Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems removing Vundo and possibly others [CLOSED]


  • This topic is locked This topic is locked

#1
anniey

anniey

    New Member

  • Member
  • Pip
  • 9 posts
This started happening yesterday without any warning. I was browsing the internet and I suddenly started getting pop-up ads and warning messages telling me my computer was infected. Something called AntiSpywareMaster downloaded itself onto my desktop, and my wallpaper changed into a blue screen that reads:

Warning: Spyware threat has been detected on your computer.

Your computer has several fatal errors due to spyware activity. It is strongly recommended to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats.

Click here to scan your computer for spyware...


I think it might be Vundo and/or Smitfraud, but VundoFix and VirtumundoBeGone detected nothing when I did a scan of my computer, and my computer won't let me reboot in safe mode (it gives me a blue screen that says my computer might be infected with malware) so I can't use SmitfraudFix.

I went through all the steps listed here but stopped at installing SP1a, since the site would only let me download SP3. If anyone can help me, I'd really appreciate it. Here are my logs:

Malwarebytes

Malwarebytes' Anti-Malware 1.15
Database version: 844

11:32:05 PM 7/7/2008
mbam-log-7-7-2008 (23-32-05).txt

Scan type: Quick Scan
Objects scanned: 39888
Time elapsed: 5 minute(s), 35 second(s)

Memory Processes Infected: 3
Memory Modules Infected: 3
Registry Keys Infected: 39
Registry Values Infected: 7
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 76

Memory Processes Infected:
C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.AntiSpyMaster) -> Unloaded process successfully.
C:\Program Files\Common Files\?dobe\nslookup.exe (Adware.PurityScan) -> Unloaded process successfully.
C:\WINDOWS\mrofinu572.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\tuvwXPhF.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wtiaxreg.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\velmnub.dll (Adware.ClickSpring) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2651361-bbd0-42a6-9032-6cacf4467fe1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f2651361-bbd0-42a6-9032-6cacf4467fe1} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8a42e94a-0587-7927-fa3c-7ea296ee1d92} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a42e94a-0587-7927-fa3c-7ea296ee1d92} (Adware.ClickSpring) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AntiSpywareMaster (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/xpreload.ocx (Heuristics.Malware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\70bc9c51 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AntiSpywareMaster (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ieuu (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM738fafcd (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\xpreload.ocx (Heuristics.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\tuvwXPhF.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\FhPXwvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FhPXwvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wtiaxreg.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\gerxaitw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\?dobe\nslookup.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\velmnub.dll (Adware.ClickSpring) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6PQ9SBCD\winvsnet[1].exe (Rogue.AntiSpyMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8RSTUVWX\yazzsnet[1].exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\explore.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchost32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\loader.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\internet.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctfmon32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ctrlpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\directx32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\dnsrelay.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\editpad.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\explorer32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funniest.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\funny.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\gfmnaaa.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\helpcvs.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\iedll.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\inetinf.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msconfd.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msspi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssys.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msupdate.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc10.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mswsc20.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\qttasks.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\quicken.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll16.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdwhtgmh.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\rundll32.vbe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\searchword.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\sistem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\svcinit.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\xpreload.ocx (Heuristics.Malware) -> Quarantined and deleted successfully.


SuperAntiSpyware (detected nothing)

Panda ActiveScan

;*******************************************************************************
********************************************************************************
*
*******************
ANALYSIS: 2008-07-08 00:31:15
PROTECTIONS: 0
MALWARE: 43
SUSPECTS: 5
;*******************************************************************************
********************************************************************************
*
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
================================================================================
=
===================
00003992 spyware/adclicker Spyware No 1 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}
00013512 adware/searchaid Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587DBF2D-9145-4C9E-92C2-1F953DA73773}
00013512 adware/searchaid Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}
00018457 adware/purityscan Adware No 0 Yes No c:\documents and settings\administrator\local settings\temp\!update.exe
00029036 adware/superspider Adware No 1 Yes No c:\windows\mssys.exe
00029036 adware/superspider Adware No 1 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467FAEB2-5F5B-4C81-BAE0-2A4752CA7F4E}
00029343 adware/mssearch Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}
00029343 adware/mssearch Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}
00035633 adware/cws.nfo Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6}
00036156 adware/winres Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D38A51A-23C9-48a1-A33C-48675AA2B494}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}
00039204 adware/cws Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}
00039754 adware/browseraid Adware No 0 Yes No c:\windows\rundll16.exe
00040007 adware/cws.yexe Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3}
00040007 adware/cws.yexe Adware No 0 Yes No c:\windows\loader.exe
00041278 bck/galapoper.a Virus/Trojan No 1 Yes No c:\windows\system32\svcp.csv
00103389 adware/noname Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}
00110532 spyware/clientman Spyware No 1 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}
00132447 adware program Adware No 0 Yes No c:\windows\x.exe
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe[]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
00177226 spyware/lefeat Spyware No 1 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B847676D-72AC-4393-BFFF-43A1EB979352}
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
00218977 adware/affilred Adware No 0 Yes No c:\windows\msupdate.exe
00219235 Adware/CommAd Adware No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.24090
00219238 Adware/CommAd Adware No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.18555
00219327 adware/conspy Adware No 0 Yes No c:\windows\waol.exe
00219327 adware/conspy Adware No 0 Yes No c:\windows\editpad.exe
00226936 adware/cws.payfortraffic Adware No 0 Yes No HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98DBBF16-CA43-4c33-BE80-99E6694468A4}
00262492 Adware/CommAd Adware No 0 Yes No C:\WINDOWS\T0VN\nXph.vbs
00293079 Spyware/7r7t Spyware No 1 Yes No C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\1G4JPX4T\snapsnet[1].exe
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe
02688464 Adware/DnsInsider Adware No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.55395
02688464 Adware/DnsInsider Adware No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.69717
02893538 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temp\NDRA.tmp
02893538 Adware/PurityScan Adware No 0 Yes No C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MDV8X8VU\!update-4495[1].0000
02895017 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{B5B62D4A-A9B6-4FB9-BD8C-9B9362FC131E}\RP722\A0053235.exe
02895017 Adware/PurityScan Adware Yes 1 Yes No C:\PROGRA~1\COMMON~1\DOBE~1\nslookup.exe
02895017 Adware/PurityScan Adware No 0 Yes No C:\Program Files\Common Files\Аdobe\nslookup.exe
02896112 Adware/Yazzle Adware No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.80534
02896112 Adware/Yazzle Adware No 0 Yes No C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.88811
03053286 Adware/PurityScan Adware No 0 Yes No C:\System Volume Information\_restore{B5B62D4A-A9B6-4FB9-BD8C-9B9362FC131E}\RP722\A0053236.exe
03053286 Adware/PurityScan Adware Yes 1 Yes No C:\Documents and Settings\Administrator\Application Data\sуstem\rеgedit.exe
03054481 W32/Nuwar.VE.worm Virus/Worm No 1 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pqhaaahh.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\lkmifffm.exe
03139327 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\mrofinu572.exe.tmp
03139327 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B5B62D4A-A9B6-4FB9-BD8C-9B9362FC131E}\RP722\A0053237.exe
03139327 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{B5B62D4A-A9B6-4FB9-BD8C-9B9362FC131E}\RP722\A0052171.exe
;===============================================================================
================================================================================
=
===================
SUSPECTS
Sent Location o:-\s5
;===============================================================================
================================================================================
=
===================
No C:\WINDOWS\System32\uoyzsydz.exe o:-\s5
No C:\Documents and Settings\Administrator\Desktop\SmitfraudFix.exe o:-\s5
No C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MDV8X8VU\rasesnet[1].exe
No C:\WINDOWS\system32\cREG\bmndird.exe o:-\s5
No C:\WINDOWS\system32\uoyzsydz.exe o:-\s5
;===============================================================================
================================================================================
=
===================
VULNERABILITIES
Id Severity Description o:-\s5
;===============================================================================
================================================================================
=
===================
;===============================================================================
================================================================================
=
===================


HijackThis

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Documents and Settings\Administrator\Application Data\s?stem\r?gedit.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\!update.exe
C:\PROGRA~1\COMMON~1\DOBE~1\nslookup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: run=""
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%windir%\system32\userinit.exe,C:\WINDOWS\System32\uoyzsydz.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: {fe76ba7d-ea29-6fcb-5c24-6961e075d4f8} - {8f4d570e-1696-42c5-bcf6-92aed7ab67ef} - C:\WINDOWS\System32\nuhpph.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [Dyhv] "C:\Documents and Settings\Administrator\Application Data\s?stem\r?gedit.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Ieuu] "C:\PROGRA~1\COMMON~1\DOBE~1\nslookup.exe" -vt yazb
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {535AC98D-C942-4C87-9275-09C9C43EF2C1} - ms-its:mhtml:file://c:\\nores.mht!http://adxbnet.net/c...::/xpreload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C07E5A7D-4542-4BB9-844E-DEDC22462939}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C07E5A7D-4542-4BB9-844E-DEDC22462939}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O23 - Service: Terminal Services Session Directory (Tssdis) - Unknown owner - C:\WINDOWS\System32\tssdis.exe (file missing)

--
End of file - 5278 bytes


Uninstall list

Adobe Flash Player 9 ActiveX
Aldelo For Restaurants
HijackThis 2.0.2
ITE 887x PCI Multi-I/O Controller
Malwarebytes' Anti-Malware
MonitorMouse for Windows XP
Panda ActiveScan 2.0
S3Display
S3Gamma2
S3Info2
SUPERAntiSpyware Free Edition

Edited by anniey, 07 July 2008 - 07:01 PM.

  • 0

Advertisements


#2
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following....


Please download Deckard's System Scanner (DSS) from HERE or HERE and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • Please let your firewall allow the scanning/downloading process.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
If you are using Vista, you need to right-click at dss.exe icon and choose Run as Administrator



Regards
fenzodahl512
  • 0

#3
anniey

anniey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi fenzodahl512! Thanks for your quick response. I ran DSS like you said, but it only gave me main.txt. Here are the contents of main.txt:


Deckard's System Scanner v20071014.68
Run by Administrator on 2008-07-08 16:36:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:36:08 PM, on 7/8/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\S3hotkey.exe
C:\WINDOWS\System32\S3tray2.exe
C:\Documents and Settings\Administrator\Application Data\s?stem\r?gedit.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\COMMON~1\DOBE~1\nslookup.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADMINI~1.EXE

F3 - REG:win.ini: run=""
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,%windir%\system32\userinit.exe,C:\WINDOWS\System32\uoyzsydz.exe,
O2 - BHO: (no name) - {00110011-4b0b-44d5-9718-90c88817369b} - (no file)
O2 - BHO: (no name) - {086ae192-23a6-48d6-96ec-715f53797e85} - (no file)
O2 - BHO: (no name) - {150fa160-130d-451f-b863-b655061432ba} - (no file)
O2 - BHO: (no name) - {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - (no file)
O2 - BHO: (no name) - {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - (no file)
O2 - BHO: (no name) - {2d38a51a-23c9-48a1-a33c-48675aa2b494} - (no file)
O2 - BHO: (no name) - {2e9caff6-30c7-4208-8807-e79d4ec6f806} - (no file)
O2 - BHO: (no name) - {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - (no file)
O2 - BHO: (no name) - {5321e378-ffad-4999-8c62-03ca8155f0b3} - (no file)
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - (no file)
O2 - BHO: (no name) - {79369d5c-2903-4b7a-ade2-d5e0dee14d24} - (no file)
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: {fe76ba7d-ea29-6fcb-5c24-6961e075d4f8} - {8f4d570e-1696-42c5-bcf6-92aed7ab67ef} - C:\WINDOWS\System32\nuhpph.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: (no name) - {bc97b254-b2b9-4d40-971d-78e0978f5f26} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765721306} - (no file)
O2 - BHO: (no name) - {e2ddf680-9905-4dee-8c64-0a5de7fe133c} - (no file)
O2 - BHO: (no name) - {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - (no file)
O2 - BHO: (no name) - {e7afff2a-1b57-49c7-bf6b-e5123394c970} - (no file)
O2 - BHO: (no name) - {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - (no file)
O2 - BHO: (no name) - {fd9bc004-8331-4457-b830-4759ff704c22} - (no file)
O2 - BHO: (no name) - {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [Dyhv] "C:\Documents and Settings\Administrator\Application Data\s?stem\r?gedit.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Ieuu] "C:\PROGRA~1\COMMON~1\DOBE~1\nslookup.exe" -vt ndrv
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {535AC98D-C942-4C87-9275-09C9C43EF2C1} - ms-its:mhtml:file://c:\\nores.mht!http://adxbnet.net/c...::/xpreload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C07E5A7D-4542-4BB9-844E-DEDC22462939}: NameServer = 68.94.156.1,68.94.157.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C07E5A7D-4542-4BB9-844E-DEDC22462939}: NameServer = 68.94.156.1,68.94.157.1
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: SSOExec - %windir%\temp\sso\ssoexec.dll (file missing)
O23 - Service: Terminal Services Session Directory (Tssdis) - Unknown owner - C:\WINDOWS\System32\tssdis.exe (file missing)

--
End of file - 5226 bytes

-- Files created between 2008-06-08 and 2008-07-08 -----------------------------

2008-07-08 01:12:55 0 d-------- C:\Program Files\Trend Micro
2008-07-07 23:44:23 0 d-------- C:\Program Files\Panda Security
2008-07-07 23:37:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-07 23:37:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-07 23:37:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-07 23:37:31 22272 --a------ C:\WINDOWS\y.exe
2008-07-07 23:37:29 27136 --a------ C:\WINDOWS\xplugin.dll
2008-07-07 23:37:26 12288 --a------ C:\WINDOWS\x.exe
2008-07-07 23:37:26 13312 --a------ C:\WINDOWS\winmgnt.exe
2008-07-07 23:37:26 30976 --a------ C:\WINDOWS\window.exe
2008-07-07 23:37:22 30720 --a------ C:\WINDOWS\winajbm.dll
2008-07-07 23:37:18 10752 --a------ C:\WINDOWS\win64.exe
2008-07-07 23:37:18 20736 --a------ C:\WINDOWS\win32e.exe
2008-07-07 23:37:17 30976 --a------ C:\WINDOWS\waol.exe
2008-07-07 23:37:13 15104 --a------ C:\WINDOWS\users32.exe
2008-07-07 23:37:12 26112 --a------ C:\WINDOWS\time.exe
2008-07-07 23:37:10 16384 --a------ C:\WINDOWS\systemcritical.exe
2008-07-07 23:37:10 14592 --a------ C:\WINDOWS\systeem.exe
2008-07-07 23:37:09 21248 --a------ C:\WINDOWS\svcinit.exe
2008-07-07 23:37:09 17664 --a------ C:\WINDOWS\svchost32.exe
2008-07-07 23:37:08 27904 --a------ C:\WINDOWS\sistem.exe
2008-07-07 23:37:05 21504 --a------ C:\WINDOWS\searchword.dll
2008-07-07 23:37:03 25856 --a------ C:\WINDOWS\rundll16.exe
2008-07-07 23:37:01 20480 --a------ C:\WINDOWS\quicken.exe
2008-07-07 23:37:00 31232 --a------ C:\WINDOWS\qttasks.exe
2008-07-07 23:36:55 19200 --a------ C:\WINDOWS\olehelp.exe
2008-07-07 23:36:54 11008 --a------ C:\WINDOWS\notepad32.exe
2008-07-07 23:36:54 13056 --a------ C:\WINDOWS\mtwirl32.dll
2008-07-07 23:36:54 8960 --a------ C:\WINDOWS\mswsc20.dll
2008-07-07 23:36:54 19968 --a------ C:\WINDOWS\mswsc10.dll
2008-07-07 23:36:53 27904 --a------ C:\WINDOWS\msupdate.exe
2008-07-07 23:36:50 29440 --a------ C:\WINDOWS\mssys.exe
2008-07-07 23:36:46 8448 --a------ C:\WINDOWS\msspi.dll
2008-07-07 23:36:46 12800 --a------ C:\WINDOWS\msconfd.dll
2008-07-07 23:36:46 23296 --a------ C:\WINDOWS\loader.exe
2008-07-07 23:36:44 10240 --a------ C:\WINDOWS\internet.exe
2008-07-07 23:36:44 32512 --a------ C:\WINDOWS\inetinf.exe
2008-07-07 23:36:38 8960 --a------ C:\WINDOWS\iexplorer.exe
2008-07-07 23:36:38 15360 --a------ C:\WINDOWS\iedll.exe
2008-07-07 23:36:37 27136 --a------ C:\WINDOWS\helpcvs.exe
2008-07-07 23:36:34 10240 --a------ C:\WINDOWS\gfmnaaa.dll
2008-07-07 23:36:34 32000 --a------ C:\WINDOWS\funny.exe
2008-07-07 23:36:27 27392 --a------ C:\WINDOWS\funniest.exe
2008-07-07 23:36:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 23:36:23 21504 --a------ C:\WINDOWS\explorer32.exe
2008-07-07 23:36:22 13568 --a------ C:\WINDOWS\explore.exe
2008-07-07 23:36:22 18432 --a------ C:\WINDOWS\editpad.exe
2008-07-07 23:36:21 26368 --a------ C:\WINDOWS\dnsrelay.dll
2008-07-07 23:36:19 27392 --a------ C:\WINDOWS\directx32.exe
2008-07-07 23:36:16 21760 --a------ C:\WINDOWS\ctrlpan.dll
2008-07-07 23:36:14 14080 --a------ C:\WINDOWS\ctfmon32.exe
2008-07-07 23:36:13 12544 --a------ C:\WINDOWS\cpan.dll
2008-07-07 23:36:13 25344 --a------ C:\WINDOWS\clrssn.exe
2008-07-07 23:36:11 17664 --a------ C:\WINDOWS\avpcc.dll
2008-07-07 23:36:09 30208 --a------ C:\WINDOWS\accesss.exe
2008-07-07 16:36:33 103424 --a------ C:\WINDOWS\System32\nuhpph.dll
2008-07-07 16:36:32 103424 --a------ C:\WINDOWS\System32\ewgrlkyh.dll
2008-07-07 05:05:17 25600 --a------ C:\WINDOWS\System32\tUljHXpO.dll
2008-07-07 05:03:15 25600 --a------ C:\WINDOWS\System32\pMDUOfdA.dll
2008-07-07 05:02:33 0 d-------- C:\WINDOWS\System32\?ssembly
2008-07-07 04:50:11 0 d-------- C:\VundoFix Backups
2008-07-06 22:04:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\s?stem
2008-07-06 22:03:33 0 dr------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Favorites
2008-07-06 22:03:30 4 --a------ C:\WINDOWS\System32\hljwugsf.bin
2008-07-06 22:03:30 152236 --a------ C:\WINDOWS\System32\g36.exe
2008-07-06 22:03:26 0 d--hs---- C:\WINDOWS\T0VN
2008-07-06 22:03:25 89561 --a------ C:\WINDOWS\System32\uoyzsydz.exe <Not Verified; Microsoft; XML Media>
2008-07-06 22:03:18 0 d-------- C:\WINDOWS\System32\tfig
2008-07-06 22:03:18 0 d-------- C:\WINDOWS\System32\net
2008-07-06 22:03:18 0 d-------- C:\WINDOWS\System32\cREG
2008-07-06 22:03:18 0 d-------- C:\WINDOWS\System32\1030
2008-07-06 22:03:16 0 d-------- C:\Program Files\Common Files\?dobe
2008-07-06 22:03:13 0 d-------- C:\WINDOWS\System32\olixds01
2008-07-06 22:03:12 0 d-------- C:\Temp
2008-06-09 17:29:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-06-09 17:29:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-09 17:29:24 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-09 17:29:01 0 d-------- C:\Program Files\Common Files\Download Manager


-- Find3M Report ---------------------------------------------------------------

2008-07-08 22:31:03 0 d-------- C:\Program Files\Common Files\?dobe
2008-07-07 23:36:26 0 d-------- C:\Program Files\Common Files
2008-07-07 05:02:33 0 d-------- C:\Documents and Settings\Administrator\Application Data\s?stem


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8f4d570e-1696-42c5-bcf6-92aed7ab67ef}]
07/07/2008 04:36 PM 103424 --a------ C:\WINDOWS\System32\nuhpph.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3hotkey"="S3hotkey.exe" [09/12/2001 01:27 PM C:\WINDOWS\system32\S3hotkey.exe]
"S3TRAY2"="S3tray2.exe" [02/20/2002 08:38 AM C:\WINDOWS\system32\S3tray2.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/18/2001 01:00 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/18/2001 01:00 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/18/2001 01:00 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dyhv"="C:\Documents and Settings\Administrator\Application Data\s?stem\r?gedit.exe" [05/29/2008 07:35 PM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/2007 11:39 AM]
"Ieuu"="C:\PROGRA~1\COMMON~1\DOBE~1\nslookup.exe" [07/08/2008 10:31 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background


-- End of Deckard's System Scanner: finished at 2008-07-08 16:36:34 ------------
  • 0

#4
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

Firstly you have to patch Service Pack 1a to your computer. This patch contains critical securities updates for your computer. Without it your computer is wide open to re-infection and any fix attempt is useless.
Please go HERE to update your Windows to Service Pack 1a. Apply the update. After that please reboot before proceed to the next step.

Please
DO NOT apply Service Pack 2 into your computer until we give it all clear.



Read above quote.. Please apply Service Pack 1a.. then post back a fresh Deckard System Scanner log in your next reply..


Regards
fenzodahl512

Edited by fenzodahl512, 08 July 2008 - 07:45 PM.

  • 0

#5
anniey

anniey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
When I click that link it redirects me to a download page for SP3. Is it okay if I download that instead?

Also, it looks like I have AntiVirus XP 2008 now as well, because I keep getting pop-ups for that. My desktop background has changed as well.
  • 0

#6
anniey

anniey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry, double post. My internet has slowed down a lot.

Edited by anniey, 08 July 2008 - 07:51 PM.

  • 0

#7
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
sorry,.. Please use below link instead...

http://www.microsoft...;DisplayLang=en
  • 0

#8
anniey

anniey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I went to the link and clicked download, but I get the "Page cannot be displayed" message in the download screen that pops up.
  • 0

#9
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Can you try it again please.. The link works fine with me.. :)

Tell me if you still couldn't
  • 0

#10
anniey

anniey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It worked this time, but when I tried to install the program it said something along the lines of "Setup can't determine the integrity of Update.ini".

Also, my computer is getting progressively worse -- I tried running Malwarebytes and SuperAntiSpyware again, and they both detected several files, but when I tried to delete them and rebooted, the computer was still infected.

I dunno... the computer in question is one that's supposed to only be used in a restaurant for business-related things, so it doesn't have a firewall. Maybe that's why things keep getting worse.

Unfortunately, I won't have access to this computer for a few days, so if you figure out what to do, it'll be a few days until I respond. Sorry for the inconvenience!
  • 0

Advertisements


#11
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Run this first,

Please download SDFix by Andy Manchesta and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • A new folder will be extracted to your %systemdrive%, typically C:\SDFix
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt along with any other requested logs at the end of these instructions.



NEXT


Ok.. If that SP1 express-installer is not working on you, then you may need its Checked Network Install version.. link below:

http://www.microsoft...;DisplayLang=en

Make sure you install it first before posting me a fresh DSS log :)


So, in your next reply, I will need

1. SDFix log
2. A fresh Deckard System Scanner log (after you patching Service Pack 1)


Regards
fenzodahl512

Edited by fenzodahl512, 08 July 2008 - 10:45 PM.

  • 0

#12
anniey

anniey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sorry for the delayed response!

I managed to delete Antivirus and all other viruses from the registry manually. Now the computer runs fine, except there are two problems. One, the computer still won't let me reboot it in safe mode, so I haven't been able to try SDFix yet. Ever since I got the infection, every time I select Safe Mode it gives me a blue screen that reads something along the lines of:

A problem has been detected and windows has been shut down to prevent damage to your computer.

(the name of a different error code every time, like PAGE_FAULT_IN _ NONPAGED_AREA, BOGUS_DRIVER, Irql_not_ less_ or_ equal, etc.)

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed.
If this is a new installation, ask your hardware or software manufacturer for any windows updates you might need.

If problems continue disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode to remove or disable components, restart your computer, press F8 to select advanced start up options and then select Safe Mode.


Before I used to only get this message when I tried to reboot in safe mode, but now that the viruses are off the computer, I keep getting it without warning every few hours, and every time I get it the computer restarts, only to show the same message with a different error code again. It keeps going in this cycle of rebooting and going to the error page unless I either shut off the computer manually or press any key on the keyboard, which brings the screen back to the way it was before the blue screen popped up.

The second problem is that I now have a different desktop that displays the message:

Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.


I'm positive this is left over from Antivirus, but I can't figure out how to remove it.

This might be too much to ask, but do you know of any ways I can manually solve this problem without downloading any programs? Because the problem with the computer is that it's a modified version of the XP operating system, and it's not really designed for recreational use. It's only got two or three programs installed on it, and no firewall or any sort of protection, and it seems every time I download a program (even a safe one like the spyware removers you guys linked me to), I get a new infection.

Thanks for all your help!

Edited by anniey, 13 July 2008 - 01:42 AM.

  • 0

#13
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

This might be too much to ask, but do you know of any ways I can manually solve this problem without downloading any programs? Because the problem with the computer is that it's a modified version of the XP operating system, and it's not really designed for recreational use. It's only got two or three programs installed on it, and no firewall or any sort of protection, and it seems every time I download a program (even a safe one like the spyware removers you guys linked me to), I get a new infection.

Thanks for all your help!



That is why we asked you to patch Service Pack 1 in the first place.. Please read my quote below:

Firstly you have to patch Service Pack 1a to your computer. This patch contains critical securities updates for your computer. Without it your computer is wide open to re-infection and any fix attempt is useless.

..


What do you mean by modified version of XP?.. Is it legal? (Original copy of Windows XP?)
  • 0

#14
anniey

anniey

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Okay, I'll download it when I have access to the computer tomorrow. I'll let you know how it goes.

It's legal; it's just modified for use of one program only, which I didn't know when I went on the internet (the internet connection's there to process credit cards) to check something. I'm not sure what features of the regular XP operating system it's missing, but I do know it doesn't have any kind of protection at all. Also, I was told I can't reformat the hard drive, though I'm not sure about system restore.
  • 0

#15
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
It's okay.. I'll wait for your progress and then we will go on from there.. :)


Regards
fenzodahl512
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP