKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOQJDJKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKOUIAZGGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WHKYCJCJWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4AICJMKQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4AIDZOAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4CGDZOBO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4CMCPKAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4EODPKAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4GHCJAKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4SIDZGFQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4SNAJODO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJK4WMCPWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOGODZKGP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOOMDPOCP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKOSNCZCEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYCGD5OGO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYCLDJEEO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYKPD5IAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYONDZIDP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJKYSGDPADP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4ANCPSAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4GJAZOCO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJL4KLCZWFP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIKNDJMHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIOIAJODO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIQOCZGEQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLIUHD5MAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOCJAZWEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOOIAZCAO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION

DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOSGCPCKP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLOUKD5SAP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJLYWMCPWDQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMIKLC5AHQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMISGDZCKP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJMIUGCJSEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1GDZGE.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1ND5IG.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNY-1OAJAH.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYCICPKHO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYCIDZKAO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGMDPMEP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGNAJAAQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYGPD5KLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOICJCKO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOID5KLO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOJAJOGQ.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOKAJWLP.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYOPAJKDO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@E-2DJ6WJNYSODZSFO.STATS.ESOMNITURE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EDGE.RU4.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EDGE.RU4.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-ADIDASUS.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-BOLTMEDIA.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-ETOYS.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-INFORSPACEINC.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-METAGAME.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-POKEMONUSA.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-TIGERDIRECT2.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-UPPERDECK.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG-VCOMMERCECORPORATION.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@EHG.HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@FINDWHAT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HEAVYCOM.122.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HEAVYCOM.122.2O7.NET. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HITBOX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@HOTLOG.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@LINKSYNERGY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@LIST.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MAXSERVING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEDIA.ADREVOLVER.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEDIAPLEX.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEETUPCOM.122.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MEETUPCOM.122.2O7.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MSNPORTAL.112.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@MSNPORTAL.112.2O7.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@NETSTER.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@OVERSTOCK.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PARTYGAMING.122.2O7.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PARTYGAMING.122.2O7.N ET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PAYPAL.112.2O7.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@PAYPAL.112.2O7.NET.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@QKSRV.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@QUESTIONMARKET.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@RAMBLER.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REAL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REALMEDIA.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REUNIONCOM.112.2O7.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REUNIONCOM.112.2O7.NE T.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REVENUE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@REVSCI.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ROTATOR.ADJUGGLER.COM .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SEEQ.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SERVING-SYS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SEXLIST.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@SIXAPART.ADBUREAU.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STAT.DEALTIME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STAT.ONESTAT.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@STATCOUNTER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TARGETNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TICKLE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRADEDOUBLER.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRAFFICMP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRIBALFUSION.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@TRIPOD.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DOZAL@ZEDO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DRISCOLL_787_@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DSTEPP@U.WASHINGTON.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DV@BTINTERNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\DX10687@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\D_MIKE@SONERAMAIL.NL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EBAY@MILEHIGHCOMICS.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDA@FAULHUBER.AT.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDMAE@MINDSPRING.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EDO_HRZIC@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EIKE.FROST@GMX.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ELEMENT77@MYWAY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EMPEROROFCHAOS32@HOTMAIL.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ENBERM88@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\EWOODS@ISTAR.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FAQS@ODDCO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FCON@HADES.RO.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FLAMING_FAIRY69@HOTMAIL.COM .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\FURYHIKARI@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GAICEHAWK7@COX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GAMER777@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GKLLAM@SYMPATICO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GLENC@HOTSHEEP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GOOSEMAN@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GROUMPF.YOGI@BLUEWIN.CH.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\GUMBY000@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HEARTLESSCARDS@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HEELFLIP720@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HIRYUU@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOBBIT@BELLATLANTIC.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOBBIT@NODREAM.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOTPURSUIT@ANGELFIRE.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\HOULE@MSC.CORNELL.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IDO@DNAI.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IKELLEY@MAIL.SAS.UPENN.EDU. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IKELLEY@SAS.UPENN.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ILPATIO@MSN.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\IMHIEN@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\INDI@HOTTUB.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ION475@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\J6NG@ENGMAIL.UWATERLOO.CA.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JAYGIBBS3@COGECO.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JEF@ACME.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JEREMY_RUBECK@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JESTER115@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JGAMEFAQS@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JLOUP@GZIP.ORG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOGI@NETADS.DE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOHNSONKIDS@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JOVAES@EDU.XUNTA.ES.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\JSEWARD@ACM.ORG.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KAISER1720@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KIDVID2@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOLK@SCF.USC.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOSMA@INTER.PL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KOSTAS@EUROWEB.GR.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\KUNY709@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\K_BROCK69@HOTMAIL.CO.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LBDANGC@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LMUUR@DLC.FI.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\LOONERSTRIDE@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\L_JANKOVIC@INMAIL.SK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MACMANINFI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MADLER@ALUMNI.CALTECH.EDU.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MAGEKNIGHT@MINDSPRING.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MAGICWEASEL@COMCAST.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MARIC_I@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MARTIN@GRAYLING.PRESTEL.CO. UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MEEEEDIC@GMX.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MEJLAJMI@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_AM@HTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_SAM@HOTMAIL.COM.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MILKY_MAN_SAM@HTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MJOHANSE@DTD1.SLPS.K12.MO.U S.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MLR32@CAM.AC.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MOGKUPO7@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MRPURPLE@EASYWAY.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MRYAY@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MSPSS@GTO.NET.OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MTS@LEBANON-ONLINE.COM.LB.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\MURDEROUS_BREEZE@HOTMAIL.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\N0TH1NG@MAILCITY.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NARBY@COUNTER-STRIKE.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NNGUYEN11490@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\NOODLES136@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ODDITY@GARBAGE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\OOH44@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\OPERINKO@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ORBIT@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PAULDINGES@EARTHLINK.NET.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PAULOSSOUZA@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PELLERINGA@WANADOO.ES.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\PLKACHU@BANET.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAGNAROK@RPGTEMPLE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAKOWNACKI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RANDEG@ALUM.RPI.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAREHUNTER101@SOLOMONGAMESH OP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAVENBORNE@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RAVENJAC17@EMAIL.MSN.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RCOEH@VGH.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\REBST45@PITT.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\REDBARONII@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDK@PRTC.NE.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDK@PRTC.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RICHARDSAMLI@FANFICTION.NET .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ROGGELS@DDS.NL.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RTILGNER@HCWORKSHOP.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RUSTYROSE@ADELPHIA.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\RWHE423723@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\S1007576@ADMIRAL.UMSL.EDU.I NI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SAILOR_BACON@ANIMELYRICS.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SAIZEN@IRC.RIZON.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SCLACORE@KIH.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SEXY_SCOTT_12@HOTMAIL.CO.UK .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SH1NY@OPTUSHOME.COM.AU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SHINIGAMI_OBELISK_002@HOTMA IL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SHMED@IX.NETCOM.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SILVERSPY@SHAW.CA.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SIR_ARONAR@MSN.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SOASHTONA@AOL.COM.INI (Submitted)

C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SPX4JMK@CF.AC.UK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SQUIRTLE_90909@HOTMAIL.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STARRYNOVA@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STEENRAS@STOFANET.DK.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\STROMER@CHELLO.CZ.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SUPERSONIC607@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\SUPERSONIC@SOLOMONGAMESHOP. COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TANKY91@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TENCHI4EVER@MASAKISHRINE.CO M.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TFIDLER@SIOL.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\THE1NDONLYALLMARD@HOTMAIL.C OM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TOOCOOL12CA@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TRAVISGILLIAM@ATTBI.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TYR@BARKING-DOG.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\TYROUGEZERO@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\VBV@PRIS.EEAP.CWRU.EDU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\VENTES@ELEMENT5-FRANCE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WARDYZ_ERE_07@HOTMAIL.CO.UK .INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WARRIOR_X@ZELDACLASSIC.COM. INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WEBCREATURE123@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WEBPSYCHO_@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WILDER@CLEANWEB.NET.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WITCHDAWN@HOTMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WOODWARD@IO.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\WWJDBRI@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\XDANNYPOOX@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YAVUZ@BATMAZNET.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YELSEYKING@AOL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YHTEYDENOTTO@FOTONI.BIZ.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YOUASAKURASK@HOTMAIL.COM.IN I (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\YSF@PACIFIC.NET.SG.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZAPHOD@MAPCORE.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZDANEK@COMCH.RU.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZK4LYFE@GMAIL.COM.INI (Submitted)
C:\DOCUMENTS AND SETTINGS\ADAN DOZAL\LOCAL SETTINGS\APPLICATION DATA\LOC.MAIL.BRON.TOK\ZYY2006@MSN.COM.INI (Submitted)
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
Trojan-Downloader.Win32.Small.eqn (virus)
C:\WINDOWS\SYSTEM32\CHECKDLL\D77012.EXE (Renamed & Submitted)
Trojan-Downloader.Win32.VB.awj (virus)
C:\WINDOWS\SYSTEM32\F10WTR\F10WTR1099.EXE (Renamed & Submitted)
Trojan.Win32.Agent.aoy (virus)
C:\WINDOWS\SYSTEM32\RWCOBCUR.EXE (Renamed & Submitted)
Trojan.Win32.BHO.ab (virus)
C:\WINDOWS\TK58.EXE (Renamed & Submitted)
C:\PROGRAM FILES\MSN\QUKAVOPA.DLL (Renamed & Submitted)
W32/Vundo.dam (virus)
C:\WINDOWS\SYSTEM32\MLLMK.DLL (Submitted)
C:\WINDOWS\SYSTEM32\OOCCEBBP.DLL
C:\WINDOWS\SYSTEM32\PEPOKUOM.DLL (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 33465
System: 4579
Not scanned: 3
Actions:
Disinfected: 1
Renamed: 5
Deleted: 0
None: 367
Submitted: 363
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{910502 49-CF49-4BBC-819B-A99D21F48F23}.BIN

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure AVP: 7.0.171, 2007-08-15
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0260-23-12
F-Secure Libra: 2.4.2, 2007-08-14
F-Secure Orion: 1.2.37, 2007-08-14
F-Secure Pegasus: 1.19.0, 2007-07-12
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

I am not shunning you. Please post the Comboxfix log with the rootkit detection.

I believe I did on post #47?

Let try:
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
Just before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log


YOU MUST KEEP THIS PC OFF LINE AS MUCH AS POSSIBLE UNTIL WE RESOLVE THE PROBLEM

Tell your brother to surf elsewhere for a while.

Unfortunately it was on all day as far as I know, but it is in a public place and my sister was there, so unless you are worried about us getting something from a regular site or a hacker, then I think that any of "those sites" weren't opened.

I'll report back ASAP.

SDFix: Version 1.98

Run by Adan Dozal on Wed 08/15/2007 at 11:18 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\ADANDO~1\Desktop\Proggies\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

C:\WINDOWS\system32\config\default.tmp.LOG
C:\WINDOWS\system32\config\SAM.tmp.LOG
C:\WINDOWS\system32\config\SECURITY.tmp.LOG
C:\WINDOWS\system32\config\software.tmp.LOG
C:\WINDOWS\system32\config\system.tmp.LOG

Finished

Logfile of HijackThis v1.99.1
Scan saved at 11:37:03 PM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\mege22011.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mege] C:\Program Files\Common Files\mege22011.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\bjumuyhj.dll",forkonce
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I've been getting "Network Diagnostics", "WinAntiVirus" (as I am typing this message they are popping up like every minutes or ten seconds or so...) and other programs that tell me that they want to help "fix" my computer pop up at random junctions of my being online, so that has me a bit irked at the moment. The iexplore.exe is acting up as well and popping up on my "Should I allow this to open?" prompt of ZoneAlarm (I kept denying it until I got fed up and went to the Program Control and Blocked all excess from Internet Explorer.


Could that Megaupload Toolbar be doing something, it is the latest thing I have downloaded and I do get re-directed to this 404 Error site called megaclick when I go to regular sites I have always been to without any errors (that hasn't been happening all too often nowadays...).

Here is a conversation between a member of the site I got it from and an Administrator that introduced this Megaupload toolbar to us:

dbzanto
Genin
ur wrong spyware is on it already it tell u when u install ok download it then press next and tells u the terms and condtions and says agree or not it says keep reading and u see thee truth

The statistics information collected by the Megaupload Toolbar is strictly
anonymous and is respecting your privacy.

THIS TOOLBAR INTEGRATES CERTAIN SERVICES FROM ALEXA INTERNET,
INC. ("ALEXA"). THE TOOLBAR MAY EXCHANGE DATA WITH ALEXA IN ORDER
TO PROVIDE: (A) INFORMATION TO YOU ABOUT THE WEB PAGES YOU VIEW
(ranking information, for example) AND (B) BASIC INFORMATION TO ALEXA ON
YOUR USE OF THE TOOLBAR, INCLUDING THE IP ADDRESS OF YOUR
COMPUTER, THE URL OF THE WEB PAGES YOU VISIT AND, BECAUSE THE TOOLBAR COMMUNICATES VIA HTTP, DATA TYPICAL OF NORMAL HTTP COMMUNICATIONS, SUCH AS USER AGENT AND OPERATING SYSTEM, WILL BE COMMUNICATED.


website that tell u about this

It installs the Alexa Toolbar, which is spyware. You can read about it here:
http://www.f-secure.com/sw-desc/alexa.shtml
http://www.trendmicro.com/vinfo/grayware/v...ME=SPYW_ALEXA.A
http://www.symantec.com/security_response/...-062410-3624-99
http://www.auditmypc.com/process/alxres.asp

_________________

SolidSnake916
Administrator
Alexa, is a counter, it notes when you goto a site, and adds that site to a ranking spot, thats not spyware... idiot. Also i was already aware of this, scan the file for spyware at http://virusscan.jotti.org/

It will say nothing found.

Scan mega manager lol, it will say it has found W32 built in files, them files are not spyware, they are integration files to build itself into IE, it than allows for contact to the program and the website. Nothing BAD!!! Also, its built in flash... what do you expect, flash scripts are noted as viruses all the time, i dont believe them, also it shows AVG says nothing found, because nothing really bad is in it lol. AVG is the best virus scanner out there...


Could this guy be getting a sort of kick back from Megaupload to peddle their spyware ridden toolbar?

I'm going to do the usual routine again (Combofix, AVG, F-Secure, etc) because these pop-ups and tab-ups (tabs pop up for that WinAntiVirus thing) are getting on my nerves.

"Adan Dozal" - 2007-08-15 23:53:20 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\nfcxptps.exe
C:\WINDOWS\system32\kmllm.bak1
C:\WINDOWS\system32\kmllm.bak2
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\mllmk.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\MSN\qukavopa.dll
C:\Program Files\MSN\qukavopa582.dll
C:\Program Files\MSN\rtesekijo.html
C:\WINDOWS\tk58.exe


((((((((((((((((((((((((( Files Created from 2007-07-16 to 2007-08-16 )))))))))))))))))))))))))))))))


2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-15 17:25 125,504 --a------ C:\WINDOWS\system32\bjumuyhj.dll
2007-08-15 12:36 125,504 --a------ C:\WINDOWS\system32\pepokuom.dll
2007-08-15 12:31 69,184 --a------ C:\WINDOWS\system32\ooccebbp.dll
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 31,254 --a------ C:\WINDOWS\system32\jkkihfc.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\f10WtR
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-14 20:48 <DIR> d-------- C:\temp\fse
2007-08-14 20:48 <DIR> d-------- C:\temp\1cb
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-08-05 10:59 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-08-05 10:59 <DIR> d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\MegauploadToolbar
2007-07-30 14:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III
2007-07-17 18:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-17 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-16 21:53 <DIR> d-------- C:\WINDOWS\system32\b10FdUe
2007-07-16 21:53 <DIR> d-------- C:\temp\brr
2007-07-16 21:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-16 05:01:12 135,168 ----a-w C:\WINDOWS\tk58.exe
2007-08-16 04:58:35 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-16 04:58:35 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-14 14:23:03 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-14 00:03:28 -------- d-----w C:\Program Files\Trillian
2007-07-29 00:16:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-07-27 06:50:09 7,092 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-07-19 20:47:48 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-07-19 20:47:48 -------- d-----w C:\Program Files\Starcraft
2007-07-19 20:47:45 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-07-19 20:47:45 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-07-17 23:44:32 -------- d-----w C:\Program Files\QuickTime
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 22:30:34 -------- d-----w C:\Program Files\Common Files\Nero
2007-07-02 22:28:03 -------- d-----w C:\Program Files\Ahead
2007-07-02 22:27:54 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:35:26 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:06:44 -------- d-----w C:\Program Files\SoftWareClub.ws
2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-16 10:03:45 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\HP
2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-07-31 11:25 1933256 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79E29B3F-8E2A-44E5-4C9F-91285BFF2A24}]
2007-08-16 00:01 70144 --a------ C:\Program Files\MSN\qukavopa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
2007-08-15 12:31 69184 --a------ C:\WINDOWS\system32\ooccebbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:24 C:\WINDOWS\system32\cthelper.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"mege"="C:\Program Files\Common Files\mege22011.exe" [2007-08-07 15:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"="C:\WINDOWS\system32\hggeffg.dll" [2007-08-14 20:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll --a------ 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-14 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-16 00:00:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-16 0:02:38 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 00:02
C:\ComboFix2.txt ... 2007-08-15 14:05
C:\ComboFix3.txt ... 2007-08-09 11:06

--- E O F ---

2007-06-29 10:42 146944 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinAdmin.exe.vir
2007-07-16 21:52 10316 --a------ C:\Qoobox\Quarantine\C\Program Files\poolsv\wr-1-0000077.exe.vir
2007-07-16 21:52 38400 --a------ C:\Qoobox\Quarantine\C\Program Files\poolsv\svhost.exe.vir
2007-07-16 21:53 109560 --a------ C:\Qoobox\Quarantine\C\Program Files\poolsv\k11u72.exe.vir
2007-07-16 21:53 186621 --a------ C:\Qoobox\Quarantine\C\Program Files\poolsv\YazzleBundle-1549.exe.vir
2007-07-16 21:54 31254 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqqqpm.dl l.vir
2007-07-16 21:54 40183 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\Yazzle1549OinUninstaller.exe.vir
2007-07-16 21:59 266336 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcyv.dll. vir
2007-07-16 23:00 1941100 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.bak1 .vir
2007-07-16 23:02 128576 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\rrrrnnjf.d ll.vir
2007-07-16 23:02 66112 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\abskpoti.e xe.vir
2007-07-16 23:05 66624 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\hgleumir.d ll.vir
2007-07-17 09:01 1133296 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\fjnnrrrr.i ni.vir
2007-07-17 09:05 1973534 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\vycdd.ini. vir
2007-07-25 09:26 36864 --a------ C:\Qoobox\Quarantine\C\WINDOWS\poolsv.exe.vir
2007-07-28 04:06 135 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN\rtesekijo.html.vir
2007-08-08 02:30 116351 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\X1\x22011. exe.vir
2007-08-14 20:47 37888 --a------ C:\Qoobox\Quarantine\C\WINDOWS\svhost.exe.vir
2007-08-14 20:47 8780 --a------ C:\Qoobox\Quarantine\C\Program Files\svhost\wr-1-0000077.exe.vir
2007-08-14 20:50 20 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\ WinAntiSpyware 2007\Data\ProductCode.vir
2007-08-14 20:50 5 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\ WinAntiSpyware 2007\Data\Abbr.vir
2007-08-14 20:51 0 --a------ C:\Qoobox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\err.log.vir
2007-08-14 20:51 79872 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\FO PN.sys.vir
2007-08-14 20:53 243296 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\ssttt.dll. vir
2007-08-14 20:53 6421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak1 .vir
2007-08-14 20:56 3630 --a------ C:\Qoobox\Quarantine\C\DOCUME~1\ADANDO~1\APPLIC~1\ WinAntiSpyware 2007\Logs\update.log.vir
2007-08-14 23:57 0 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\ADANDO~1\err.log.vir
2007-08-15 00:05 241 --a------ C:\Qoobox\Quarantine\C\WINDOWS\wr.txt.vir
2007-08-15 02:05 243296 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\mllmk.dll. vir
2007-08-15 02:06 6421 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kmllm.bak1 .vir
2007-08-15 12:19 1712865 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.bak2 .vir
2007-08-15 13:58 1164 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_DOMAI NSERVICE.reg.cf
2007-08-15 13:58 1717530 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\tttss.ini. vir
2007-08-15 13:58 2956 --a------ C:\Qoobox\Quarantine\Registry_backups\services_Dom ainService.reg.cf
2007-08-15 17:23 1712964 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kmllm.bak2 .vir
2007-08-15 17:23 4672 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\nfcxptps.e xe.vir
2007-08-15 21:58 70144 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN\qukavopa.dll.vir
2007-08-15 23:35 135168 --a------ C:\Qoobox\Quarantine\C\WINDOWS\tk58.exe.vir
2007-08-15 23:35 70144 --a------ C:\Qoobox\Quarantine\C\Program Files\MSN\qukavopa582.dll.vir
2007-08-15 23:56 1751253 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\kmllm.ini. vir
2007-08-15 23:57 259 --a------ C:\Qoobox\Quarantine\catchme.log


Folder PATH listing
Volume serial number is 6CFC-A40C
C:\QOOBOX
\---Quarantine
| catchme.log
|
+---C
| +---Documents and Settings
| | \---ADANDO~1
| | err.log.vir
| |
| +---DOCUME~1
| | +---ADANDO~1
| | | \---APPLIC~1
| | | \---WinAntiSpyware 2007
| | | \---Logs
| | | update.log.vir
| | |
| | \---ALLUSE~1
| | \---APPLIC~1
| | \---WinAntiSpyware 2007
| | \---Data
| | Abbr.vir
| | ProductCode.vir
| |
| +---Program Files
| | +---Common Files
| | | | Yazzle1549OinAdmin.exe.vir
| | | | Yazzle1549OinUninstaller.exe.vir
| | | |
| | | \---WinAntiSpyware 2007
| | | err.log.vir
| | |
| | +---MSN
| | | qukavopa.dll.vir
| | | qukavopa582.dll.vir
| | | rtesekijo.html.vir
| | |
| | +---poolsv
| | | k11u72.exe.vir
| | | svhost.exe.vir
| | | wr-1-0000077.exe.vir
| | | YazzleBundle-1549.exe.vir
| | |
| | \---svhost
| | wr-1-0000077.exe.vir
| |
| \---WINDOWS
| | poolsv.exe.vir
| | svhost.exe.vir
| | tk58.exe.vir
| | wr.txt.vir
| |
| \---system32
| | abskpoti.exe.vir
| | ddcyv.dll.vir
| | fjnnrrrr.ini.vir
| | hgleumir.dll.vir
| | kmllm.bak1.vir
| | kmllm.bak2.vir
| | kmllm.ini.vir
| | mllmk.dll.vir
| | nfcxptps.exe.vir
| | rrrrnnjf.dll.vir
| | ssqqqpm.dll.vir
| | ssttt.dll.vir
| | tttss.bak1.vir
| | tttss.bak2.vir
| | tttss.ini.vir
| | vycdd.bak1.vir
| | vycdd.ini.vir
| |
| +---drivers
| | FOPN.sys.vir
| |
| \---X1
| x22011.exe.vir
|
\---Registry_backups
LEGACY_DOMAINSERVICE.reg.cf
services_DomainService.reg.cf

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:37:13 AM 8/16/2007

+ Scan result:



C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files\Content.IE5\J73BEAKK\tk58[1].exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\WINDOWS\tk58.exe -> Adware.ZQuest : Cleaned with backup (quarantined).
C:\Program Files\MSN\qukavopa.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).
C:\Program Files\MSN\qukavopa175.dll -> Hijacker.StartPage : Cleaned with backup (quarantined).


::Report end





I did a scan of my system before this one but after the one I posted above just earlier and it told me to restart the system before I could save a copy, but those two were in that report and were deleted, so I guess AVG figured it would be better to quarantine them instead.

Start-up is taking a good minute or so as well...*sigh*

Barely saw that advisory of yours, logging off. I suppose I will be back around 10 PM CST since that seems to be when you are around.

I would like to you to download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4)
to your desktop.
Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

Re-boot and run comboxfix again and give me both logs.

Please send this file to Jotti: C:\Program Files\Common Files\mege22011.exe

Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results here.

http://img502.imageshack.us/img502/8744/jottimegejy6.jpg

http://img300.imageshack.us/img300/6790/jottimegestatszl6.jpg

Logfile of HijackThis v1.99.1
Scan saved at 1:02:55 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\mege22011.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mege] C:\Program Files\Common Files\mege22011.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

VundoFix V6.5.7

Checking Java version...

Scan started at 12:43:15 AM 8/17/2007

Listing files found while scanning....

C:\windows\system32\bjumuyhj.dll
C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.ini
C:\windows\system32\jhyumujb.ini
C:\windows\system32\jkkihfc.dll
C:\WINDOWS\system32\mljgd.dll
C:\windows\system32\moukopep.ini
C:\WINDOWS\system32\ooccebbp.dll
C:\windows\system32\pepokuom.dll

Beginning removal...

Attempting to delete C:\windows\system32\bjumuyhj.dll
C:\windows\system32\bjumuyhj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dgjlm.ini Has been deleted!

Attempting to delete C:\windows\system32\jhyumujb.ini
C:\windows\system32\jhyumujb.ini Has been deleted!

Attempting to delete C:\windows\system32\jkkihfc.dll
C:\windows\system32\jkkihfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Could not be deleted.

Attempting to delete C:\windows\system32\moukopep.ini
C:\windows\system32\moukopep.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ooccebbp.dll
C:\WINDOWS\system32\ooccebbp.dll Has been deleted!

Attempting to delete C:\windows\system32\pepokuom.dll
C:\windows\system32\pepokuom.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Scan started at 12:47:04 AM 8/17/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V6.5.7

Checking Java version...

Scan started at 12:50:03 AM 8/17/2007

Listing files found while scanning....

C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\mljgd.dll
C:\windows\system32\ncqahven.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dgjlm.bak1
C:\WINDOWS\system32\dgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\dgjlm.ini
C:\WINDOWS\system32\dgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgd.dll
C:\WINDOWS\system32\mljgd.dll Has been deleted!

Attempting to delete C:\windows\system32\ncqahven.exe
C:\windows\system32\ncqahven.exe Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\ncqahven.exe
C:\windows\system32\ncqahven.exe Has been deleted!

Performing Repairs to the registry.
Done!

"Adan Dozal" - 2007-08-17 1:09:37 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\ddccc.dll
C:\WINDOWS\system32\cccdd.bak1
C:\WINDOWS\system32\cccdd.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\f10WtR
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-14 20:48 <DIR> d-------- C:\temp\fse
2007-08-14 20:48 <DIR> d-------- C:\temp\1cb
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-08-05 10:59 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-08-05 10:59 <DIR> d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\MegauploadToolbar
2007-07-30 14:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III
2007-07-17 18:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-17 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-17 06:13:54 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-17 06:13:54 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-16 14:22:51 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-14 00:03:28 -------- d-----w C:\Program Files\Trillian
2007-07-29 00:16:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-07-27 06:50:09 7,092 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-07-19 20:47:48 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-07-19 20:47:48 -------- d-----w C:\Program Files\Starcraft
2007-07-19 20:47:45 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-07-19 20:47:45 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-07-17 23:44:32 -------- d-----w C:\Program Files\QuickTime
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 22:30:34 -------- d-----w C:\Program Files\Common Files\Nero
2007-07-02 22:28:03 -------- d-----w C:\Program Files\Ahead
2007-07-02 22:27:54 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:35:26 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:06:44 -------- d-----w C:\Program Files\SoftWareClub.ws
2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-07-31 11:25 1933256 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79846D3-21F7-48F7-4EBE-01A8B6B53809}]
C:\Program Files\MSN\qukavopa175.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB605324-531A-4ADA-BBC2-96BC202C5B6B}]
C:\WINDOWS\system32\mljgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:24 C:\WINDOWS\system32\cthelper.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"mege"="C:\Program Files\Common Files\mege22011.exe" [2007-08-07 15:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"="C:\WINDOWS\system32\hggeffg.dll" [2007-08-14 20:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll --a------ 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-14 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-17 01:15:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-17 1:17:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-17 01:17
C:\ComboFix2.txt ... 2007-08-16 22:45
C:\ComboFix3.txt ... 2007-08-16 00:02

--- E O F ---

This is a Combofix log taken before the Vundofix scan.

"Adan Dozal" - 2007-08-16 22:35:00 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\noqcakwr.exe
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak2
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\awvtu.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\MSN\rtesekijo.html


((((((((((((((((((((((((( Files Created from 2007-07-17 to 2007-08-17 )))))))))))))))))))))))))))))))


2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-15 17:25 125,504 --a------ C:\WINDOWS\system32\bjumuyhj.dll
2007-08-15 12:36 125,504 --a------ C:\WINDOWS\system32\pepokuom.dll
2007-08-15 12:31 69,184 --a------ C:\WINDOWS\system32\ooccebbp.dll
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 31,254 --a------ C:\WINDOWS\system32\jkkihfc.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\f10WtR
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-14 20:48 <DIR> d-------- C:\temp\fse
2007-08-14 20:48 <DIR> d-------- C:\temp\1cb
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-08-05 10:59 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-08-05 10:59 <DIR> d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\MegauploadToolbar
2007-07-30 14:00 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III
2007-07-17 18:43 <DIR> d-------- C:\Program Files\Apple Software Update
2007-07-17 18:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-16 21:53 <DIR> d-------- C:\WINDOWS\system32\b10FdUe
2007-07-16 21:53 <DIR> d-------- C:\temp\brr
2007-07-16 21:52 89,088 --a------ C:\WINDOWS\system32\atl71.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-17 03:40:53 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-17 03:40:53 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-16 14:22:51 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-14 00:03:28 -------- d-----w C:\Program Files\Trillian
2007-07-29 00:16:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-07-27 06:50:09 7,092 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-07-19 20:47:48 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-07-19 20:47:48 -------- d-----w C:\Program Files\Starcraft
2007-07-19 20:47:45 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-07-19 20:47:45 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-07-17 23:44:32 -------- d-----w C:\Program Files\QuickTime
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 22:30:34 -------- d-----w C:\Program Files\Common Files\Nero
2007-07-02 22:28:03 -------- d-----w C:\Program Files\Ahead
2007-07-02 22:27:54 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:35:26 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:06:44 -------- d-----w C:\Program Files\SoftWareClub.ws
2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
2007-07-31 11:25 1933256 --a------ C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79846D3-21F7-48F7-4EBE-01A8B6B53809}]
C:\Program Files\MSN\qukavopa175.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
2007-08-15 12:31 69184 --a------ C:\WINDOWS\system32\ooccebbp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:24 C:\WINDOWS\system32\cthelper.exe]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"mege"="C:\Program Files\Common Files\mege22011.exe" [2007-08-07 15:30]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 07:29]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"="C:\WINDOWS\system32\hggeffg.dll" [2007-08-14 20:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll --a------ 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\AVG Anti-Spyware Guard]


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-14 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-16 22:42:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-16 22:45:01 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-16 22:45
C:\ComboFix2.txt ... 2007-08-16 00:02
C:\ComboFix3.txt ... 2007-08-15 14:05

--- E O F ---

First:

Is it running any better?

Next unload AVG-Anti-spyware from memory. If it is in the system tray, rt click and close it. If you have to uninstall, do it. Just get it out of memory.

Open Hijackthis and place a check next to:

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O4 - HKLM\..\Run: [mege] C:\Program Files\Common Files\mege22011.exe

Close all open windows except for Hijackthis and click fix checked.

Re-boot and post a fresh log.

It isn't running too much better, before it would (at times) take around a minute to get up and running, but now it is taking slightly less than that, but still taking a bit longer than it should.

I uninstalled AVG, but also deleted everything that had to do with AVG like quarantined files and stuff like that.

Both of those two are gone from HJT and the Megaupload Toolbar is gone from my "Add/Remove Programs" list (but it remains in my "View" and "Toolbars" section of my browser...could there be some root files or whatever that could be keeping it there?). I think it said that it will be removed, but might still be visible in my browser...so I take that to mean "Don't worry about it stupid, you think it is gone, but it is still there. We are just telling you this so that you will be self-assured and we can continue to spy on you", what about you?


Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 5:23:49 PM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Open Hijackthis and place a check next to:

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

close all open program and browser windows except for HJT and click fix checked. Re-boot, post a fresh log tell us how the system is running.

You have a whole lot of junk running at startup. The following should be disabled, though NOT by HJT unless it is a last resort. Each one can be disabled by the program that launches it:

DO NOT REMOVE WITH HIJACKTHIS UNLESS INSTRUCTED
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe -atboottime
C:\Program Files\Messenger\msmsgs.exe /background
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office10\OSA.EXE

http://img242.imageshack.us/img242/8553/tskmngrqq6.jpg

I'm still getting random pop-ups (like prevent system infections, join the cure for cancer, random pop-ups that pop up from Internet Explorer and not (even though I did get a "tab-up" once on Firefox) Firefox...

It seems to be getting back to normal as far as loading to the desktop from start-up though, so that is something good...

I don't believe I know where to disable these...too bad the task manager doesn't let you do that automatically at launch...


I believe I will try to get see what a Combofix, AVG (need to re-install), and F-Secure scan will do for the system.


Logfile of HijackThis v1.99.1
Scan saved at 6:18:47 AM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\yjiowjxn.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Don't run scans I don't ask for that muddies things up. What version of IE are you running? Do you have the pop-up blocker on? When you get the pop-up can you duplicate it with Firefox?


Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the *Scan for Vundo* button." when
VundoFix appears at reboot.

Please open a HJT scan and put checks by:

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\yjiowjxn.dll",forkonce

close all open program and browser windows except for HJT and click fix checked. Re-boot, post a fresh log tell us how the system is running.

Run Combofix again

Where did that come from? Did you install Something else.

Give me all three logs...

IE7
Version: 7.0.5730.11

The pop-up blocker was on, but at medium "strength". Now it is at high and so are the security settings on the Internet Options (since I don't use IE, I put all the options on high...). Also I don't know what you mean by "When you get the pop-up can you duplicate it with Firefox?"...?

It seems every time I log on I get this random .exe program that pops up on ZAlarm and ZA asks me if I want to allow it to continue and I deny it and it is still present on my Task Manager and then when I do the Combofix I find it there and it is removed and then later on I get a new one with these 3 other files accompanying it (.inx or something files...).

I'll stop doing random fixes with those 3 tools (did a CFix before this though because I had one of those things pop up like the one I mentioned above).


I'm off to Vundo, HJT, and CFix like you stated, brb (blah, you logged off...).


VundoFix V6.5.7

Checking Java version...

Scan started at 6:45:30 AM 8/18/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\kremsvne.dll
C:\windows\system32\nxjwoijy.ini
C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.ini
C:\windows\system32\yjiowjxn.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\kremsvne.dll
C:\WINDOWS\system32\kremsvne.dll Has been deleted!

Attempting to delete C:\windows\system32\nxjwoijy.ini
C:\windows\system32\nxjwoijy.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rstwa.bak1
C:\WINDOWS\system32\rstwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.ini Has been deleted!

Attempting to delete C:\windows\system32\yjiowjxn.dll
C:\windows\system32\yjiowjxn.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtsr.dll
C:\WINDOWS\system32\awtsr.dll Has been deleted!

Performing Repairs to the registry.
Done!





Logfile of HijackThis v1.99.1
Scan saved at 6:52:53 AM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D5081DD-2986-472C-BCF6-0023D0A67F44} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: 0 - {A79846D3-21F7-48F7-4EBE-01A8B6B53809} - C:\Program Files\MSN\qukavopa175.dll (file missing)
O2 - BHO: (no name) - {AB605324-531A-4ADA-BBC2-96BC202C5B6B} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

My "powers of Aspirant Master Geek tell me that those BHOs (except for the first one) are trouble:

O2 - BHO: (no name) - {0D5081DD-2986-472C-BCF6-0023D0A67F44} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: 0 - {A79846D3-21F7-48F7-4EBE-01A8B6B53809} - C:\Program Files\MSN\qukavopa175.dll (file missing)
O2 - BHO: (no name) - {AB605324-531A-4ADA-BBC2-96BC202C5B6B} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll

I did not FIX any of them, but the first one wasn't removed by Vundo on it's first try and then it re-booted and it was there and I Removed Vundo and it re-booted (so that means it fixed it, but I did this HJT after it supposedly fixed it...??)

Also noted that this might be troublesome (due to it being up there on those BHOs):

O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll


Should I get rid of these from HJT since I don't know how to disable them?:

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe [b]Global Start-up tells a newbie like me that this appears at start-up and isn't crucial to the program in general...?[/b]
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

We don't even own an Ipod anymore, so can I HJT this one (it seems to be a remnant of the uninstall of all of that Apple stuff that the start-up disc for the Ipod put into my system...):

O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)











This is the first CFix log before you told me to stop doing random fixes with CFix, AVG, F-Secure:

"Adan Dozal" - 2007-08-18 6:20:31 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))


C:\WINDOWS\system32\rlcuaqai.exe
C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak2
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\pmkjg.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-18 05:22 70,208 --a------ C:\WINDOWS\system32\kremsvne.dll
2007-08-18 05:22 125,504 --a------ C:\WINDOWS\system32\yjiowjxn.dll
2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\f10WtR
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-14 20:48 <DIR> d-------- C:\temp\fse
2007-08-14 20:48 <DIR> d-------- C:\temp\1cb
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-18 11:25:37 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-18 11:25:37 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-16 14:22:51 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-14 00:03:28 -------- d-----w C:\Program Files\Trillian
2007-07-29 00:16:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-07-27 06:50:09 7,092 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-07-19 20:47:48 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-07-19 20:47:48 -------- d-----w C:\Program Files\Starcraft
2007-07-19 20:47:45 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-07-19 20:47:45 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-07-17 23:44:32 -------- d-----w C:\Program Files\QuickTime
2007-07-17 23:43:42 -------- d-----w C:\Program Files\Apple Software Update
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 22:30:34 -------- d-----w C:\Program Files\Common Files\Nero
2007-07-02 22:28:03 -------- d-----w C:\Program Files\Ahead
2007-07-02 22:27:54 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:35:26 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:06:44 -------- d-----w C:\Program Files\SoftWareClub.ws
2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79846D3-21F7-48F7-4EBE-01A8B6B53809}]
C:\Program Files\MSN\qukavopa175.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB605324-531A-4ADA-BBC2-96BC202C5B6B}]
C:\WINDOWS\system32\mljgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-08-18 05:22 70208 --a------ C:\WINDOWS\system32\kremsvne.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"="C:\WINDOWS\system32\hggeffg.dll" [2007-08-14 20:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll --a------ 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-14 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-18 06:27:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

This is from the previous log above ^^^

Completion time: 2007-08-18 6:29:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 06:29
C:\ComboFix2.txt ... 2007-08-17 01:17
C:\ComboFix3.txt ... 2007-08-16 22:45

--- E O F ---



These files always pop up (or something like them (with a weird name like rlcuaqai and then a couple of other files with weird extensions like .ini and .bak1/2) and they are caught by ZAlarm and denied and then still found in my TaskManager):

C:\WINDOWS\system32\rlcuaqai.exe
C:\WINDOWS\system32\gjkmp.bak1
C:\WINDOWS\system32\gjkmp.bak2
C:\WINDOWS\system32\gjkmp.ini
C:\WINDOWS\system32\pmkjg.dll


If you want I could show you the Program Control of my ZoneAlarm and show you what is on there (keep in mind that ZoneAlarm (at least mine, I don't know about yours) doesn't delete stuff that I had removed like that mege220011.exe and stuff like that...)??










"Adan Dozal" - 2007-08-18 6:57:50 - ComboFix 07-07-14.6 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-07-18 to 2007-08-18 )))))))))))))))))))))))))))))))


2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\f10WtR
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-14 20:48 <DIR> d-------- C:\temp\fse
2007-08-14 20:48 <DIR> d-------- C:\temp\1cb
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-18 11:50:14 288 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-18 11:50:14 288 ----a-w C:\WINDOWS\system32\DVCState-{00000001-00000000-00000001-00001102-00000004-10061102}.dat
2007-08-16 14:22:51 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-14 00:03:28 -------- d-----w C:\Program Files\Trillian
2007-07-29 00:16:27 4,212 ---ha-w C:\WINDOWS\system32\zllictbl.dat
2007-07-27 06:50:09 7,092 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\wklnhst.dat
2007-07-19 20:47:48 35,382 ----a-w C:\WINDOWS\scunin.dat
2007-07-19 20:47:48 -------- d-----w C:\Program Files\Starcraft
2007-07-19 20:47:45 967 ----a-w C:\WINDOWS\ScUnin.pif
2007-07-19 20:47:45 94,208 ----a-w C:\WINDOWS\ScUnin.exe
2007-07-17 23:44:32 -------- d-----w C:\Program Files\QuickTime
2007-07-17 23:43:42 -------- d-----w C:\Program Files\Apple Software Update
2007-07-15 08:10:37 -------- d-----w C:\Program Files\rpg2003
2007-07-14 10:06:21 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 07:15:25 -------- d-----w C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 22:30:34 -------- d-----w C:\Program Files\Common Files\Nero
2007-07-02 22:28:03 -------- d-----w C:\Program Files\Ahead
2007-07-02 22:27:54 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-28 05:08:49 -------- d-----w C:\Program Files\GIMP-2.0
2007-06-27 21:35:26 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-27 21:22:56 -------- d-----w C:\Program Files\Common Files\Ahead 2
2007-06-26 06:08:16 1,104,896 ----a-w C:\WINDOWS\system32\msxml3.dll
2007-06-26 02:06:44 -------- d-----w C:\Program Files\SoftWareClub.ws
2007-06-19 13:31:19 282,112 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\nircmd.exe
2007-06-13 10:23:07 1,033,216 ----a-w C:\WINDOWS\explorer.exe
2007-06-07 03:01:18 99,318 ----a-w C:\WINDOWS\hpiins04.dat
2006-10-05 05:02:46 59,392 ----a-w C:\DOCUME~1\ADANDO~1\APPLIC~1\GDIPFONTCACHEV1.DAT


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D5081DD-2986-472C-BCF6-0023D0A67F44}]
C:\WINDOWS\system32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79846D3-21F7-48F7-4EBE-01A8B6B53809}]
C:\Program Files\MSN\qukavopa175.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB605324-531A-4ADA-BBC2-96BC202C5B6B}]
C:\WINDOWS\system32\mljgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"="C:\WINDOWS\system32\hggeffg.dll" [2007-08-14 20:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll --a------ 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-08-14 22:08:00 C:\WINDOWS\tasks\At1.job

************************************************** ************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-18 07:01:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-18 7:02:35
C:\ComboFix-quarantined-files.txt ... 2007-08-18 07:02
C:\ComboFix2.txt ... 2007-08-18 06:29
C:\ComboFix3.txt ... 2007-08-17 01:17

--- E O F ---

1. Download the new version of combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall...

I;ll post back with the latest set of instructions either tomorrow morning or evening.

It won't let me download it (I left-single-click on it and the little version of the Save screen comes up and then I hit save and nothing happens, I also tried right-clicking and saving it, but the regular-sized Save screen didn't show up...).

I can't download Combofix and would very much like to so that I can get classicsoftware some info by Sunday morning, but the site is either down or something is wrong.

My setting are allowing me to save other things from other sites, but not from "bleepingcomputer", any ideas?


Sorry for the "unnecessary thread", but I was hoping someone could help me out before Sunday morning and posting on that HJT thread wouldn't have done very much...

ComboFix 07-08-14.4 - "Adan Dozal" 2007-08-18 23:11:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.238 [GMT -5:00]
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\brr
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\system32\b10FdUe
C:\WINDOWS\system32\bdwuosap.ini
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\F10WTR1099.0XE
C:\WINDOWS\system32\fnjxcsxn.dll
C:\WINDOWS\system32\pasouwdb.dll
C:\WINDOWS\system32\vqavtutj.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_FOPN
-------\ApiMon


((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))


2007-08-18 20:08 1,626,421 ---hs---- C:\WINDOWS\system32\jjkmp.bak2
2007-08-18 08:08 6,473 ---hs---- C:\WINDOWS\system32\jjkmp.bak1
2007-08-18 08:08 298,080 --a------ C:\WINDOWS\system32\pmkjj.dll
2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-18 11:21 --------- d-------- C:\Program Files\Trillian
2007-08-16 09:22 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-19 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-19 15:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-19 15:47 --------- d-------- C:\Program Files\Starcraft
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 18:44 --------- d-------- C:\Program Files\QuickTime
2007-07-17 18:43 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 03:10 --------- d-------- C:\Program Files\rpg2003
2007-07-14 05:06 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-06 02:15 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 17:30 --------- d-------- C:\Program Files\Common Files\Nero
2007-07-02 17:28 --------- d-------- C:\Program Files\Ahead
2007-07-02 17:27 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-28 00:08 --------- d-------- C:\Program Files\GIMP-2.0
2007-06-27 16:35 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-27 16:22 --------- d-------- C:\Program Files\Common Files\Ahead 2
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 21:06 --------- d-------- C:\Program Files\SoftWareClub.ws
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D5081DD-2986-472C-BCF6-0023D0A67F44}]
C:\WINDOWS\system32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79846D3-21F7-48F7-4EBE-01A8B6B53809}]
C:\Program Files\MSN\qukavopa175.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB605324-531A-4ADA-BBC2-96BC202C5B6B}]
C:\WINDOWS\system32\mljgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3BEF981-71D3-49C7-BCED-3DC26003B2C7}]
2007-08-18 08:08 298080 --a------ C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-05-01 09:51:49]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\system32\hggeffg.dll [2007-08-14 20:48 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjj]
C:\WINDOWS\system32\pmkjj.dll 2007-08-18 08:08 298080 C:\WINDOWS\system32\pmkjj.dll

R2 LxrJD31d;LxrJD31d;\??\C:\WINDOWS\system32\Drivers\ LxrJD31d.sys
S3 bfastfao;bfastfao;\??\C:\DOCUME~1\ADANDO~1\LOCALS~ 1\Temp\bfastfao.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-18 22:08:00 C:\WINDOWS\Tasks\At1.job - C:\Documents and Settings\Adan Dozal\Templates\WowTumpeh.com

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-18 23:19:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-18 23:21:32 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-18 23:21
C:\ComboFix2.txt ... 2007-08-18 07:02
C:\ComboFix3.txt ... 2007-08-18 06:29

--- E O F ---

Actually, I am monitoring that thread and could have given you an alternative site... It appears that you already got it downloaded, so I don't know if that is needed... Here is an alternative anyway...

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

I am merging this with your original post which was in the correct forum as well...

Keep running Vundofix until it is clean.

I don't have time for a link right now but download and install Eraser 5.8. I'll let you know how I want you to use it when I get home from work.

I downloaded it from this link:

http://www.softwarepod.com/get/?id=32874&url=http://files1.softwarepod.com/31390/eraser58setup.exe

VundoFix V6.5.7

Checking Java version...

Scan started at 9:33:06 AM 8/19/2007

Listing files found while scanning....

C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\pmkjj.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.bak2
C:\WINDOWS\system32\jjkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Install Eraser and login to your PC with a different user account.

Set the Program up to erase
C:\Temp
C:\Documents and Settings\User Name\Local Settings\Temp
C:\Documents and Settings\User Name\Local Settings\Temporary Internet Files

Where user name is the user name of the main account.

This can take a while as it will overwrite the files 35 times.

Please post back with the name of any that eraser cannot delete....

Post back with a Fresh Combofix log form the new download site, a new Vundo log, and new Hijackthis log and how the system is running.

C:\temp\debug.txt (only file in there) wasn't "erased".

When I did this it didn't take very long at all though (literally less or around 1 second...)... Did I screw up?

I got a window that popped-up when I decided to "Run all" of those directories you told me to erase in Eraser and it said the following:

Information:
Statistics:

Erased area = 0 bytes

Cluster tips = 0 bytes



Data written = 0 bytes

Write time = 0.00 s

Failures:
Failed: C:\temp\debug.txt (Access is denied.)


Temp (Local Settings temp, not the C:\temp) has a couple of files left in there and the Temporary Internet Files folder is gone (should be back now that I am here talking to you and everything...*checks* It is still gone...o_O?)

ComboFix 07-08-14.4 - "Adan Dozal" 2007-08-20 9:46:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.201 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2007-07-20 to 2007-08-20 )))))))))))))))))))))))))))))))


2007-08-20 09:31 <DIR> d-------- C:\DOCUME~1\SLIFER~1\APPLIC~1\Real
2007-08-20 09:30 524,288 --ah----- C:\DOCUME~1\SLIFER~1\NTUSER.DAT
2007-08-20 08:17 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-20 08:16 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-20 07:11 6,473 ---hs---- C:\WINDOWS\system32\ddeeg.bak1
2007-08-20 07:11 298,080 --a------ C:\WINDOWS\system32\geedd.dll
2007-08-20 07:04 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2007-08-20 07:04 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2007-08-20 07:04 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2007-08-20 07:04 <DIR> d-------- C:\Program Files\Eraser
2007-08-19 09:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-19 15:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-08-19 15:01 --------- d-------- C:\Program Files\Trillian
2007-07-19 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-19 15:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-19 15:47 --------- d-------- C:\Program Files\Starcraft
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 18:44 --------- d-------- C:\Program Files\QuickTime
2007-07-17 18:43 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 03:10 --------- d-------- C:\Program Files\rpg2003
2007-07-14 05:06 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-06 02:15 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 17:30 --------- d-------- C:\Program Files\Common Files\Nero
2007-07-02 17:28 --------- d-------- C:\Program Files\Ahead
2007-07-02 17:27 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-28 00:08 --------- d-------- C:\Program Files\GIMP-2.0
2007-06-27 16:35 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-27 16:22 --------- d-------- C:\Program Files\Common Files\Ahead 2
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 21:06 --------- d-------- C:\Program Files\SoftWareClub.ws
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D5081DD-2986-472C-BCF6-0023D0A67F44}]
C:\WINDOWS\system32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14A5F193-2AB8-4F85-AB3A-787218168195}]
2007-08-20 07:11 298080 --a------ C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B69EE0D-C838-4BE1-81FF-B20E792E34BF}]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63401EA8-1905-4EE8-9D6D-4A51A3DF17E6}]
C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8449E00B-A8E5-429C-883F-3904590D9178}]
2007-08-20 07:11 298080 --a------ C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79846D3-21F7-48F7-4EBE-01A8B6B53809}]
C:\Program Files\MSN\qukavopa175.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB605324-531A-4ADA-BBC2-96BC202C5B6B}]
C:\WINDOWS\system32\mljgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B75ECC84-287D-4333-957F-2BC479652807}]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD248485-7C07-4A76-BF2D-1BACCFA4CD34}]
2007-08-20 07:11 298080 --a------ C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:23]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-04-09 04:19]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-05-01 09:51:49]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\system32\hggeffg.dll [2007-08-14 20:48 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\geedd]
C:\WINDOWS\system32\geedd.dll 2007-08-20 07:11 298080 C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

R2 LxrJD31d;LxrJD31d;\??\C:\WINDOWS\system32\Drivers\ LxrJD31d.sys
S3 bfastfao;bfastfao;\??\C:\DOCUME~1\ADANDO~1\LOCALS~ 1\Temp\bfastfao.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-19 22:08:00 C:\WINDOWS\Tasks\At1.job - C:\Documents and Settings\Adan Dozal\Templates\WowTumpeh.com

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-20 09:50:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-20 9:52:29
C:\ComboFix-quarantined-files.txt ... 2007-08-20 09:52
C:\ComboFix2.txt ... 2007-08-18 23:21
C:\ComboFix3.txt ... 2007-08-18 07:02

--- E O F ---





VundoFix V6.5.7

Checking Java version...

Scan started at 9:53:22 AM 8/20/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\geedd.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddeeg.bak1
C:\WINDOWS\system32\ddeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddeeg.ini
C:\WINDOWS\system32\ddeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geedd.dll
C:\WINDOWS\system32\geedd.dll Has been deleted!

Performing Repairs to the registry.
Done!










Logfile of HijackThis v1.99.1
Scan saved at 9:58:27 AM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D5081DD-2986-472C-BCF6-0023D0A67F44} - C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: (no name) - {14A5F193-2AB8-4F85-AB3A-787218168195} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {5B69EE0D-C838-4BE1-81FF-B20E792E34BF} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {63401EA8-1905-4EE8-9D6D-4A51A3DF17E6} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {8449E00B-A8E5-429C-883F-3904590D9178} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: 0 - {A79846D3-21F7-48F7-4EBE-01A8B6B53809} - C:\Program Files\MSN\qukavopa175.dll (file missing)
O2 - BHO: (no name) - {AB605324-531A-4ADA-BBC2-96BC202C5B6B} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {B75ECC84-287D-4333-957F-2BC479652807} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll
O2 - BHO: (no name) - {CD248485-7C07-4A76-BF2D-1BACCFA4CD34} - C:\WINDOWS\system32\geedd.dll (file missing)
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671[/url]
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - [url]http://support.f-secure.com/ols/fscax.cab[/url]
O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hmm...I don't see the Edit button anymore...

Anyways, the system seems to be running ok, the start-ups still take 30-45 seconds, but I don't know if that is normal for my system. For some reason I get some lag when I run 2 or more windows (Firefox windows), but this only happens sometimes.

I haven't gotten any pop-ups all day today... I think I have only gotten 2 or so ZAlarm permission alerts. I noticed that mege220011.exe is still there on that Combofix log (program files\common files) I posted today, what do you think?

C:\Documents and Settings\Adan Doza
Open Hijackthis and place a check next to:
C:\WINDOWS\system32\awtsr.dll (file missing)
O2 - BHO: (no name) - {14A5F193-2AB8-4F85-AB3A-787218168195} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: (no name) - {5B69EE0D-C838-4BE1-81FF-B20E792E34BF} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: (no name) - {63401EA8-1905-4EE8-9D6D-4A51A3DF17E6} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {8449E00B-A8E5-429C-883F-3904590D9178} - C:\WINDOWS\system32\geedd.dll (file missing)
O2 - BHO: 0 - {A79846D3-21F7-48F7-4EBE-01A8B6B53809} - C:\Program Files\MSN\qukavopa175.dll (file missing)
O2 - BHO: (no name) - {AB605324-531A-4ADA-BBC2-96BC202C5B6B} - C:\WINDOWS\system32\mljgd.dll (file missing)
O2 - BHO: (no name) - {B75ECC84-287D-4333-957F-2BC479652807} - C:\WINDOWS\system32\awvvw.dll (file missing)
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll
O2 - BHO: (no name) - {CD248485-7C07-4A76-BF2D-1BACCFA4CD34} - C:\WINDOWS\system32\geedd.dll (file missing)
O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll

Close all open program and browser windows and click fix checked.

Re-boot, give me a new Vundofix, Comboxfix and HJT log.

PLEASE DO ONLY WHAT IS ASKED. I DID NOT ASK YOU TO INSTALL AVG ANTI-SPYWARE. IT MAY INHIBIT THE FIXES FROM WORKING. YOU MUST DO ONLY WHAT I ASK.

I hope you meant that I move my HJT folder with the program in there to:
C:\Documents and Settings\Adan Dozal\

because I did that to do the HJT scan.

Logfile of HijackThis v1.99.1
Scan saved at 11:12:05 PM, on 8/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Adan Dozal\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BTW:

O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll

and

O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll

came back on their own (Eraser time for SYSTEM32?)...

ComboFix 07-08-14.4 - "Adan Dozal" 2007-08-20 22:46:28.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.176 [GMT -5:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dccdd.bak1
C:\WINDOWS\system32\dccdd.ini
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\enyhaaem.ini
C:\WINDOWS\system32\hhxtfpcq.exe
C:\WINDOWS\system32\ihjmsbga.dll
C:\WINDOWS\system32\meaahyne.dll


((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


2007-08-20 09:31 <DIR> d-------- C:\DOCUME~1\SLIFER~1\APPLIC~1\Real
2007-08-20 09:30 524,288 --ah----- C:\DOCUME~1\SLIFER~1\NTUSER.DAT
2007-08-20 08:17 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-20 08:16 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-20 07:04 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2007-08-20 07:04 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2007-08-20 07:04 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2007-08-20 07:04 <DIR> d-------- C:\Program Files\Eraser
2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-20 21:09 --------- d-------- C:\Program Files\Trillian
2007-08-19 15:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-19 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-19 15:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-19 15:47 --------- d-------- C:\Program Files\Starcraft
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 18:44 --------- d-------- C:\Program Files\QuickTime
2007-07-17 18:43 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 03:10 --------- d-------- C:\Program Files\rpg2003
2007-07-14 05:06 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-06 02:15 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 17:30 --------- d-------- C:\Program Files\Common Files\Nero
2007-07-02 17:28 --------- d-------- C:\Program Files\Ahead
2007-07-02 17:27 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-28 00:08 --------- d-------- C:\Program Files\GIMP-2.0
2007-06-27 16:35 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-27 16:22 --------- d-------- C:\Program Files\Common Files\Ahead 2
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 21:06 --------- d-------- C:\Program Files\SoftWareClub.ws
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D5081DD-2986-472C-BCF6-0023D0A67F44}]
C:\WINDOWS\system32\awtsr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14A5F193-2AB8-4F85-AB3A-787218168195}]
C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5B69EE0D-C838-4BE1-81FF-B20E792E34BF}]
C:\WINDOWS\system32\ddcyw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63401EA8-1905-4EE8-9D6D-4A51A3DF17E6}]
C:\WINDOWS\system32\pmkjj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8449E00B-A8E5-429C-883F-3904590D9178}]
C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A79846D3-21F7-48F7-4EBE-01A8B6B53809}]
C:\Program Files\MSN\qukavopa175.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB605324-531A-4ADA-BBC2-96BC202C5B6B}]
C:\WINDOWS\system32\mljgd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B75ECC84-287D-4333-957F-2BC479652807}]
C:\WINDOWS\system32\awvvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD248485-7C07-4A76-BF2D-1BACCFA4CD34}]
C:\WINDOWS\system32\geedd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-04-09 04:19]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-05-01 09:51:49]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\system32\hggeffg.dll [2007-08-14 20:48 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

R2 LxrJD31d;LxrJD31d;\??\C:\WINDOWS\system32\Drivers\ LxrJD31d.sys
S3 bfastfao;bfastfao;\??\C:\DOCUME~1\ADANDO~1\LOCALS~ 1\Temp\bfastfao.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-20 22:08:00 C:\WINDOWS\Tasks\At1.job - C:\Documents and Settings\Adan Dozal\Templates\WowTumpeh.com

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-20 22:53:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [1048] 0x82CBDDA0


scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-20 22:56:56 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-20 22:56
C:\ComboFix2.txt ... 2007-08-20 09:52
C:\ComboFix3.txt ... 2007-08-18 23:21

--- E O F ---

VundoFix V6.5.7

Checking Java version...

Scan started at 10:58:00 PM 8/20/2007

Listing files found while scanning....

C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\ddabb.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bbadd.bak1
C:\WINDOWS\system32\bbadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbadd.ini
C:\WINDOWS\system32\bbadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddabb.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\ddabb.dll Has been deleted!

Performing Repairs to the registry.
Done!

That's not what I meant.

I meant to ask if you set it to delete:

C:\Documents and Settings\Adan Dozal\Local Settings\Temp
and
C:\Documents and Settings\Adan Dozal\Local Settings\Temporary Internet Files.

Let's boot into safe mode and run the fixes again to see if we can eradicate this.

I found no TIFiles in that location (even checked for hidden files in there, nothing). That User Name seems to be the main one where I keep everything, but yet the hidden file in Docs & Settings "Default User" is the one that has the TempIntFiles folder

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 (then there are four folders in Content.IE5 that have nothing in them and there is no Temp folder in "Default User\Local Settings")

There is another TempIntFiles and Temp folder in:

C:\WINDOWS\system32\config\systemprofile\Local Settings (both are about as empty as the ones I found in "Adan Dozal\Local Settings" and "Default User\Local Settings" and I didn't delete any of those because you didn't say anything to that effect"

2 questions: Will I still need AVG after this mess is sorted out (the trial period expired on me, so I only use it to scan for viruses...)? Is there any way for me to get rid of that Megaupload Toolbar that I have in my View>Toolbars section (it is supposed to be deactivated, but still lingers and I think I could use it and its buttons and all if inclined (that is why they leave it there...), but I won't and want it gone from there)?



VundoFix V6.5.7

Checking Java version...

Scan started at 9:21:18 AM 8/21/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Logfile of HijackThis v1.99.1
Scan saved at 9:20:18 AM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ComboFix 07-08-14.4 - "Adan Dozal" 2007-08-21 9:25:56.5 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.352 [GMT -5:00]


((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


2007-08-21 09:01 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-20 09:31 <DIR> d-------- C:\DOCUME~1\SLIFER~1\APPLIC~1\Real
2007-08-20 09:30 524,288 --ah----- C:\DOCUME~1\SLIFER~1\NTUSER.DAT
2007-08-20 08:17 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-20 08:16 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-20 07:04 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2007-08-20 07:04 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2007-08-20 07:04 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2007-08-20 07:04 <DIR> d-------- C:\Program Files\Eraser
2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-20 21:09 --------- d-------- C:\Program Files\Trillian
2007-08-19 15:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-19 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-19 15:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-19 15:47 --------- d-------- C:\Program Files\Starcraft
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 18:44 --------- d-------- C:\Program Files\QuickTime
2007-07-17 18:43 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 03:10 --------- d-------- C:\Program Files\rpg2003
2007-07-14 05:06 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-06 02:15 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 17:30 --------- d-------- C:\Program Files\Common Files\Nero
2007-07-02 17:28 --------- d-------- C:\Program Files\Ahead
2007-07-02 17:27 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-28 00:08 --------- d-------- C:\Program Files\GIMP-2.0
2007-06-27 16:35 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-27 16:22 --------- d-------- C:\Program Files\Common Files\Ahead 2
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 21:06 --------- d-------- C:\Program Files\SoftWareClub.ws
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-04-09 04:19]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-05-01 09:51:49]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\system32\hggeffg.dll [2007-08-14 20:48 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

S2 LxrJD31d;LxrJD31d;\??\C:\WINDOWS\system32\Drivers\ LxrJD31d.sys
S3 bfastfao;bfastfao;\??\C:\DOCUME~1\ADANDO~1\LOCALS~ 1\Temp\bfastfao.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-20 22:08:00 C:\WINDOWS\Tasks\At1.job - C:\Documents and Settings\Adan Dozal\Templates\WowTumpeh.com

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-21 09:29:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-21 9:31:49
C:\ComboFix-quarantined-files.txt ... 2007-08-21 09:31
C:\ComboFix2.txt ... 2007-08-21 09:17
C:\ComboFix3.txt ... 2007-08-20 22:56

--- E O F ---



All of these were taken in Safe Mode, btw.

In safe mode remove:

O2 - BHO: (no name) - {C84D8A0A-E708-42B6-90CA-9C30956A87C6} - C:\WINDOWS\system32\hggeffg.dll

O20 - Winlogon Notify: hggeffg - C:\WINDOWS\SYSTEM32\hggeffg.dll


With HJT.

Re-boot and give me the three logs again in normal mode.....

brb then...

Logfile of HijackThis v1.99.1
Scan saved at 1:25:29 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

This HJT was taken during the SafeMode. Those two were gone, but upon going to the System32 folder and looking for hggeffg.dll what do I find...hggeffg.dll

Logfile of HijackThis v1.99.1
Scan saved at 1:28:12 PM, on 8/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDTray] C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157244863671
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

brb, with the other two.

ComboFix 07-08-14.4 - "Adan Dozal" 2007-08-21 13:33:51.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.264 [GMT -5:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\rrqss.bak1
C:\WINDOWS\system32\rrqss.ini
C:\WINDOWS\system32\ssqrr.dll


((((((((((((((((((((((((( Files Created from 2007-07-21 to 2007-08-21 )))))))))))))))))))))))))))))))


2007-08-21 09:01 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-20 09:31 <DIR> d-------- C:\DOCUME~1\SLIFER~1\APPLIC~1\Real
2007-08-20 09:30 524,288 --ah----- C:\DOCUME~1\SLIFER~1\NTUSER.DAT
2007-08-20 08:17 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-20 08:16 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-20 07:04 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2007-08-20 07:04 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2007-08-20 07:04 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2007-08-20 07:04 <DIR> d-------- C:\Program Files\Eraser
2007-08-17 00:43 <DIR> d-------- C:\VundoFix Backups
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-08-14 20:48 43,542 --a------ C:\WINDOWS\system32\hggeffg.dll
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\temp9
2007-08-14 20:48 <DIR> d-------- C:\WINDOWS\system32\checkdll
2007-08-07 15:30 163,840 --a------ C:\Program Files\Common Files\mege22011.exe
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-21 11:30 --------- d-------- C:\Program Files\Trillian
2007-08-19 15:11 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-19 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-19 15:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-19 15:47 --------- d-------- C:\Program Files\Starcraft
2007-07-19 01:59 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2007-07-17 18:44 --------- d-------- C:\Program Files\QuickTime
2007-07-17 18:43 --------- d-------- C:\Program Files\Apple Software Update
2007-07-15 03:10 --------- d-------- C:\Program Files\rpg2003
2007-07-14 05:06 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-12 18:31 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-07-06 02:15 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 17:30 --------- d-------- C:\Program Files\Common Files\Nero
2007-07-02 17:28 --------- d-------- C:\Program Files\Ahead
2007-07-02 17:27 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-28 00:08 --------- d-------- C:\Program Files\GIMP-2.0
2007-06-27 16:35 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-27 16:22 --------- d-------- C:\Program Files\Common Files\Ahead 2
2007-06-27 09:34 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
2007-06-27 09:34 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
2007-06-27 09:34 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-06-27 09:34 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-06-27 09:34 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-06-27 09:34 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-06-27 09:34 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2007-06-27 09:34 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-06-27 09:34 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-06-27 09:34 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-06-27 09:34 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-06-27 09:34 232960 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2007-06-27 09:34 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-06-27 09:34 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
2007-06-27 09:34 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-06-27 09:34 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2007-06-27 09:34 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2007-06-27 09:34 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2007-06-27 09:34 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2007-06-27 09:34 102400 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2007-06-27 03:27 63488 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-06-27 03:27 625152 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2007-06-27 03:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-06-27 02:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-26 01:08 1104896 -----c--- C:\WINDOWS\system32\dllcache\msxml3.dll
2007-06-25 21:06 --------- d-------- C:\Program Files\SoftWareClub.ws
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 08:31 282112 -----c--- C:\WINDOWS\system32\dllcache\gdi32.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-06-13 05:23 1033216 -----c--- C:\WINDOWS\system32\dllcache\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
2007-08-14 20:48 43542 --a------ C:\WINDOWS\system32\hggeffg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-04-09 04:19]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-05-01 09:51:49]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= C:\Program Files\MSN\rtesekijo.html
FriendlyName=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{C84D8A0A-E708-42B6-90CA-9C30956A87C6}"= C:\WINDOWS\system32\hggeffg.dll [2007-08-14 20:48 43542]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]
hggeffg.dll 2007-08-14 20:48 43542 C:\WINDOWS\system32\hggeffg.dll

R2 LxrJD31d;LxrJD31d;\??\C:\WINDOWS\system32\Drivers\ LxrJD31d.sys
S3 bfastfao;bfastfao;\??\C:\DOCUME~1\ADANDO~1\LOCALS~ 1\Temp\bfastfao.sys
S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service;C:\WINDOWS\system32\DRIVERS\rt25usbap.sys


Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-20 22:08:00 C:\WINDOWS\Tasks\At1.job - C:\Documents and Settings\Adan Dozal\Templates\WowTumpeh.com

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-21 13:42:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-21 13:44:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-21 13:44
C:\ComboFix2.txt ... 2007-08-21 09:31
C:\ComboFix3.txt ... 2007-08-21 09:17

--- E O F ---

VundoFix V6.5.7

Checking Java version...

Scan started at 1:52:42 PM 8/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\jkkjh.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Performing Repairs to the registry.
Done!

Your log looks clean.

Keep running the vundofix over and over and over until it comes up clean.

If it does not come up clean I will try one more tool before I ask for outside assistance. You might be close to a format and reinstall. I have never seen such a resistant infection.

Beginning removal...

VundoFix V6.5.7

Checking Java version...

Scan started at 1:52:42 PM 8/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\jkkjh.dll





Beginning removal...

Attempting to delete C:\WINDOWS\system32\hjkkj.bak1
C:\WINDOWS\system32\hjkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\hjkkj.ini
C:\WINDOWS\system32\hjkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Could not be deleted.

Performing Repairs to the registry.
Done!





Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkkjh.dll
C:\WINDOWS\system32\jkkjh.dll Has been deleted!

Performing Repairs to the registry.
Done!





VundoFix V6.5.7

Checking Java version...

Scan started at 3:16:27 PM 8/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.ini





Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkklk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\klkkj.bak1
C:\WINDOWS\system32\klkkj.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\klkkj.ini
C:\WINDOWS\system32\klkkj.ini Has been deleted!

Performing Repairs to the registry.
Done!





Beginning removal...

Attempting to delete C:\WINDOWS\system32\jkklk.dll
C:\WINDOWS\system32\jkklk.dll Has been deleted!

Performing Repairs to the registry.
Done!





VundoFix V6.5.7

Checking Java version...

Scan started at 3:25:41 PM 8/21/2007

Listing files found while scanning....

No infected files were found.





VundoFix V6.5.7

Checking Java version...

Scan started at 3:27:43 PM 8/21/2007

Listing files found while scanning....

No infected files were found.





VundoFix V6.5.7

Checking Java version...

Scan started at 3:37:30 PM 8/21/2007

Listing files found while scanning....

No infected files were found.





VundoFix V6.5.7

Checking Java version...

Scan started at 3:59:44 PM 8/21/2007

Listing files found while scanning....

No infected files were found.





VundoFix V6.5.7

Checking Java version...

Scan started at 4:08:45 PM 8/21/2007

Listing files found while scanning....

No infected files were found.





VundoFix V6.5.7

Checking Java version...

Scan started at 5:12:10 PM 8/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\uvvwa.bak1
C:\WINDOWS\system32\uvvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!





Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvvu.dll
C:\WINDOWS\system32\awvvu.dll Has been deleted!

Performing Repairs to the registry.
Done!





VundoFix V6.5.7

Checking Java version...

Scan started at 5:19:39 PM 8/21/2007

Listing files found while scanning....

No infected files were found.





VundoFix V6.5.7

Checking Java version...

Scan started at 5:50:45 PM 8/21/2007

Listing files found while scanning....

No infected files were found.





VundoFix V6.5.7

Checking Java version...

Scan started at 6:53:50 PM 8/21/2007

Listing files found while scanning....

C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\pmnlm.dll





Beginning removal...

Attempting to delete C:\WINDOWS\system32\mlnmp.bak1
C:\WINDOWS\system32\mlnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlnmp.ini
C:\WINDOWS\system32\mlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.dll Could not be deleted.

Performing Repairs to the registry.
Done!





Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnlm.dll
C:\WINDOWS\system32\pmnlm.dll Has been deleted!

Performing Repairs to the registry.
Done!

1) Let's try this (http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe).

2) Now reboot into Safe Mode.


This can be done tapping the F8 key as soon as you start your computer

You will be brought to a menu where you can choose to boot into safe mode.

Select safe mode with networking using your arrow keys on the keyboard and then press enter.

When you computer reaches the desktop make sure you log in as the same user which you had performed the previous steps,


3. Once you are logged into safe mode, double-click VirtumundoBeGone.exe file you just downloaded and follow the instructions.

4. Exit when it has finished, and reboot back to normal mode.

The WinFixer and Vundo infection should now be removed from your computer.

Post any logs from this scan and a new HJT log.

Hello GodOfObelisk. My name is sUBs. I have been asked to help disinfect your machine.


First off, let's skip VirtumundoBeGone. We wont need to run it. Then delete your existing copy of ComboFix. It's badly outdated.
You can grab the latest copy from here > http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

DO NOT run ComboFix just yet. Just save the file to your Desktop.


Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\Program Files\MSN\rtesekijo.html
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\system32\hggeffg.dll
C:\Program Files\Common Files\mege22011.exe
Folder::
C:\WINDOWS\system32\temp9
C:\WINDOWS\system32\checkdll
C:\VundoFix Backups
Driver::
bfastfao
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D8A0A-E708-42B6-90CA-9C30956A87C6}]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"=-
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=-
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggeffg]


Save this as "CFScript"


http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

This is to be done after ComboFix's log is posted.

You have a recurring Brontok infection. If you have a flash drive, that's where it probably came in from.

I need you to download this tool > http://www.techsupportforum.com/sectools/sUBs/CleanX-II.exe
Alike ComboFix, it's simple to use. You only need to double click it. A log shall be produced.

I shall be online for the next 6 hours. If you reply within this period, wait a while & I shall reply.

ComboFix 07-08-22.4 - "Adan Dozal" 2007-08-22 14:03:55.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.243 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Adan Dozal\Desktop\Proggies\AntiVirus\CFScript.txt
* Created a new restore point

FILE::
C:\Program Files\MSN\rtesekijo.html
C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\system32\hggeffg.dll
C:\Program Files\Common Files\mege22011.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\mege22011.exe
C:\VundoFix Backups
C:\VundoFix Backups\awtsr.dll.bad
C:\VundoFix Backups\awvvu.dll.bad
C:\VundoFix Backups\awvvw.dll.bad
C:\VundoFix Backups\bbadd.bak1.bad
C:\VundoFix Backups\bbadd.ini.bad
C:\VundoFix Backups\bjumuyhj.dll.bad
C:\VundoFix Backups\ddabb.dll.bad
C:\VundoFix Backups\ddcyw.dll.bad
C:\VundoFix Backups\ddeeg.bak1.bad
C:\VundoFix Backups\ddeeg.ini.bad
C:\VundoFix Backups\dgjlm.bak1.bad
C:\VundoFix Backups\dgjlm.ini.bad
C:\VundoFix Backups\geedd.dll.bad
C:\VundoFix Backups\hjkkj.bak1.bad
C:\VundoFix Backups\hjkkj.ini.bad
C:\VundoFix Backups\jhyumujb.ini.bad
C:\VundoFix Backups\jjkmp.bak1.bad
C:\VundoFix Backups\jjkmp.bak2.bad
C:\VundoFix Backups\jjkmp.ini.bad
C:\VundoFix Backups\jkkihfc.dll.bad
C:\VundoFix Backups\jkkjh.dll.bad
C:\VundoFix Backups\jkklk.dll.bad
C:\VundoFix Backups\kdiwgjrm.exe.bad
C:\VundoFix Backups\klkkj.bak1.bad
C:\VundoFix Backups\klkkj.ini.bad
C:\VundoFix Backups\kremsvne.dll.bad
C:\VundoFix Backups\mljgd.dll.bad
C:\VundoFix Backups\mlnmp.bak1.bad
C:\VundoFix Backups\mlnmp.ini.bad
C:\VundoFix Backups\moukopep.ini.bad
C:\VundoFix Backups\ncqahven.exe.bad
C:\VundoFix Backups\nxjwoijy.ini.bad
C:\VundoFix Backups\ooccebbp.dll.bad
C:\VundoFix Backups\pepokuom.dll.bad
C:\VundoFix Backups\pmkjj.dll.bad
C:\VundoFix Backups\pmnlm.dll.bad
C:\VundoFix Backups\rmexmeuf.exe.bad
C:\VundoFix Backups\rstwa.bak1.bad
C:\VundoFix Backups\rstwa.ini.bad
C:\VundoFix Backups\ttstv.bak1.bad
C:\VundoFix Backups\ttstv.bak2.bad
C:\VundoFix Backups\ttstv.ini.bad
C:\VundoFix Backups\uvvwa.bak1.bad
C:\VundoFix Backups\uvvwa.ini.bad
C:\VundoFix Backups\vtstt.dll.bad
C:\VundoFix Backups\wvvwa.bak1.bad
C:\VundoFix Backups\wvvwa.ini.bad
C:\VundoFix Backups\wycdd.bak1.bad
C:\VundoFix Backups\wycdd.bak2.bad
C:\VundoFix Backups\wycdd.ini.bad
C:\VundoFix Backups\yjiowjxn.dll.bad
C:\WINDOWS\system32\ayadd.bak1
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\bcbeg.bak1
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\checkdll
C:\WINDOWS\system32\checkdll\D77012.0XE
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\hggeffg.dll
C:\WINDOWS\system32\temp9
C:\WINDOWS\Tasks\At1.job


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_BFASTFAO
-------\bfastfao


((((((((((((((((((((((((( Files Created from 2007-07-22 to 2007-08-22 )))))))))))))))))))))))))))))))


2007-08-21 09:01 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-20 09:31 <DIR> d-------- C:\DOCUME~1\SLIFER~1\APPLIC~1\Real
2007-08-20 09:30 524,288 --ah----- C:\DOCUME~1\SLIFER~1\NTUSER.DAT
2007-08-20 08:17 <DIR> d-------- C:\DOCUME~1\Guest\APPLIC~1\Real
2007-08-20 08:16 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-20 07:04 610,304 --a------ C:\WINDOWS\system32\eraser.dll
2007-08-20 07:04 282,624 --a------ C:\WINDOWS\system32\erasext.dll
2007-08-20 07:04 233,472 --a------ C:\WINDOWS\system32\eraserl.exe
2007-08-20 07:04 <DIR> d-------- C:\Program Files\Eraser
2007-08-15 23:17 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-15 21:59 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-07-30 13:48 122 --a------ C:\WINDOWS\system32\noruns.reg
2007-07-28 19:14 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2007-07-26 17:18 2,829 --a------ C:\WINDOWS\War3Unin.pif
2007-07-26 17:18 17,925 --a------ C:\WINDOWS\War3Unin.dat
2007-07-26 17:18 126,976 --a------ C:\WINDOWS\War3Unin.exe
2007-07-26 17:15 <DIR> d-------- C:\Program Files\Warcraft III


(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))

2007-08-21 22:47 --------- d-------- C:\Program Files\Trillian
2007-08-21 14:35 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-07-19 15:47 967 --a------ C:\WINDOWS\ScUnin.pif
2007-07-19 15:47 94208 --a------ C:\WINDOWS\ScUnin.exe
2007-07-19 15:47 --------- d-------- C:\Program Files\Starcraft
2007-07-17 18:44 --------- d-------- C:\Program Files\QuickTime
2007-07-17 18:44 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-17 18:43 --------- d-------- C:\Program Files\Apple Software Update
2007-07-17 18:43 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-15 03:10 --------- d-------- C:\Program Files\rpg2003
2007-07-14 05:06 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-14 05:06 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\Creative
2007-07-06 02:15 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-06 02:15 --------- d-------- C:\DOCUME~1\ADANDO~1\APPLIC~1\dvdcss
2007-07-02 17:30 --------- d-------- C:\Program Files\Common Files\Nero
2007-07-02 17:28 --------- d-------- C:\Program Files\Ahead
2007-07-02 17:27 --------- d-------- C:\Program Files\Common Files\Ahead
2007-06-28 00:08 --------- d-------- C:\Program Files\GIMP-2.0
2007-06-27 16:35 --------- d-------- C:\Program Files\Common Files\LightScribe
2007-06-27 16:22 --------- d-------- C:\Program Files\Common Files\Ahead 2
2007-06-26 01:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-25 21:06 --------- d-------- C:\Program Files\SoftWareClub.ws
2007-06-19 08:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-17 00:11 51200 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1CDCDEA4-4F0B-4FFC-9297-47942CB949C6}]
C:\WINDOWS\system32\jkklk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5BD7B7F6-4FA3-4439-9A27-CF98DF731AC0}]
C:\WINDOWS\system32\pmnlm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E19775C-4BA6-4B70-9424-D62D6588BF31}]
C:\WINDOWS\system32\vtstt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BB442C-9938-4804-BCCD-4774E5FBC05A}]
C:\WINDOWS\system32\awvvu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB0250EB-63A4-4A3B-8CA2-539BDE448A2A}]
C:\WINDOWS\system32\jkkjh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 16:24]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 05:32]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-12-12 15:19]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" []
"HP Software Update"="C:\Documents and Settings\Adan Dozal\My Documents\Multimedia\Music\kid\HP Software Update\HPWuSchd2.exe" []
"DVDTray"="C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe" [2004-09-03 03:58]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 13:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"Eraser"="C:\Program Files\Eraser\eraser.exe" [2006-04-09 04:19]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"Tok-Cirrhatus"="C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\smss.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableCMD"=0 (0x0)



Contents of the 'Scheduled Tasks' folder
2007-08-09 22:45:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

************************************************** ************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-08-22 14:11:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************

Completion time: 2007-08-22 14:12:41 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-22 14:12
C:\ComboFix2.txt ... 2007-08-21 22:07
C:\ComboFix3.txt ... 2007-08-21 13:44

--- E O F ---

################################################## #####################

Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs

################################################## #####################

Current date: Wed 08/22/2007 Current time: 14:14:31.03

=== PRE RUN ANALYSIS ===================================

......................................

C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\ListHost10.txt
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Bron.tok-10-15

...............

C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Bron.tok-10-15
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Akira@zaku-mainframe.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\alex@neuber.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Alexsandra@usa.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\allmard@cableone.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Allykatavr@aol.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\alortie@ultranet.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\andrewja@home.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\ashton.anchors@mdcplus.com. ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\azura_stardust@hotmail.com. ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\b@cme.gif.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Bc65040@navix.con.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Bc65040@navix.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Bobjkr@aol.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\bradata@mail.bg.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\BristalC@aol.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\brunot@dva.lv.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\buehler@stargate.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\c.conliffe@liberty-it.co.uk.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\chirlind@mailcity.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\chris@barking-dog.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\cidolfas@rpgclassics.com.in i
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\cking@pandora.be.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\claude111@aol.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\cliffe@counter-strike.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\cooldude123589@aol.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\copykat@eskils.org.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\coyote@eudoramail.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\crescentsaber@hotmail.com.i ni
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\criminalcatterpillar@hotmai l.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\crinity@email.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\croupier@terra.com.br.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\david2001@infonegocio.com.i ni
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dci@wizards.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\deasdale@hotmail.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\deathlazer@hotbot.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Devious923@aol.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\digichaos@hotsheep.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\diogo.mc@sapo.pt.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\DMike@nmtrix.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\doc.khan@sympatico.ca.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\donations@kaizoku-fansubs.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\doni77@telering.at.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@2o7.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@7search.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@adrevolver.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ads.addynamix.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ads.pointroll.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ads.revsci.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@adserve.webtoolcafe.c om.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@advertising.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@apmebf.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@as-eu.falkag.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@as-us.falkag.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@as1.falkag.de.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@atdmt.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@bfast.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@bluestreak.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@bravenet.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@bs.serving-sys.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@casalemedia.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@counter.hitslink.com. ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@cs.sexcounter.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@devart.adbureau.net.i ni

C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfk4cnczkeo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfk4kmazabo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfk4qoazgko.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfk4smajeeq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfk4uoc5cbp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfkiemd5ckq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfkosjczcdp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfkoslcjofp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfkouhczalo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfl4kjcpmbo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfl4kpczmgp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfl4qmajifq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfl4wmcjcdo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wflicjd5aeo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wflicjd5edp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfliujdpklo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wflocndjclq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wflookcpigo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wflougazkho.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wflyooc5odp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfmismdpsep.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wfmiwpdpwap.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgk4gnazmlq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgk4qgc5cfo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgkisgajago.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgkiwmdzcgo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgkokmajecq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgkoolc5ieo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgkyklcjiho.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgl4agd5kkq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wglyqjdjedo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wgmyohdpebo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6whkokhajmkq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6whkoqjdjkho.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6whkouiazggo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6whkycjcjwlp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4aicjmkq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4aidzoap.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4cgdzobo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4cmcpkap.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4eodpkap.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4ghcjako.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4sidzgfq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4snajodo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjk4wmcpwlp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkogodzkgp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkoomdpocp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkosnczcep.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkycgd5ogo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkycldjeeo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkykpd5iaq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkyondzidp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjkysgdpadp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjl4ancpsap.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjl4gjazoco.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjl4klczwfp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjlikndjmho.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjlioiajodo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjliqoczgeq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjliuhd5maq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjlocjazwep.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjlooiazcao.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjlosgcpckp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjloukd5sap.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjlywmcpwdq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjmiklc5ahq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjmisgdzckp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjmiugcjsep.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjny-1gdzge.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjny-1nd5ig.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjny-1oajah.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnycicpkho.stats.esomniture.com.ini

C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnycidzkao.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnygmdpmep.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnygnajaaq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnygpd5klp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnyoicjcko.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnyoid5klo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnyojajogq.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnyokajwlp.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnyopajkdo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@e-2dj6wjnysodzsfo.stats.esomniture.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@edge.ru4.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@edge.ru4.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-adidasus.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-boltmedia.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-etoys.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-inforspaceinc.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-metagame.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-pokemonusa.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-tigerdirect2.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-upperdeck.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg-vcommercecorporation.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@ehg.hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@findwhat.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@heavycom.122.2o7.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@heavycom.122.2o7.net. ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@hitbox.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@hotlog.ru.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@linksynergy.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@list.ru.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@maxserving.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@media.adrevolver.com. ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@mediaplex.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@meetupcom.122.2o7.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@meetupcom.122.2o7.net .ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@msnportal.112.2o7.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@msnportal.112.2o7.net .ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@netster.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@overstock.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@partygaming.122.2o7.i ni
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@partygaming.122.2o7.n et.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@paypal.112.2o7.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@paypal.112.2o7.net.in i
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@qksrv.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@questionmarket.com.in i
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@rambler.ru.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@real.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@realmedia.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@reunioncom.112.2o7.in i
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@reunioncom.112.2o7.ne t.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@revenue.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@revsci.net.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@rotator.adjuggler.com .ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@seeq.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@serving-sys.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@sexlist.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@sixapart.adbureau.net .ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@stat.dealtime.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@stat.onestat.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@statcounter.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@targetnet.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@tickle.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@tradedoubler.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@trafficmp.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@tribalfusion.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@tripod.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dozal@zedo.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\driscoll_787_@hotmail.com.i ni
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dstepp@u.washington.edu.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\dv@btinternet.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\DX10687@aol.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\D_Mike@soneramail.nl.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\ebay@milehighcomics.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\eda@faulhuber.at.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\edmae@mindspring.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\edo_hrzic@hotmail.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\Eike.Frost@gmx.de.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\element77@myway.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\EmperorOfChaos32@hotmail.co m.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\enberm88@hotmail.com.ini
C:\Documents and Settings\Adan Dozal\Local Settings\Application Data\Loc.Mail.Bron.Tok\ewoods@istar.ca.ini