Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Speed Monitor [Resolved]


  • This topic is locked This topic is locked

#1
Marw

Marw

    New Member

  • Member
  • Pip
  • 5 posts
Hello,

I was referred to this website, they said you give very good and detailed help =) So Hopefully you can help me out..
Last night, well early thismorning, I noticed my CPU usage was really high.. and when I opened webpages, I got a whole bunch of popups...
When on a search engine, it says Internet Speed Monitor.. I researched a bit on that, and believe I may have removed that.. Not too sure...
Also, I have some processes in my Task Manager, that say like "msnmsgr .exe" With a space or two in between the name and the .exe..
I'm assuming this is some sort of malware.. Or something of the sort..
I have a HijackThis log, which I shall now post...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:26:06 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\??sks\n?lookup.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstq.exe
O2 - BHO: (no name) - {3635CD97-237A-7FDB-021A-5900BCBC8FB9} - C:\WINDOWS\system32\aweup.dll
O2 - BHO: (no name) - {6B76CAA7-CC25-4093-ABB5-0152CF70BEC4} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccbabx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway .exe" .e
O4 - HKCU\..\Run: [Raia] "C:\WINDOWS\SSEMBL~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Tosigduu] C:\WINDOWS\??sks\n?lookup.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198365526937
O20 - Winlogon Notify: fccbabx - fccbabx.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4784 bytes





Also, I ran AVG Again, and have a new HijackThis log...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:36 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\??sks\n?lookup.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system32\vtstq.exe
O2 - BHO: (no name) - {3635CD97-237A-7FDB-021A-5900BCBC8FB9} - C:\WINDOWS\system32\aweup.dll
O2 - BHO: (no name) - {6B76CAA7-CC25-4093-ABB5-0152CF70BEC4} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\fccbabx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway .exe" .e
O4 - HKCU\..\Run: [Raia] "C:\WINDOWS\SSEMBL~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [Tosigduu] C:\WINDOWS\??sks\n?lookup.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198365526937
O20 - Winlogon Notify: fccbabx - fccbabx.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4646 bytes



Thank you,

Autumn
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Marw

Welcome to G2Go. :)
================
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
Marw

Marw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Okay, I got these logs now, thank you for helping me, it is quite appreciated =)

ComboFix log

ComboFix 08-02.03.1 - Marw 2008-02-03 20:39:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.242 [GMT -8:00]
Running from: C:\Documents and Settings\Marw\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive10.dll
C:\Program Files\Temporary
C:\WINDOWS\sks~1
C:\WINDOWS\system32\aweup.dll
C:\WINDOWS\system32\qtstv.ini
C:\WINDOWS\system32\qtstv.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 15:13 . 2008-02-03 15:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 15:09 . 2008-02-03 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-03 06:16 . 2008-02-03 06:16 270,698 --a------ C:\WINDOWS\system32\L6A2D.tmp
2008-02-03 02:33 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 20:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-02 20:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-02 20:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-02 05:07 . 2008-02-02 05:07 <DIR> d-------- C:\Documents and Settings\Marw\Application Data\InstallShield
2008-02-01 17:05 . 2008-02-01 17:05 <DIR> d-------- C:\Program Files\BitPim
2008-01-24 00:39 . 2008-01-24 01:07 <DIR> d-------- C:\Program Files\Talisman
2008-01-23 22:35 . 2008-01-23 22:35 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-23 05:48 . 2008-01-23 05:48 <DIR> d-------- C:\Program Files\Create-Ringtone
2008-01-23 05:45 . 2008-01-23 05:45 <DIR> d-------- C:\Program Files\SendToPhone
2008-01-22 15:33 . 2008-01-22 15:34 <DIR> d-------- C:\Program Files\Irth Online
2008-01-22 01:36 . 2008-01-22 01:36 <DIR> d-------- C:\WINDOWS\Irth
2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\WINDOWS\Sun
2008-01-21 02:59 . 2008-01-23 22:10 25,600 --a------ C:\Documents and Settings\Marw\usbsermptxp.sys
2008-01-21 02:59 . 2008-01-23 22:10 22,768 --a------ C:\Documents and Settings\Marw\usbsermpt.sys
2008-01-21 02:29 . 2008-01-21 02:29 <DIR> d-------- C:\Documents and Settings\Marw\LimeWire Store Purchased
2008-01-16 22:49 . 2008-01-16 22:49 <DIR> d-------- C:\Program Files\PlayerRealms
2008-01-15 23:49 . 2008-02-03 15:16 <DIR> d-------- C:\Program Files\ProxyWay
2008-01-14 00:29 . 2008-01-14 00:29 42,496 --a------ C:\Documents and Settings\Marw\98591.exe
2008-01-14 00:29 . 2008-01-14 00:29 42,496 --a------ C:\Documents and Settings\Marw\95018.exe
2008-01-13 20:56 . 2008-02-03 14:55 <DIR> d-------- C:\Documents and Settings\Marw\Application Data\AVG7
2008-01-13 20:56 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-13 20:56 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 20:56 . 2008-01-13 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-13 20:56 . 2008-01-13 20:56 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-13 20:56 . 2008-01-13 20:56 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-01-09 02:53 . 2008-01-09 02:53 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-01-09 02:53 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-01-09 02:53 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-01-09 02:53 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-01-09 02:53 . 2007-11-02 14:36 18,176 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-01-09 02:53 . 2007-01-22 18:33 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-01-09 02:53 . 2007-11-02 14:51 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-01-08 00:57 . 2008-01-08 00:57 <DIR> d-------- C:\Documents and Settings\Marw\WINDOWS
2008-01-06 01:39 . 2008-01-06 01:39 <DIR> d-------- C:\Documents and Settings\Marw\Application Data\Logitech
2008-01-06 01:38 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-06 01:38 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-06 01:38 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-06 01:38 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-01-06 01:38 . 2007-01-23 15:45 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-01-06 01:38 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-06 01:38 . 2007-01-23 15:44 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-01-06 01:38 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-01-06 01:37 . 2008-01-06 01:37 <DIR> d-------- C:\Program Files\Logitech
2008-01-06 01:37 . 2008-01-06 01:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-06 01:37 . 2008-01-06 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-05 21:23 . 2008-02-03 20:42 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{3BB20DBF-6A88-42DB-ADA3-C9B1E72CF3BD}
2008-01-05 21:21 . 2008-01-05 21:21 <DIR> d-------- C:\Program Files\D-Link
2008-01-05 21:21 . 2008-01-05 21:21 <DIR> d-------- C:\Program Files\ANI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 14:39 --------- d-----w C:\Program Files\Winamp
2008-02-03 13:21 --------- d-----w C:\Program Files\Nightmist
2008-02-03 10:33 --------- d-----w C:\Program Files\Java
2008-02-02 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 12:16 --------- d-----w C:\Documents and Settings\Marw\Application Data\LimeWire
2008-01-21 10:28 --------- d-----w C:\Program Files\LimeWire
2008-01-08 08:58 291 --sha-w C:\vdx.sys
2008-01-06 05:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 10:22 --------- d-----w C:\Documents and Settings\Marw\Application Data\Winamp
2007-12-29 12:10 --------- d-----w C:\Program Files\Galactic Magnate
2007-12-29 11:38 --------- d-----w C:\Documents and Settings\Marw\Application Data\Galactic Magnate
2007-12-29 08:26 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 08:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 10:09 --------- d-----w C:\Program Files\NMHelperMV
2007-12-25 05:13 --------- d-----w C:\Program Files\Common Files\Java
2007-12-23 01:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-23 01:28 --------- d-----w C:\Program Files\Windows Live
2007-12-23 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-23 01:16 --------- d-----w C:\Documents and Settings\Marw\Application Data\Talkback
2007-12-22 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-22 04:59 --------- d-----w C:\Program Files\microsoft frontpage
.
<pre>
----a-w			49,152 2008-02-03 14:32:24  C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
----a-w		 1,880,064 2008-02-03 14:32:37  C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG .exe
----a-w		   579,072 2008-02-03 14:32:28  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w		   132,496 2008-02-03 14:32:18  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w		   374,272 2008-02-03 14:32:33  C:\Program Files\ProxyWay\proxyway .exe
----a-w			37,376 2008-02-03 14:32:18  C:\Program Files\Winamp\winampa .exe
----a-w		 5,724,184 2008-02-03 14:32:47  C:\Program Files\Windows Live\Messenger\MsnMsgr  .Exe
----a-w		 4,670,704 2008-02-03 14:32:52  C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B76CAA7-CC25-4093-ABB5-0152CF70BEC4}]
C:\WINDOWS\system32\vtstq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway .exe" [2008-02-03 06:32 374272]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 20:56 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-19 22:51:53 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbabx]
fccbabx.dll

R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 19:10]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 14:31]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 18:33]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 20:42:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-03 20:43:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 04:43:29






And, then here is the HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:16 PM, on 2/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {6B76CAA7-CC25-4093-ABB5-0152CF70BEC4} - C:\WINDOWS\system32\vtstq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway .exe" .e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198365526937
O20 - Winlogon Notify: fccbabx - fccbabx.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4049 bytes


Thank you,
Autumn
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Documents and Settings\Marw\98591.exe
C:\Documents and Settings\Marw\95018.exe
C:\WINDOWS\system32\vtstq.dll
RenV::
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG .exe
C:\Program Files\Grisoft\AVG7\avgcc .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\Program Files\ProxyWay\proxyway .exe
C:\Program Files\Winamp\winampa .exe
C:\Program Files\Windows Live\Messenger\MsnMsgr  .Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger  .exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6B76CAA7-CC25-4093-ABB5-0152CF70BEC4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccbabx]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
Marw

Marw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Okay, things seem to be running better now.. My CPU usage is no longer bouncing around from 60-100%..
I no longer get a bunch of pop-ups when I load a webpage, and there is no Internet Speed Monitor ads and so forth anylonger...
Also, all the "program .exe" files and so forth are gone from my Task Manager.
Things seem to be looking brighter for my computer =)
Here are the logs

ComboFix 08-02.03.1 - Marw 2008-02-04 2:09:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Running from: C:\Documents and Settings\Marw\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Marw\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Marw\95018.exe
C:\Documents and Settings\Marw\98591.exe
C:\WINDOWS\system32\vtstq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Marw\95018.exe
C:\Documents and Settings\Marw\98591.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 15:13 . 2008-02-03 15:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 15:09 . 2008-02-03 15:09 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-03 06:16 . 2008-02-03 06:16 270,698 --a------ C:\WINDOWS\system32\L6A2D.tmp
2008-02-03 02:33 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-02 20:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-02 20:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-02 20:24 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-02 05:07 . 2008-02-02 05:07 <DIR> d-------- C:\Documents and Settings\Marw\Application Data\InstallShield
2008-02-01 17:05 . 2008-02-01 17:05 <DIR> d-------- C:\Program Files\BitPim
2008-01-24 00:39 . 2008-01-24 01:07 <DIR> d-------- C:\Program Files\Talisman
2008-01-23 22:35 . 2008-01-23 22:35 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-01-23 05:48 . 2008-01-23 05:48 <DIR> d-------- C:\Program Files\Create-Ringtone
2008-01-23 05:45 . 2008-01-23 05:45 <DIR> d-------- C:\Program Files\SendToPhone
2008-01-22 15:33 . 2008-01-22 15:34 <DIR> d-------- C:\Program Files\Irth Online
2008-01-22 01:36 . 2008-01-22 01:36 <DIR> d-------- C:\WINDOWS\Irth
2008-01-21 22:55 . 2008-01-21 22:55 <DIR> d-------- C:\WINDOWS\Sun
2008-01-21 02:59 . 2008-01-23 22:10 25,600 --a------ C:\Documents and Settings\Marw\usbsermptxp.sys
2008-01-21 02:59 . 2008-01-23 22:10 22,768 --a------ C:\Documents and Settings\Marw\usbsermpt.sys
2008-01-21 02:29 . 2008-01-21 02:29 <DIR> d-------- C:\Documents and Settings\Marw\LimeWire Store Purchased
2008-01-16 22:49 . 2008-02-03 20:54 <DIR> d-------- C:\Program Files\PlayerRealms
2008-01-15 23:49 . 2008-02-04 02:09 <DIR> d-------- C:\Program Files\ProxyWay
2008-01-13 20:56 . 2008-02-03 14:55 <DIR> d-------- C:\Documents and Settings\Marw\Application Data\AVG7
2008-01-13 20:56 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-13 20:56 . 2008-01-13 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 20:56 . 2008-01-13 20:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-13 20:56 . 2008-01-13 20:56 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-01-13 20:56 . 2008-01-13 20:56 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-01-09 03:26 . 2008-01-09 03:26 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-01-09 02:53 . 2008-01-09 02:53 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-01-09 02:53 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-01-09 02:53 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-01-09 02:53 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-01-09 02:53 . 2007-11-02 14:36 18,176 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-01-09 02:53 . 2007-01-22 18:33 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-01-09 02:53 . 2007-11-02 14:51 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-01-08 00:57 . 2008-01-08 00:57 <DIR> d-------- C:\Documents and Settings\Marw\WINDOWS
2008-01-06 01:39 . 2008-01-06 01:39 <DIR> d-------- C:\Documents and Settings\Marw\Application Data\Logitech
2008-01-06 01:38 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-01-06 01:38 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-01-06 01:38 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-01-06 01:38 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-01-06 01:38 . 2007-01-23 15:45 78,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-01-06 01:38 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-01-06 01:38 . 2007-01-23 15:44 62,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-01-06 01:38 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-01-06 01:37 . 2008-01-06 01:37 <DIR> d-------- C:\Program Files\Logitech
2008-01-06 01:37 . 2008-01-06 01:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-01-06 01:37 . 2008-01-06 01:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-05 21:23 . 2008-02-04 02:13 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{3BB20DBF-6A88-42DB-ADA3-C9B1E72CF3BD}
2008-01-05 21:21 . 2008-01-05 21:21 <DIR> d-------- C:\Program Files\D-Link
2008-01-05 21:21 . 2008-01-05 21:21 <DIR> d-------- C:\Program Files\ANI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-04 10:09 --------- d-----w C:\Program Files\Winamp
2008-02-03 13:21 --------- d-----w C:\Program Files\Nightmist
2008-02-03 10:33 --------- d-----w C:\Program Files\Java
2008-02-02 13:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 12:16 --------- d-----w C:\Documents and Settings\Marw\Application Data\LimeWire
2008-01-21 10:28 --------- d-----w C:\Program Files\LimeWire
2008-01-08 08:58 291 --sha-w C:\vdx.sys
2008-01-06 05:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 10:22 --------- d-----w C:\Documents and Settings\Marw\Application Data\Winamp
2007-12-29 12:10 --------- d-----w C:\Program Files\Galactic Magnate
2007-12-29 11:38 --------- d-----w C:\Documents and Settings\Marw\Application Data\Galactic Magnate
2007-12-29 08:26 --------- d-----w C:\Program Files\Yahoo!
2007-12-29 08:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-25 10:09 --------- d-----w C:\Program Files\NMHelperMV
2007-12-25 05:13 --------- d-----w C:\Program Files\Common Files\Java
2007-12-23 01:28 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-23 01:28 --------- d-----w C:\Program Files\Windows Live
2007-12-23 01:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-23 01:16 --------- d-----w C:\Documents and Settings\Marw\Application Data\Talkback
2007-12-22 23:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA
2007-12-22 04:59 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ProxyWay"="C:\Program Files\ProxyWay\proxyway .exe" [ ]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-02-03 06:32 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 15:44 101136 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 20:56 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-19 22:51:53 688128]

R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-05-08 19:10]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 19:17]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 14:31]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 18:33]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 02:13:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ProxyWay\proxyway.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-04 2:14:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-0





HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:38 AM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway .exe" .e
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1198365526937
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3898 bytes


Thank you,
Autumn

Edited by Marw, 04 February 2008 - 02:31 AM.

  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#7
Marw

Marw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Okay, here is the PandaScan log file...

Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.overture.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.atwola.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.zedo.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[server.iad.liveperson.net/hc/14197866]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.adserver.easyad.info/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.com.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Marw\Application Data\Mozilla\Firefox\Profiles\z0dbu4j8.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Marw\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Marw\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Marw\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe

Thank you,
Autumn
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
============================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

You can delete that program after it runs.
================================================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
===================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#9
Marw

Marw

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Thank you so much !
My computer is running so much better now that all of that is cleared up =)
I am so glad I came to this forum, and that you helped me out.

Thank you again, !!
Autumn
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP