System Security et.al.

View previous topic View next topic Go down

Solved System Security et.al.

Post by rokjok on 5th January 2009, 7:18 pm

My Dad recently was infected with system security. I suspect the problem is deepr than that after reading [You must be registered and logged in to see this link.]

He was not able to update his McAfee software, visit any security sites on the web, or install certain applications (Malewarebyte's MBAM and McAfee's MCPR.exe).

Unfortuantley I did not discover geek police until after I had attempted a fix. Otherwise I would have requested guidance earlier.

The general process I went through once I realized McAfee couldn't be updated included the following:

Used Microsoft's Online malicious software removal program. It said it found threats but could not remove them.

Uninstalled McAfee.

Found a version of AVG and dowloaded. It was out of date and could not be updated online. Dowloaded current pattern files elswhere and updated AVG via a memory stick. It fould threats. The logs are below. It found a suspicious hidden file that seemed to have usernames and passwords in it.

Attempted to install MBAM. Would not install. Renamed Install file and got it installed.

Ran quick scan and fixed. Log below.

Updated mbam. Ran full scan. Log Below.

Updadted AVG. Ran full scan. log below.

The system seems stable. Virus software can update. Security sites can be browsed.

I'd very much appreciate your guidance on additional steps and recommendations whether a full reformat is in order.

Once again, I apologize for not getting in touch sooner. I would have had I found you sooner.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 5th January 2009, 7:19 pm

Current Hijack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:19 AM, on 1/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\WinTVR3\Schedule.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinTVR3\Remote.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe
C:\Documents and Settings\Nanu\Desktop\hijackgpthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Schedule] "C:\Program Files\WinTVR3\Schedule.exe"
O4 - HKLM\..\Run: [Remote] "C:\Program Files\WinTVR3\Remote.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [You must be registered and logged in to see this link.]
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - [You must be registered and logged in to see this link.]
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 9082 bytes

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 5th January 2009, 7:20 pm

Uninstall List

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
AVG 8.0
BCM V.92 56K Modem
Bonjour
Classic PhoneTools
Coupon Printer for Windows
CouponBar
DAO
DAO
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
DVDSentry
EPSON Printer Software
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.0_03
Java 2 Runtime Environment, SE v1.4.1_02
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes' Anti-Malware
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Interactive Training
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft PowerPoint Viewer 97
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MobileMe Control Panel
Modem Helper
Mozilla Firefox (1.0.6)
MSN Music Assistant
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Nero
NeroMediaPlayer
OpenOffice.org Installer 1.0
Paint Shop Pro 7
PaperPort 7.02
PowerDVD
QuickTime
Radio@Netscape Plus
RealPlayer
Rhapsody
Rhapsody Player Engine
Rhapsody Player Engine
S801TFN
SeaMonkey (1.1)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
ShopperReports
Sound Blaster Live!
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Visioneer 8100 Scanner
Visioneer Digital Camera Utility
Visioneer MX230
WeatherBug
Windows Genuine Advantage v1.3.0254.0
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Tools 4.0
Windows XP Service Pack 3
WinTVR3
Yahoo! Toolbar

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 5th January 2009, 7:28 pm

MBAM Result 1

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 3

1/4/2009 7:26:47 PM
mbam-log-2009-01-04 (19-26-47).txt

Scan type: Quick Scan
Objects scanned: 57858
Time elapsed: 11 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 57
Registry Values Infected: 9
Registry Data Items Infected: 2
Folders Infected: 30
Files Infected: 54

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-defa-eb76b1d5fa7d} (Adware.BetterInternet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\zangosa (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\srv.coreservices.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 5th January 2009, 7:29 pm

MBAM Result 1 Continued

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nah_Shell (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.36.0 (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\TDSSarxx.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSScfmm.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSoity.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSvoql.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSmqlt.sys (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\TDSS7148.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS733c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS755f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS780e.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS7abe.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS800d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS826f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8a1f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS8e36.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS852e.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\0001D329.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\0001D4C0.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\0001EC9D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Reset Cursor.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Customer Support Center.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Games!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Library.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Screensavers!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Zango\Zango Videos!.lnk (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf_update.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\nah_mufs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSkkai.log (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSlxcp.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSxhyf.log (Trojan.TDSS) -> Delete on reboot.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 5th January 2009, 7:30 pm

MBAM result 2

Database version: 1616
Windows 5.1.2600 Service Pack 3

1/4/2009 10:42:27 PM
mbam-log-2009-01-04 (22-42-27).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 124251
Time elapsed: 1 hour(s), 53 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Nanu\Local Settings\Temp\TDSS3a8e.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nanu\Local Settings\Temp\TDSS38d9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS6e2b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS7c25.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 5th January 2009, 7:33 pm

AVG Results:

Scan "Scan
whole computer" was finished.
Infections found:;"7"
Infected objects removed or
healed:;"10"
Not removed or healed:;"0"
Spyware found:;"0"
Spyware removed:;"0"
Not removed:;"0"
Warnings count:;"26"
Information count:;"0"
Scan started:;"Sunday, January 04,
2009, 7:41:08 AM"
Scan finished:;"Sunday, January 04,
2009, 9:25:15 AM (1 hour(s) 44 minute(s) 7 second(s))"
Total object scanned:;"574628"
User who launched the
scan:;"Nanu"

Infections
File;"Infection";"Result"
C:\WINDOWS\system32\drivers\svchost.exe;"Trojan
horse Crypt.AVC";"Moved to Virus Vault"
C:\WINDOWS\system32\drivers\svchost.exe;"Trojan
horse Crypt.AVC";"Infected"
C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe;"Trojan
horse Crypt.AVC";"Moved to Virus Vault"
C:\WINDOWS\system32\drivers\svchost.exe
(176);"Trojan horse Crypt.AVC";""
HKU\S-1-5-21-1014466279-4112409482-4105431951-1006\Software\Microsoft\Windows\CurrentVersion\Run\\SVCHOST.EXE;"Found
registry key with reference to infected file
C:\WINDOWS\system32\drivers\svchost.exe";"Moved to Virus
Vault"

Rootkits
File;"Infection";"Result"
c:\Documents and Settings\Nanu\Local
Settings\Temp\TDSS38d9.tmp;"Hidden file";"Potentially
dangerous object"
c:\Documents and Settings\Nanu\Local
Settings\Temp\TDSS3a8e.tmp;"Hidden file";"Potentially
dangerous object"
c:\Documents and
Settings\Nanu\nah_log.dat;"Hidden file";"Potentially dangerous
object"
c:\Documents and
Settings\Nanu\nah_mufs.exe;"Hidden file";"Potentially
dangerous object"
c:\Documents and
Settings\Nanu\nah_temp1.exe;"Hidden file";"Potentially
dangerous object"
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSmqlt.sys;"Hidden
driver";"Deleted"
c:\WINDOWS\SYSTEM32\DRIVERS\TDSSmqlt.sys;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSSarxx.dll;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSScfmm.dll;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSSkkai.log;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSSlxcp.dll;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSSmtve.dat;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSSoity.dll;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSSvoql.dll;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\SYSTEM32\TDSSxhyf.log;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS6e2b.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS7148.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS733c.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS755f.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS780e.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS7abe.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS7c25.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS800d.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS826f.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS852e.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS8a1f.tmp;"Hidden
file";"Potentially dangerous object"
c:\WINDOWS\Temp\TDSS8e36.tmp;"Hidden
file";"Potentially dangerous object"



I've left off a buch of tracking cookies.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 5th January 2009, 7:54 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.0_03
    Java 2 Runtime Environment, SE v1.4.1_02
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste the report back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 6th January 2009, 3:56 am

Thanks for the quick reply.

Here is the DDS log.

Also when unistalling Java 2 Runtime Environment, SE v1.4.0_03, I received the error depicted below:


The app then was removed from the Installed Programs list.


DDS (Version 1.1.0) - NTFSx86
Run by Nanu at 21:31:11.57 on Mon 01/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.299 [GMT -6:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\\WINDOWS\\system32\\svchost -k DcomLaunch
svchost.exe
C:\\WINDOWS\\System32\\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe
C:\\WINDOWS\\System32\\Ati2evxx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgwdsvc.exe
C:\\Program Files\\Bonjour\\mDNSResponder.exe
C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe
C:\\WINDOWS\\system32\\cisvc.exe
C:\\WINDOWS\\System32\\CTsvcCDA.exe
C:\\Program Files\\Common Files\\EPSON\\EBAPI\\SAgent2.exe
C:\\Program Files\\WinTVR3\\Schedule.exe
C:\\Program Files\\Dell Support Center\\bin\\sprtsvc.exe
C:\\WINDOWS\\System32\\svchost.exe -k imgsvc
C:\\WINDOWS\\System32\\MsPMSPSv.exe
C:\\WINDOWS\\system32\\svchost.exe -k netsvcs
C:\\Program Files\\WinTVR3\\Remote.exe
C:\\WINDOWS\\system32\\fxssvc.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\WINDOWS\\System32\\DSentry.exe
C:\\WINDOWS\\BCMSMMSG.exe
C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgam.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgtray.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgrsx.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgnsx.exe
C:\\WINDOWS\\system32\\ctfmon.exe
C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mim.exe
C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\MMDiag.exe
C:\\PROGRA~1\\AVG\\AVG8\\avgemc.exe
C:\\Program Files\\DellSupport\\DSAgnt.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\cidaemon.exe
C:\\WINDOWS\\system32\\msiexec.exe
C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe
C:\\Documents and Settings\\Nanu\\Desktop\\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Page = [You must be registered and logged in to see this link.]
uDefault_Page_URL = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
mSearchAssistant = [You must be registered and logged in to see this link.]
mWinlogon: SFCDisable=-99 (0xffffff9d)
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\\program files\\common files\\adobe\\acrobat\\activex\\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\\program files\\real\\realplayer\\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\\program files\\avg\\avg8\\avgssie.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\\program files\\yahoo!\\companion\\installs\\cpn\\yt.dll
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {44226DFF-747E-4EDC-B30C-78752E50CD0C} - No File
uRun: [ctfmon.exe] c:\\windows\\system32\\ctfmon.exe
uRun: [Weather] c:\\program files\\aws\\weatherbug\\Weather.exe 1
uRun: [DW4] "c:\\program files\\the weather channel fw\\desktop weather\\DesktopWeather.exe"
uRun: [DellSupport] "c:\\program files\\dellsupport\\DSAgnt.exe" /startup
mRun: [UpdReg] c:\\windows\\UpdReg.EXE
mRun: [TkBellExe] "c:\\program files\\common files\\real\\update_ob\\realsched.exe" -osboot
mRun: [Schedule] "c:\\program files\\wintvr3\\Schedule.exe"
mRun: [Remote] "c:\\program files\\wintvr3\\Remote.exe"
mRun: [QuickTime Task] "c:\\program files\\quicktime\\qttask.exe" -atboottime
mRun: [OneTouch Monitor] c:\\progra~1\\vision~1\\ONETOU~2.EXE
mRun: [NeroCheck] c:\\windows\\system32\\NeroCheck.exe
mRun: [MimBoot] c:\\progra~1\\musicm~1\\musicm~1\\mimboot.exe
mRun: [iTunesHelper] "c:\\program files\\itunes\\iTunesHelper.exe"
mRun: [DVDSentry] c:\\windows\\system32\\DSentry.exe
mRun: [dscactivate] "c:\\program files\\dell support center\\gs_agent\\custom\\dsca.exe"
mRun: [diagent] "c:\\program files\\creative\\sblive\\diagnostics\\diagent.exe" startup
mRun: [DellSupportCenter] "c:\\program files\\dell support center\\bin\\sprtcmd.exe" /P DellSupportCenter
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [AVG8_TRAY] c:\\progra~1\\avg\\avg8\\avgtray.exe
mRun: [ATIPTA] c:\\program files\\ati technologies\\ati control panel\\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AppleSyncNotifier] c:\\program files\\common files\\apple\\mobile device support\\bin\\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\\program files\\adobe\\reader 8.0\\reader\\Reader_sl.exe"
mPolicies-explorer: =
IE: &Search
IE: E&xport to Microsoft Excel - c:\\progra~1\\micros~2\\office10\\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\\Network Diagnostic\\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\\program files\\messenger\\msmsgs.exe
Trusted Zone: hitbox.com\\ehg-churchilldownsinc
Trusted Zone: musicmatch.com\\online
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\\program files\\common files\\microsoft shared\\web folders\\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\\program files\\avg\\avg8\\avgpp.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\\windows\\system32\\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\\docume~1\\nanu\\applic~1\\mozilla\\firefox\\profiles\\qiquwtgl.default\\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - component: c:\\program files\\mozilla firefox\\\\components\\jar50.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("backups.number_of_prefs_copies", 1);
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("dom.disable_window_open_feature.status", false);
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("advanced.always_load_images", true);
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.protocol-handler.external.help", false);
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.IDN_show_punycode", true);
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\\program files\\mozilla firefox\\\\greprefs\\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.version",
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.extensions.version", "1.0");
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.build_id",
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.update.updatesAvailable", false);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("update.severity", 0);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("general.useragent.vendorSub",
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("browser.update.resetHomepage", false);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("browser.turbo.enabled", false);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("update_notifications.enabled", true);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\\program files\\mozilla firefox\\\\defaults\\pref\\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 6th January 2009, 3:58 am

DDS log Part 2

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-3 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-3 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-3 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-3 90632]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-4 874776]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-3 231704]
R4 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2003-7-29 23200]
S0 bvme;bvme;c:\windows\system32\drivers\igoxhxj.sys --> c:\windows\system32\drivers\Igoxhxj.sys [?]

=============== Created Last 30 ================


==================== Find3M ====================

2009-01-04 18:28 40,674 a------- c:\documents and settings\nanu\nah_log.dat
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-26 14:24 507,904 a------- c:\windows\system32\winlogon.exe
2008-11-26 14:24 295,424 a------- c:\windows\system32\termsrv.dll
2008-10-24 05:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 06:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 07:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 07:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 10:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 01:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 01:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-04-10 22:17 32 a----r-- c:\documents and settings\all users\hash.dat
2007-11-25 18:25 62,024 ac------ c:\docume~1\nanu\applic~1\GDIPFONTCACHEV1.DAT
2003-07-29 19:43 723 ac------ c:\program files\INSTALL.LOG
2001-11-19 12:14 61,440 ac------ c:\windows\inf\i386\gl.dll
2001-10-29 14:30 245,760 ac------ c:\windows\inf\i386\viceo.dll
2001-08-17 17:43 32,768 ac------ c:\windows\inf\i386\Wiamicro.dll
2008-08-20 03:06 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082020080821\index.dat

============= FINISH: 21:32:40.00 ===============

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 6th January 2009, 1:45 pm

Nevermind about Java, we can try a program to remove it.
But right now, we need to go deeper, I think winlogon.exe has been patched.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Please disable your local AV (Anti-virus) by right clicking it's icon in the tray, and exit it.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:17 am

Part 1

ComboFix 09-01-05.05 - Nanu 2009-01-06 13:11:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.421 [GMT -6:00]
Running from: c:\documents and settings\Nanu\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nanu\Application Data\WeatherDPA
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\SearchWeather.xml
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\Weather_XML\Default
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\Weather_XML\Genera1
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\Weather_XML\General
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\Links
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\radar-big.jpg
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\radar-small
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\satellite-big.jpg
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\satellite-small
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Display
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Loading
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen2
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen3
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\screen4n5
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\Weather_XML\Version
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherDPA\WeatherPreferences
c:\documents and settings\Nanu\Application Data\WeatherDPA\Weather\WeatherStartup.xml
c:\documents and settings\Nanu\Application Data\Zango
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte10_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte11_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte12_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte13_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte14_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte19_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte20_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte21_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030104_emte9_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\030203lib_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102angel_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102bigluf_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102birthday_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102cheers_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102flo_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102good_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102jump_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102king_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102lough_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102luf_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102smile_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102smiled_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102sor_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102thanx_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\033102uhu_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\040103ahh_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\040103wow_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\040104_emi2_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\042102_1134_112_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\050103big_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\050103gig_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\050103hm_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\050103norm_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema15_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema16_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema17_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema18_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema19_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema20_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema21_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema24_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema25_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema26_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema30_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema33_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\060104_ema34_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\062802hippi_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\062802jumpie_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\080402argh_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\080402oops_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\080402ouch_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\082502no_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\082502yes_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_boring1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_confused_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_fantastic_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_feel_better_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_gimme_break_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_heehee_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_hlopaet_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_ign_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_lol_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_no_comment_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_peace_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_smashing_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\avatar.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\block_sm.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\block_sm2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\block_smli.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\block_smli2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\blocked.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\blocked2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_add-but.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_back-but.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_left_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_left_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_middle_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_right_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\btn_right_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\business_promo.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\buttondir.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\components.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\css_cattree.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\css_flashpreview.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\css2_main.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\css2_pagingmodule.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\css2_topbuttons.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\cursors.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\delete.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\edit_clear_sound.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\edit_fs.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\edit_select.gif

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 7th January 2009, 2:19 am

Hello.
The log was cut off, please post the rest.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:25 am

Part 2 of Many

c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\email-t1-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\email-temp-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\estatationery.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\flashpatch.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\flashpreview.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\fs3.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\hotbar_promo.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_checked_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_close_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_close_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_preview.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_edit_send.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_flash_preview.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_recently_used.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_remove_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_sand-clock2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_tell_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_tree_null.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\img_barlayout4.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\img_corner_left.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\img_local_logo.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_basetemplate.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_hbgroups.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobject3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_hbobjectset3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_hotbarwrapper.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_texts3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\js2_xmltree3nf.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\layout.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\linkpathlegal.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\n.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\nav_b_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\nav_bb_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\nav_f_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\nav_ff_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\progress.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\sales_buttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\searchbtn.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\submit.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_bg.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_bga.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_bgia.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_l.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_la.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_lia.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_r.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_ra.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tab_ria.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tree_dots.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tree_minus.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\tree_plus.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\treedata_animations.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\treedata_backgrounds.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\treedata_ecards.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\treedata_emoticons.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\treedata_notifiers.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\treedata_text.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\1\zango_btn.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte10_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte11_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte12_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte13_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte14_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte19_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte20_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte21_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030104_emte9_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\030203lib_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102angel_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102bigluf_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102bigsmile_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102birthday_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102cheers_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102flo_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102good_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102jump_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102king_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102lough_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102luf_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102smile_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102smiled_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102sor_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102thanx_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\033102uhu_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\040103ahh_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\040103wow_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\040104_emi2_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\042102_1134_112_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\050103big_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\050103gig_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\050103hm_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\050103nomail_emoti_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\050103norm_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema15_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema16_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema17_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema18_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema19_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema20_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema21_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema24_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema25_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema26_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema30_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema33_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\060104_ema34_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\062802hippi_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\062802jumpie_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\080402argh_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\080402oops_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\080402ouch_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\082502no_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\082502yes_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_boring1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_confused_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_crying_ugly_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_fantastic_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_feel_better_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_gimme_break_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_heehee_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_hlopaet_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_ign_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_lol_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_no_comment_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_peace_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_smashing_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\110103_talk2thehand_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\avatar.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\block_sm.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\block_sm2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\block_smli.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\block_smli2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\blocked.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\blocked2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_add-but.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_back-but.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_left_cut_enabled_1.gif

More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:26 am

Part 3

c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_left_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_left_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_middle_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_right_cut_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_right_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\btn_right_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\business_promo.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\buttondir.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\components.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\css_cattree.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\css_flashpreview.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\css2_main.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\css2_pagingmodule.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\css2_topbuttons.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\cursors.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\delete.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\edit_clear_sound.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\edit_fs.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\edit_select.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\email-t1-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\email-temp-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\estatationery.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\flashpatch.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\flashpreview.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\fs3.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\hotbar_promo.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_checked_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_close_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_close_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_preview.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_edit_send.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_flash_preview.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_recently_used.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_remove_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_sand-clock2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_tell_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_tree_null.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\icon_unchecked_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\img_barlayout4.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\img_corner_left.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\img_local_logo.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_basetemplate.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_hbgroups.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobject3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_hbobjectset3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_hotbarwrapper.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_iteratorsandreaders3nf.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_pagingmoduleobj3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_texts3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\js2_xmltree3nf.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\layout.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\linkpathlegal.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\n.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\nav_b_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\nav_bb_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\nav_f_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\nav_ff_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\progress.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\sales_buttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\searchbtn.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\submit.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_bg.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_bga.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_bgia.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_l.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_la.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_lia.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_r.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_ra.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tab_ria.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tree_dots.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tree_minus.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\tree_plus.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\treedata_animations.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\treedata_backgrounds.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\treedata_ecards.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\treedata_emoticons.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\treedata_notifiers.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\treedata_text.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\2\zango_btn.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\avatar.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\business_promo.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\buttondir.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\code.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\cursors.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\email-temp-bg.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\hotbar_promo.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\images.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\layout.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\localcontent.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\sales_buttons.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\treexml.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOI\static\DownLoad\zango_btn.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte10_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte11_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte12_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte13_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte14_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte19_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte20_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte21_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030104_emte9_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\030203lib_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102angel_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102bigluf_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102bigsmile_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102birthday_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102cheers_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102flo_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102good_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102jump_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102king_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102lough_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102luf_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102smile_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102smiled_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102sor_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102thanx_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\033102uhu_1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\040103ahh_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\040103wow_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\040104_emi2_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\042102_1134_112_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\050103big_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\050103gig_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\050103hm_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\050103nomail_emoti_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\050103norm_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema15_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema16_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema17_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema18_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema19_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema20_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema21_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema24_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema25_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema26_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema30_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema33_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\060104_ema34_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\062802hippi_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\062802jumpie_prv.gif
More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:29 am

Part 4

c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\080402argh_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\080402oops_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\080402ouch_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\082502no_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\082502yes_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_boring1_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_confused_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_crying_ugly_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_fantastic_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_feel_better_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_gimme_break_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_heehee_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_hlopaet_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_ign_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_lol_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_no_comment_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_peace_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_smashing_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\110103_talk2thehand_prv.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\block_sm.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\block_sm2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\block_smli.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\block_smli2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\blocked.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\blocked2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_add-but.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_back-but.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_left_cut_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_left_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_left_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_middle_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_right_cut_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_right_enabled_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\btn_right_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\business_promo.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\buttondir.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\components.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\css_cattree.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\css_flashpreview.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\css2_main.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\css2_pagingmodule.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\css2_topbuttons.css
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\cursors.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\delete.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\edit_clear_sound.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\edit_fs.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\edit_select.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-543450.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-548964.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-589306.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-591943.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-592579.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-598579.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-603763.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9595.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511724-9696.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-511745-514279.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-bcards.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-ecards.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-emoticons.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-estationery.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-funny.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-help.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-images.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-info.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-more.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-my.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-new2.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-options.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-people.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-photo.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-tell.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-temp.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-text.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def-email-voice.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-def.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-premium-email-premium.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-t1-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\email-temp-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\estatationery.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\flashpatch.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\flashpreview.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\fs3.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\hotbar_promo.htm
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_checked_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_close_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_close_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_preview.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_edit_send.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_flash_preview.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_recently_used.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_remove_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_sand-clock2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_tell_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_tree_null.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\icon_unchecked_pressed_1.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\img_barlayout4.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\img_corner_left.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\img_local_logo.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_basetemplate.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_hbgroups.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobject3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_hbobjectset3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_hotbarwrapper.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_iteratorsandreaders3nf.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_pagingmoduleobj3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_texts3.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\js2_xmltree3nf.js
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\layout.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\linkpathlegal.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\n.gif

More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:31 am

Part 5

c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\nav_b_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\nav_bb_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\nav_f_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\nav_ff_2.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\pro_hb_fo_word.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\progress.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\sales_buttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\searchbtn.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\submit.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_bg.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_bga.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_bgia.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_l.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_la.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_lia.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_r.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_ra.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tab_ria.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tree_dots.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tree_minus.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\tree_plus.gif
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\treedata_animations.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\treedata_backgrounds.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\treedata_ecards.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\treedata_emoticons.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\treedata_notifiers.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\treedata_text.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\HostOL\static\1\zango_btn.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1000279.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1002510.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1015407.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1020167.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1041785.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1042547.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1044912.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1055568.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1055646.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1055670.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1055719.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1055993.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1055998.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1056230.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1057079.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1057733.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1058131.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1058519.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1059014.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1059105.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1059760.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1062468.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1063956.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1066422.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1066790.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1068687.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\107071.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1074005.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1089758.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1102118.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1127470.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1139961.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1140234.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1164017.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\119057.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1202032.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1205004.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\12077.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1218023.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\124590.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1247009.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1252671.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1265531.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1281075.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1383752.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1386476.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1387228.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1388678.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1390361.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1390419.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1391571.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1400989.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1402698.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1404507.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1404973.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1442036.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\144984.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\150778.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\151198.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1626322.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1676322.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1681716.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1806404.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1820982.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1840276.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\192005.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\1946317.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2070307.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2208948.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\221540.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2242126.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\225269.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2279094.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\231613.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2336680.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\234268.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2344784.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2396130.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\241506.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2451.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\250094.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\25012.sdf

More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:33 am

Part 6

c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2643193.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\265340.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2696936.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2697919.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2699328.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\270829.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\277994.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2802943.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2807954.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2821084.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2837207.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2847045.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2866535.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2881380.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2883568.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2884302.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2884305.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2884308.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2884513.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2885061.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2893802.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2894930.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2899632.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2900957.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2901424.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\2901598.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\305099.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\310462.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3246184.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3251993.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\325518.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3270236.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3272257.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\328096.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\329264.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3294691.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3297529.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3298188.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3300399.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\333295.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3340762.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3348131.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3382430.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3384084.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3385191.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\339597.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3404705.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3407675.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\340902.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3422321.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3422833.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3426120.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3427200.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3429068.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\346234.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3466846.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\346907.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3469510.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\347511.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3477763.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\348503.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\36472.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\365762.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3700980.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3730773.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3781173.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\378900.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\383159.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3852191.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3852538.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\385434.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3859100.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3862547.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3863608.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3865384.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3865689.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3865777.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3873373.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3874857.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\387523.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3893089.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3893090.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3893180.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\3893466.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\394147.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\39466.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\398142.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\402942.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\403997.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\417007.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\421016.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\421970.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\430079.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\43446.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\438839.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\447600.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\4478.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\455141.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\4631.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\463576.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\47467.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\478054.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\481064.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\504717.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\514531.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\515176.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\535467.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\535513.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\537537.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\547815.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\548756.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\555745.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\557711.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\572823.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\573421.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\580370.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\584648.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\587900.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\596840.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\59943.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\600583.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\607714.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\620184.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\620988.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\622402.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\641008.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\643969.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\652528.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\65445.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\665449.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\667482.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\676942.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\676946.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\680355.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\681724.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\689815.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\691715.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\6960.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\698191.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\700587.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\721157.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\724956.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\736251.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\737999.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\750309.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\757108.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\767817.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\769422.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\777073.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\777882.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\788934.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\803618.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\804470.sdf

More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:34 am

Part 8

c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\805478.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\806451.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\819382.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\828970.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\840240.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\841363.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\849859.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\853659.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\858463.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\865083.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\877787.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\87947.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\880604.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\890068.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\903384.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\915826.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\930943.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\931608.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\934953.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\93610.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\945820.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\949732.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\951083.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\952211.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\955729.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\957565.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\958273.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\976123.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\980079.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\983523.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\990028.sdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\domains.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000047523
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000047670
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000066592
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000066916
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\1000068187
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\12017
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\127499
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\146258
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\153363
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16168
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16197
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\16774
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\185130
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\185626
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\18795
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\193409
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19344
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19475
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\19478
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\199345
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\20768
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\211490
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2119
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21342
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\216168
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\21921
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\22563
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\230440
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\233607
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\237488
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\251440
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26030
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\26479
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\273426
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\281430
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\28762
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\2932
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\294723
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\29482
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\30320
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\303623
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\31321
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\32052
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\3405
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\34381
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35285
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\35865
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\372500
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\41875
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\43128
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\450215
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\456535
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\47194
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\472662
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\47484
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\490263
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\509213
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5112
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5137
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\525034
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\5358
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\53933
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\541324
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\543113
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\55907
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\568061
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\57404
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59221
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\59287
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\60539
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\60785
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61304
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\61642
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64434
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\64690
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\649764
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6508
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\65824
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\66493
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\669733
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\675846
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\6915
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\69322
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\70779
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71361
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\71531
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\72864
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\731456
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\743403
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\74394
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744725
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\744939
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745061
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745148
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745171
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745282
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745304
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745732
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\745759
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747712
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\747834
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\748076
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\7492
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\749440
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75296
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\75674


More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:35 am

Part 9

c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\76091
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\83732
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\85268
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\86049
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90325
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\90564
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93025
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\93654
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94125
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\94376
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\95873
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\97055
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99071
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\TooltipXML\99739
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\dynamic\ustat\3747.dat
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\avatar.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\btntrans.idx
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\btntrans1.dat
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\buttondir.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\components.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\cursors.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_1000.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_2000.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_3000.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bar.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_bbar1.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_logos.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_buttons_other.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\d_icons_weather.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\default.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_511745-514279.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_categorize.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_comparison.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-Mails.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_explorer-people.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_favorites.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_Games.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_Hide.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_hotbarcom.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_Hotmail.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_hsskin.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_jemster.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_jemsterie.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_jemsteruk.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_jobsearch.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_Mails.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_MobileSidewalk.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_new.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_premium.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_reun.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_ringtones.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_SearchBoxTrapper.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_searchfor.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_searchgo.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_weather.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Default_yellowpages.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\editblbuttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-548964.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\email-def-511724-9595.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\email-t1-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\icons2.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\ie_games_icon.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\ie_video.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\keywords.idx
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\keywords1.dat
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\layout.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\linkpathlegal.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\progress.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\s_icons_buttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\sales_buttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\sdfmodifier.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\t2_bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\theweb.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\top7.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\Top7_theweb.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\tsd_bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\zango_btn.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\1\zango_ie_menu.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\avatar.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\btntrans.idx
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\btntrans1.dat
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\buttondir.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\components.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\cursors.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_1000.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_2000.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_3000.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bar.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_bbar1.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_logos.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_buttons_other.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\d_icons_weather.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\default.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_511745-514279.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-ca.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_bidzC_ZT_IE-us.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_categorize.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_comparison.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-Mails.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_explorer-people.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_favorites.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_Games.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_Hide.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_hotbarcom.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_Hotmail.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_hsskin.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_jemster.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_jemsterie.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_jemsteruk.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_jobsearch.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_Mails.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_MobileSidewalk.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_new.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_premium.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_reun.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_ringtones.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_SearchBoxTrapper.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_searchfor.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_searchgo.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_weather.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Default_yellowpages.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\editblbuttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-548964.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\email-def-511724-9595.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\email-t1-bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\icons2.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\ie_games_icon.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\ie_video.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\keywords.idx
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\keywords1.dat
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\layout.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\linkpathlegal.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\progress.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\s_icons_buttons.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\sales_buttons.res


More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:36 am

Part 10

c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\sdfmodifier.xml
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\t2_bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\theweb.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\top7.cdf
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\Top7_theweb.mnu
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\tsd_bg.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\zango_btn.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\2\zango_ie_menu.res
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\avatar.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.idx
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\BtnTrans1.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\buttondir.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\cursors.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_1000.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_2000.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_3000.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bar.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_bbar1.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_logos.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_buttons_other.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\d_icons_weather.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\default.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\editblbuttons.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\email-t1-bg.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\icons2.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_games_icon.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\ie_video.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\keywords1.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\layout.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\linkpathlegal.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\s_icons_buttons.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\sales_buttons.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.txt
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\samplegroups2.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\sdfmodifier.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\t2_bg.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\top7.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\tsd_bg.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_btn.xip
c:\documents and settings\Nanu\Application Data\Zango\v3.0\Zango\static\DownLoad\zango_ie_menu.xip
c:\documents and settings\Nanu\nah_log.dat
c:\documents and settings\Nanu\nah_temp1.exe
c:\program files\INSTALL.LOG
c:\windows\system32\TDSSmtve.dat

Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\winlogon.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-12-06 to 2009-01-06 )))))))))))))))))))))))))))))))
.

2009-01-06 13:19 . 2009-01-06 13:19 53,248 --a------ c:\temp\catchme.dll
2009-01-04 22:49 . 2009-01-04 22:49 d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-04 19:38 . 2009-01-04 19:38 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-01-04 19:09 . 2009-01-04 19:09 d-------- c:\documents and settings\Nanu\Application Data\Malwarebytes
2009-01-04 18:32 . 2009-01-04 19:38 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 18:32 . 2009-01-04 18:32 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 18:32 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-04 18:32 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-04 00:06 . 2009-01-04 00:06 d--h----- c:\windows\PIF
2009-01-03 23:54 . 2009-01-04 17:41 d--h----- C:\$AVG8.VAULT$
2009-01-03 22:02 . 2009-01-06 07:18 d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-01-03 22:02 . 2009-01-03 22:02 d-------- c:\program files\AVG
2009-01-03 22:02 . 2009-01-06 12:29 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-03 22:02 . 2009-01-04 19:38 98,440 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-01-03 22:02 . 2009-01-04 19:38 90,632 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2009-01-03 22:02 . 2009-01-04 19:38 12,936 --a------ c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
2009-01-03 21:07 . 2009-01-03 22:03 d-------- c:\documents and settings\Administrator
2009-01-03 19:56 . 2009-01-03 19:56 870,128 --a------ c:\windows\SYSTEM32\mcs.rma
2009-01-03 19:56 . 2009-01-03 19:56 4 --a------ c:\windows\SYSTEM32\0624EB
2009-01-02 13:01 . 2009-01-04 17:45 d-------- c:\program files\Windows Live Safety Center
2009-01-02 11:05 . 2009-01-02 11:05 d-------- c:\documents and settings\All Users\Application Data\suspicious_1564938143
2008-12-29 23:06 . 2008-12-29 23:06 d-------- c:\program files\Bonjour
2008-12-23 10:08 . 2008-12-23 10:09 d-------- c:\documents and settings\Nanu\Application Data\Move Networks
2008-12-21 11:09 . 2008-12-21 11:09 45,056 --a------ c:\documents and settings\Nanu\wincgf64.exe
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\SYSTEM32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\SYSTEM32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 03:27 --------- d-----w c:\program files\Java
2009-01-06 03:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 02:29 --------- d-----w c:\program files\Google
2009-01-04 02:13 --------- d-----w c:\documents and settings\Nanu\Application Data\Apple Computer
2009-01-04 02:05 --------- d-----w c:\program files\NStorm
2009-01-04 02:03 --------- d-----w c:\program files\IncrediMail
2009-01-01 00:43 --------- d-----w c:\documents and settings\Nanu\Application Data\WeatherBug
2008-12-27 00:19 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-05 16:50 --------- d-----w c:\program files\Coupons
2008-11-25 15:47 --------- d-----w c:\program files\iTunes
2008-11-25 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 15:38 --------- d-----w c:\program files\iPod
2008-11-25 15:37 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 14:27 --------- d-----w c:\program files\QuickTime
2008-04-11 04:17 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-26 00:25 62,024 -c--a-w c:\documents and settings\Nanu\Application Data\GDIPFONTCACHEV1.DAT
2005-07-16 10:41 41,573 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 10:41 48,223 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 10:41 160,871 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-20 09:06 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat
.



More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:37 am

Part 11


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-07-30 1593344]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Schedule"="c:\program files\WinTVR3\Schedule.exe" [2005-09-27 98304]
"Remote"="c:\program files\WinTVR3\Remote.exe" [2005-09-27 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"OneTouch Monitor"="c:\progra~1\VISION~1\ONETOU~2.EXE" [2002-04-16 86016]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-04 1261336]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-20 315392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"VIDC.VDOM"= vdowave.drv
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\WINDOWS\\SYSTEM32\\dxdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [2009-01-03 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-01-03 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-01-03 90632]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-04 874776]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R4 ppsio2;PPDevice;c:\windows\SYSTEM32\DRIVERS\ppsio2.sys [2003-07-29 23200]
S0 bvme;bvme;c:\windows\system32\drivers\Igoxhxj.sys --> c:\windows\system32\drivers\Igoxhxj.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-06 c:\windows\Tasks\bk2.job
- c:\backups\bk2.bat [2008-03-24 22:16]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DW4 - c:\program files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe


.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ehg-churchilldownsinc.hitbox.com
Trusted Zone: online.musicmatch.com

O16 -: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Nanu\Application Data\Mozilla\Firefox\Profiles\qiquwtgl.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

More to follow

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 2:38 am

Part 12


catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-06 13:19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\fxssvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-06 13:26:02 - machine was rebooted [Nanu]
ComboFix-quarantined-files.txt 2009-01-06 19:25:31

Pre-Run: 13,629,341,696 bytes free
Post-Run: 13,895,462,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

1368 --- E O F --- 2008-12-19 09:02:39


Finally the end.

BTW, what is the message line limit?

Thanks!

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 7th January 2009, 2:41 am

I dunno the message line limit.

Now open a new notepad file.
Input this into the notepad file:

KILLALL::
Driver::
bvme

File::
c:\windows\system32\drivers\Igoxhxj.sys
c:\documents and settings\Nanu\wincgf64.exe

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 3:22 am

Here are the results of the second combofix run:

Part 1

ComboFix 09-01-05.05 - Nanu 2009-01-06 20:53:23.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.395 [GMT -6:00]
Running from: c:\documents and settings\Nanu\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nanu\Desktop\CFscript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\documents and settings\Nanu\wincgf64.exe
c:\windows\system32\drivers\Igoxhxj.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Nanu\wincgf64.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_bvme


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-06 21:08 . 2009-01-06 21:08 53,248 --a------ c:\temp\catchme.dll
2009-01-04 22:49 . 2009-01-04 22:49 d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-01-04 19:38 . 2009-01-04 19:38 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll
2009-01-04 19:09 . 2009-01-04 19:09 d-------- c:\documents and settings\Nanu\Application Data\Malwarebytes
2009-01-04 18:32 . 2009-01-04 19:38 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-04 18:32 . 2009-01-04 18:32 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-04 18:32 . 2009-01-04 18:38 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-01-04 18:32 . 2009-01-04 18:38 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-01-04 00:06 . 2009-01-04 00:06 d--h----- c:\windows\PIF
2009-01-03 23:54 . 2009-01-04 17:41 d--h----- C:\$AVG8.VAULT$
2009-01-03 22:02 . 2009-01-06 15:18 d-------- c:\windows\SYSTEM32\DRIVERS\Avg
2009-01-03 22:02 . 2009-01-03 22:02 d-------- c:\program files\AVG
2009-01-03 22:02 . 2009-01-06 12:29 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-03 22:02 . 2009-01-04 19:38 98,440 --a------ c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
2009-01-03 22:02 . 2009-01-04 19:38 90,632 --a------ c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
2009-01-03 22:02 . 2009-01-04 19:38 12,936 --a------ c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
2009-01-03 21:07 . 2009-01-03 22:03 d-------- c:\documents and settings\Administrator
2009-01-03 19:56 . 2009-01-03 19:56 870,128 --a------ c:\windows\SYSTEM32\mcs.rma
2009-01-03 19:56 . 2009-01-03 19:56 4 --a------ c:\windows\SYSTEM32\0624EB
2009-01-02 13:01 . 2009-01-04 17:45 d-------- c:\program files\Windows Live Safety Center
2009-01-02 11:05 . 2009-01-02 11:05 d-------- c:\documents and settings\All Users\Application Data\suspicious_1564938143
2008-12-29 23:06 . 2008-12-29 23:06 d-------- c:\program files\Bonjour
2008-12-23 10:08 . 2008-12-23 10:09 d-------- c:\documents and settings\Nanu\Application Data\Move Networks
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\SYSTEM32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\SYSTEM32\dnssd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 03:27 --------- d-----w c:\program files\Java
2009-01-06 03:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-04 02:29 --------- d-----w c:\program files\Google
2009-01-04 02:13 --------- d-----w c:\documents and settings\Nanu\Application Data\Apple Computer
2009-01-04 02:05 --------- d-----w c:\program files\NStorm
2009-01-04 02:03 --------- d-----w c:\program files\IncrediMail
2009-01-01 00:43 --------- d-----w c:\documents and settings\Nanu\Application Data\WeatherBug
2008-12-27 00:19 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-05 16:50 --------- d-----w c:\program files\Coupons
2008-11-25 15:47 --------- d-----w c:\program files\iTunes
2008-11-25 15:47 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-25 15:38 --------- d-----w c:\program files\iPod
2008-11-25 15:37 --------- d-----w c:\program files\Common Files\Apple
2008-11-25 14:27 --------- d-----w c:\program files\QuickTime
2008-04-11 04:17 32 ----a-r c:\documents and settings\All Users\hash.dat
2007-11-26 00:25 62,024 -c--a-w c:\documents and settings\Nanu\Application Data\GDIPFONTCACHEV1.DAT
2005-07-16 10:41 41,573 -c--a-w c:\program files\mozilla firefox\components\jar50.dll
2005-07-16 10:41 48,223 -c--a-w c:\program files\mozilla firefox\components\jsd3250.dll
2005-07-16 10:41 160,871 -c--a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-20 09:06 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2004-07-30 1593344]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Schedule"="c:\program files\WinTVR3\Schedule.exe" [2005-09-27 98304]
"Remote"="c:\program files\WinTVR3\Remote.exe" [2005-09-27 241664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"OneTouch Monitor"="c:\progra~1\VISION~1\ONETOU~2.EXE" [2002-04-16 86016]
"NeroCheck"="c:\windows\System32\NeroCheck.exe" [2001-07-09 155648]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe" [2006-01-19 11776]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-04 1261336]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-20 315392]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 c:\windows\BCMSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\SYSTEM32\Ati2mdxx.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"VIDC.JPEG"= jpegCode.dll
"VIDC.MJPG"= jpegCode.dll
"VIDC.VDOM"= vdowave.drv
"VIDC.TR20"= tr2032.dll
"vidc.vivo"= ivvideo.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpvsetup.exe"=
"c:\\WINDOWS\\SYSTEM32\\dxdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dpnsvr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [2009-01-03 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2009-01-03 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [2009-01-03 90632]
R4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-04 874776]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-03 231704]
R4 ppsio2;PPDevice;c:\windows\SYSTEM32\DRIVERS\ppsio2.sys [2003-07-29 23200]

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 3:23 am

Part 2

.
Contents of the 'Scheduled Tasks' folder

2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-06 c:\windows\Tasks\bk2.job
- c:\backups\bk2.bat [2008-03-24 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: ehg-churchilldownsinc.hitbox.com
Trusted Zone: online.musicmatch.com

O16 -: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Nanu\Application Data\Mozilla\Firefox\Profiles\qiquwtgl.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4

ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.version",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\Mozilla Firefox\\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-01-06 21:08:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\CTsvcCDA.EXE
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\fxssvc.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\progra~1\MUSICM~1\MUSICM~1\MMDiag.exe
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-01-06 21:14:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 03:14:28
ComboFix2.txt 2009-01-06 19:26:05

Pre-Run: 13,895,446,528 bytes free
Post-Run: 13,882,540,032 bytes free

244 --- E O F --- 2008-12-19 09:02:39

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 7th January 2009, 2:21 pm

Looks better now, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 7:44 pm

As best I can tell, all is well.

I'm curious what threats were present. Can you please comment on them?

Also, was any secure information compromised?

I looked at via notepad, c:\Documents and Settings\Nanu\nah_log.dat in notepad. I think it had the pop server's passwords in it. This was done prior to your involvement and mentioned in my original post.

Belahzur, thanks for all your help! Your time and talent are greatly appreciated.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 7th January 2009, 8:28 pm

Hello.
No, nothing was compromised, no backdoor functionality stuff here.

I could see from your DDS log that file this file was present in the find3m report, find3m means files modified, and I checked the file size and compared it to mine, there were different, so I had my suspicion that the file was patched by malware to load the malware.
c:\windows\system32\winlogon.exe

Then I had CFScript remove this driver and file:
c:\windows\system32\drivers\Igoxhxj.sys

I couldn't find anything on it, so chances are it was randomly named and I went with my gut and had CF delete it.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 7th January 2009, 10:30 pm

No backdoor functionality is a big relief!

Shall we mark this one solved or is there more to do?

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 7th January 2009, 10:36 pm

Just Java needs updating, then I'll post some security tips and let you on your way.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 8th January 2009, 2:29 am

Hi there. Here is the JavaRa log:

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jan 07 20:28:23 2009

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Program Files\Java Web Start

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\javaw.Exe

Found and removed: SOFTWARE\Classes\JavaPlugin.140_03

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\JavaSoft\Java2D\1.5.0_04

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_09

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\JavaPlugin.150_04

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_09

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Classes\JavaPlugin.141_02

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Belahzur on 8th January 2009, 4:54 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by rokjok on 10th January 2009, 11:07 pm

Belahzur,

Thank you for all your help.

It's a big relief having the system back in working order. We will certainly be vigilant about keeping virus/spyware tools up to date.

Thanks again for all that you do for both me and others.

rokjok
Novice
Novice

Posts Posts : 27
Joined Joined : 2009-01-05
OS OS : windows xp
Points Points : 28951
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: System Security et.al.

Post by Doctor Inferno on 2nd March 2009, 10:04 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum