Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Did Combo Fix , Vundofix will not finish ,


  • Please log in to reply

#1
wirewendy

wirewendy

    Member

  • Member
  • PipPip
  • 16 posts
I am so new to this , but well , here goes . I did combo fix , have the log which I will post . I did Vundofix as well and it did scan , but, would not remove and had to keep re-booting . Any advice would be so helpful and again , I am hoping I posted and did all the right things in the right spot . Thank you , Wendy. ComboFix 08-02-13.2 - Owner 2008-02-13 0:13:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.148 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\SpyGuardPro
C:\Documents and Settings\Owner\Application Data\SpyGuardPro\Logs\threats.log
C:\Program Files\SpyGuardPro
C:\Program Files\SpyGuardPro\history.db
C:\Program Files\SpyGuardPro\main.log
C:\Program Files\SpyGuardPro\ResErrors.log
C:\SpyGuardPro
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\system32\asembl~1\a?sembly\
C:\WINDOWS\system32\gjwvruke.ini
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini2
C:\WINDOWS\system32\luckujmt.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljjihi.dll
C:\WINDOWS\system32\oabmnpku.ini
C:\WINDOWS\system32\ssttu.dll
C:\WINDOWS\system32\ukpnmbao.dll
C:\WINDOWS\system32\uttss.ini
C:\WINDOWS\system32\uttss.ini2
C:\WINDOWS\system32\wiyrwelu.ini
C:\WINDOWS\system32\wnsintsu.exe
C:\WINDOWS\system32\xgglxcxm.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-12 23:58 . 2008-02-12 23:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-12 16:17 . 2008-02-12 16:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-03 22:07 . 2008-02-03 22:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 21:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 21:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 19:24 . 2008-02-03 22:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-03 19:23 . 2007-03-29 06:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-03 19:23 . 2007-03-29 06:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-03 19:23 . 2007-03-29 06:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-02-03 18:56 . 2008-02-03 23:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-17 19:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 06:19 4,000 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-12 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-30 17:13 --------- d-----w C:\Program Files\McAfee
2007-12-13 23:46 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-13 23:41 --------- d-----w C:\Program Files\McAfee.com
2005-04-04 21:34 63,248 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-02-08 00:36 795,540 ----a-w C:\Program Files\fishtank.zip
2006-03-30 16:36 307,193 --sha-w C:\WINDOWS\system32\kjllm.bak1
2006-04-07 21:53 512,636 --sha-w C:\WINDOWS\system32\kjllm.bak2
2006-04-07 21:56 505,954 --sha-w C:\WINDOWS\system32\kjllm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE8B80D7-6640-4C33-893D-BF51CE1DA226}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 03:34 32768]
"Zsjfddf"="C:\WINDOWS\system32\t?skmgr.exe" [2004-08-04 01:56 135680]
"RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-01 01:28 32881]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 17:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 21:16 229376]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Inet Delivery"="C:\Program Files\Inet Delivery\inetdl.exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 13:21 198184]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 15:15:28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-03 18:55:28 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-01 14:49:28 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-04-01 15:16:45 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll


.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 14:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-09 11:00:08 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 00:19:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
.
**************************************************************************
.
Completion time: 2008-02-13 0:23:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 06:23:14
.
2008-01-09 11:02:36 --- E O F ---
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi wirewendy and Welcome to Geeks2Go!

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#3
wirewendy

wirewendy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi Crete Monster and Thank you so much for your post ! I did the Anti-Malware scan and have the log for you , Thank you again . Does this end the infection ? And if so can I uninstall Combofix, Vundofix ? Any advice on programs I can add that will help this from happening again ? Huge Thanks for your help , Wendy . Malwarebytes' Anti-Malware 1.03
Database version: 357

Scan type: Quick Scan
Objects scanned: 21920
Time elapsed: 4 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ugac (Rogue.PCSecureSystem) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
  • 0

#4
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
If you dont mind,do a fresh scan with ComboFix and post the log in the next reply please.
  • 0

#5
wirewendy

wirewendy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
CreteMonster , Thanks again , Did the Combofix scan as you said and I am posting the log , Thanks so much for your help , Wendy . ComboFix 08-02-13.2 - Owner 2008-02-14 0:25:24.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-13 16:50 . 2008-02-13 16:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-13 16:49 . 2008-02-13 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-12 23:58 . 2008-02-12 23:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-12 16:17 . 2008-02-12 16:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-03 22:07 . 2008-02-03 22:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 21:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 21:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 19:24 . 2008-02-03 22:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-03 19:23 . 2007-03-29 06:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-03 19:23 . 2007-03-29 06:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-03 19:23 . 2007-03-29 06:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-02-03 18:56 . 2008-02-03 23:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-17 19:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 11:52 4,000 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-12 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-30 17:13 --------- d-----w C:\Program Files\McAfee
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-14 20:08 68,080 ----a-w C:\WINDOWS\system32\drvins64.exe
2007-11-14 20:08 120,304 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-14 20:08 118,256 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2005-04-04 21:34 63,248 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-02-08 00:36 795,540 ----a-w C:\Program Files\fishtank.zip
2006-03-30 16:36 307,193 --sha-w C:\WINDOWS\system32\kjllm.bak1
2006-04-07 21:53 512,636 --sha-w C:\WINDOWS\system32\kjllm.bak2
2006-04-07 21:56 505,954 --sha-w C:\WINDOWS\system32\kjllm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE8B80D7-6640-4C33-893D-BF51CE1DA226}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 03:34 32768]
"Zsjfddf"="C:\WINDOWS\system32\t?skmgr.exe" [2004-08-04 01:56 135680]
"RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-01 01:28 32881]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 17:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 21:16 229376]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Inet Delivery"="C:\Program Files\Inet Delivery\inetdl.exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 13:21 198184]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 15:15:28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-03 18:55:28 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-01 14:49:28 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-04-01 15:16:45 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,


.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 14:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-13 11:00:07 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 00:28:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-14 0:29:41
ComboFix-quarantined-files.txt 2008-02-14 06:29:26
ComboFix2.txt 2008-02-13 06:23:17
.
2008-02-13 11:03:50 --- E O F ---
  • 0

#6
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Excellent,lets get you cleaned up and on your way to happier surfing.

Copy the text below to notepad and save it to the desktop with the name CFScript.txt

File::
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini2
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE8B80D7-6640-4C33-893D-BF51CE1DA226}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log and a fresh HijackThis log.


After posting those,Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#7
wirewendy

wirewendy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Crete Monster , Thanks again for your post , Here are the results from the Combofix and Panda Scan . I haven't done the Panda scan remove infected files yet , waiting to hear from you what I should do . Thanks so much , Wendy. ComboFix 08-02-13.2 - Owner 2008-02-14 15:33:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.78 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-14 15:30 . 2008-02-14 15:30 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-13 16:50 . 2008-02-13 16:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-13 16:49 . 2008-02-13 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-12 23:58 . 2008-02-12 23:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-12 16:17 . 2008-02-12 16:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-03 22:07 . 2008-02-03 22:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 21:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 21:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 19:24 . 2008-02-03 22:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-03 19:23 . 2007-03-29 06:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-03 19:23 . 2007-03-29 06:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-03 19:23 . 2007-03-29 06:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-02-03 18:56 . 2008-02-03 23:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-17 19:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 21:30 --------- d-----w C:\Program Files\McAfee
2008-02-13 11:52 4,000 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-12 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-14 20:08 68,080 ----a-w C:\WINDOWS\system32\drvins64.exe
2007-11-14 20:08 120,304 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-11-14 20:08 118,256 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2005-04-04 21:34 63,248 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-02-08 00:36 795,540 ----a-w C:\Program Files\fishtank.zip
2006-03-30 16:36 307,193 --sha-w C:\WINDOWS\system32\kjllm.bak1
2006-04-07 21:53 512,636 --sha-w C:\WINDOWS\system32\kjllm.bak2
2006-04-07 21:56 505,954 --sha-w C:\WINDOWS\system32\kjllm.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE8B80D7-6640-4C33-893D-BF51CE1DA226}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 03:34 32768]
"Zsjfddf"="C:\WINDOWS\system32\t?skmgr.exe" [2004-08-04 01:56 135680]
"RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-01 01:28 32881]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 17:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 21:16 229376]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Inet Delivery"="C:\Program Files\Inet Delivery\inetdl.exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 13:21 198184]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 15:15:28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-03 18:55:28 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-01 14:49:28 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-04-01 15:16:45 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

S2 0170261203024713mcinstcleanup;McAfee Application Installer Cleanup (0170261203024713);C:\WINDOWS\TEMP\017026~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 14:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-13 11:00:07 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-14 15:38:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-14 15:40:24
ComboFix-quarantined-files.txt 2008-02-14 21:40:15
ComboFix2.txt 2008-02-14 06:29:42
ComboFix3.txt 2008-02-13 06:23:17
.
2008-02-13 11:03:50 --- E O F ---
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-02-14 17:18:36
PROTECTIONS: 1
MALWARE: 13
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00096188 spyware/searchcentrix Spyware No 1 Yes No hkey_current_user\software\dynamic toolbar
00101314 adware/intdel Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\run\inet delivery
00101555 Application/KillApp.B HackTools No 0 Yes No C:\hp\bin\KillIt.exe
00103967 adware/dealhelper Adware No 0 Yes No c:\windows\dsearch1.bin
00167210 dialer.baj Dialers No 0 Yes No c:\x.cab
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP831\A0150548.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0150291.EXE
01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Owner\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Owner\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0150432.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0150413.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0150314.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP830\A0150468.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP831\A0150583.com
01269187 Application/Winantivirus2006 HackTools No 0 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP811\A0139452.old
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
02898773 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0148917.dll
02898773 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\mljjihi.dll.bad
02898773 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\efccdeb.dll.bad
02898773 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0150271.dll
02898773 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\mljjihi.dll.vir
02900252 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP826\A0148918.dll
02900252 Spyware/Virtumonde Spyware No 1 Yes No C:\VundoFix Backups\ekurvwjg.dll.bad
02900418 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP829\A0150272.dll
02900418 Spyware/Virtumonde Spyware No 1 Yes No C:\QooBox\Quarantine\C\WINDOWS\system32\ssttu.dll.vir
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
C:\PROGRAM FILES\UPDATES FROM HP\137903\PROGRAM\BACKWEB-137903.EXE
;===============================================================================
=================================================================================
===================
  • 0

#8
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hmmm,something didnt work,I think my instructions end up producing a file that actually looks like this--> CFScript.txt.txt and this may cause issues,plus I missed something. :)

Lets try this again.

Copy the text below to notepad and save it to the desktop with the name CFScript without the .txt extension typed in.

File::
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini2
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE8B80D7-6640-4C33-893D-BF51CE1DA226}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zsjfddf"=-

Once saved,drag CFScript.txt on top of ComboFix.exe and this will launch the tool and begin the script.


Once completed,post the new CombFix log


Also,do me a favor and Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingc...showtutorial=62

Go to C:\WINDOWS\system32 and tell me how many copies of taskmgr.exe you actually see there?
  • 0

#9
wirewendy

wirewendy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi CreteMonster , Thanks again , I did the Combofix with the script , and I see only one Task Manager .exe . I also did the show hidden files . Here is the log for the new Combofix scan . Your help with this has been a blessing , Thanks so much, Wendy . ComboFix 08-02-13.2 - Owner 2008-02-16 15:27:35.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-16 to 2008-02-16 )))))))))))))))))))))))))))))))
.

2008-02-14 16:01 . 2008-02-14 16:01 <DIR> d-------- C:\Program Files\Panda Security
2008-02-14 15:30 . 2008-02-14 15:30 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-13 16:50 . 2008-02-13 16:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-13 16:49 . 2008-02-13 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-12 23:58 . 2008-02-12 23:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-12 16:17 . 2008-02-12 16:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-03 22:07 . 2008-02-03 22:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 21:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 21:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 19:24 . 2008-02-03 22:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-03 19:23 . 2007-03-29 06:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-03 19:23 . 2007-03-29 06:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-03 19:23 . 2007-03-29 06:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-02-03 18:56 . 2008-02-03 23:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-17 19:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 21:30 --------- d-----w C:\Program Files\McAfee
2008-02-13 11:52 4,000 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-12 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-04-04 21:34 63,248 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-02-08 00:36 795,540 ----a-w C:\Program Files\fishtank.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE8B80D7-6640-4C33-893D-BF51CE1DA226}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 03:34 32768]
"Zsjfddf"="C:\WINDOWS\system32\t?skmgr.exe" [2004-08-04 01:56 135680]
"RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-01 01:28 32881]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 17:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 21:16 229376]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Inet Delivery"="C:\Program Files\Inet Delivery\inetdl.exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 13:21 198184]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 15:15:28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-03 18:55:28 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-01 14:49:28 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-04-01 15:16:45 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljk]
C:\WINDOWS\system32\mlljk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

S2 0170261203024713mcinstcleanup;McAfee Application Installer Cleanup (0170261203024713);C:\WINDOWS\TEMP\017026~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

*Newly Created Service* - RKPAVPROC
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 14:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-13 11:00:07 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 15:30:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-16 15:31:48
ComboFix-quarantined-files.txt 2008-02-16 21:31:27
ComboFix2.txt 2008-02-14 21:40:25
ComboFix3.txt 2008-02-14 06:29:42
ComboFix4.txt 2008-02-13 06:23:17
.
2008-02-13 11:03:50 --- E O F ---
  • 0

#10
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Can you post a fresh HijackThis log please.
  • 0

Advertisements


#11
wirewendy

wirewendy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
CreteMonster , Sorry about that, you wanted the log with the hidden files showing . Learning alot from you here about stuff I had no idea I could do , Thanks for that too . Here is the fresh scan and log , Thanks for your patience for a novice here , Wendy. ComboFix 08-02-13.2 - Owner 2008-02-17 2:05:57.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.205 [GMT -6:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-14 16:01 . 2008-02-14 16:01 <DIR> d-------- C:\Program Files\Panda Security
2008-02-13 16:50 . 2008-02-13 16:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-13 16:49 . 2008-02-13 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-12 23:58 . 2008-02-12 23:58 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-12 16:17 . 2008-02-12 16:17 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\McAfee
2008-02-03 22:07 . 2008-02-03 22:10 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-03 21:46 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-03 21:46 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-03 21:46 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-03 19:24 . 2008-02-03 22:00 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-02-03 19:23 . 2007-03-29 06:56 409,600 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-02-03 19:23 . 2007-03-29 06:56 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-02-03 19:23 . 2007-03-29 06:56 8,192 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a--c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-02-03 19:23 . 2007-03-29 06:56 7,168 --a------ C:\WINDOWS\system32\bitsprx4.dll
2008-02-03 18:56 . 2008-02-03 23:51 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-17 19:13 . 2008-01-17 19:13 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-17 19:12 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 21:54 4,000 ----a-w C:\WINDOWS\viassary-hp.reg
2008-02-14 21:30 --------- d-----w C:\Program Files\McAfee
2008-02-12 22:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2005-04-04 21:34 63,248 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-02-08 00:36 795,540 ----a-w C:\Program Files\fishtank.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 03:34 32768]
"RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-01 01:28 32881]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 17:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 05:23 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-01-16 21:16 229376]
"VTTimer"="VTTimer.exe" [2004-10-22 11:53 53248 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Inet Delivery"="C:\Program Files\Inet Delivery\inetdl.exe" [ ]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33 582992]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2007-04-19 13:21 198184]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
HP Organize.lnk - C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2004-04-01 15:15:28 36864]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-03 18:55:28 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 14:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-01 14:49:28 1073152]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2004-04-01 15:16:45 16384]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

S2 0170261203024713mcinstcleanup;McAfee Application Installer Cleanup (0170261203024713);C:\WINDOWS\TEMP\017026~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog []

*Newly Created Service* - 0170261203024713MCINSTCLEANUP
.
Contents of the 'Scheduled Tasks' folder
"2008-01-21 14:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 07:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-02-13 11:00:07 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 02:10:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 2:11:42
ComboFix-quarantined-files.txt 2008-02-17 08:11:21
ComboFix2.txt 2008-02-16 21:31:49
ComboFix3.txt 2008-02-14 21:40:25
ComboFix4.txt 2008-02-14 06:29:42
ComboFix5.txt 2008-02-13 06:23:17
.
2008-02-13 11:03:50 --- E O F ---
  • 0

#12
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Very well done,thanks for the extra log.

See if you can find and delete this file--> c:\windows\dsearch1.bin


Once last scan please,Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#13
wirewendy

wirewendy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Cretemonster , Hi , I deleted the file you told me to and loaded the Kaspersky Online Scanner as well . It was almost done and suddenly closed without finishing and re-prompted my desktop to load again without producing any log . Did I make a misstake ? I tried to do another scan and the Kaspersky wouldn't open up to scan My computer . Any of this make sense ? Thanks so much , Wendy .
  • 0

#14
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Scan these 2 files at VirusTotal first and lets be sure those are OK.

C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\oleaut32.dll

Is your logon account you use,an administrator account?
  • 0

#15
wirewendy

wirewendy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Cretemonster , Thank you again . {No} I think to the logon account being an administrator account? If you are asking about mail ect... I am not sure what you mean {feeling dumb right now} Here is the first file result form the scan , Thanks again , Wendy . File wininet.dll received on 02.19.2008


Antivirus Version Last Update Result
AhnLab-V3 2008.2.19.1 2008.02.19 -
AntiVir 7.6.0.67 2008.02.18 -
Authentium 4.93.8 2008.02.19 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.18 -
BitDefender 7.2 2008.02.19 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.18 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5546 2008.02.18 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.19 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.18 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
Kaspersky 7.0.0.125 2008.02.19 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2884 2008.02.18 -
Norman 5.80.02 2008.02.18 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.19 -
Rising 20.32.02.00 2008.02.18 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.18 -
Symantec 10 2008.02.19 -
TheHacker 6.2.9.223 2008.02.18 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.18 -
Webwasher-Gateway 6.6.2 2008.02.18 -
Additional information
File size: 659456 bytes
MD5: 57d1b5150cf6331fac6b3e04c1fcb966
SHA1: aa2831885cedda83fa0e5d7f352a3e212f5f4999
PEiD: -
File oleaut32.dll received on 02.19.2008 07:04:55 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 5.
Estimated start time is between 50 and 72 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.2.19.1 2008.02.19 -
AntiVir 7.6.0.67 2008.02.18 -
Authentium 4.93.8 2008.02.19 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.18 -
BitDefender 7.2 2008.02.19 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.18 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5546 2008.02.18 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.19 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.18 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
Kaspersky 7.0.0.125 2008.02.19 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2884 2008.02.18 -
Norman 5.80.02 2008.02.18 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.19 -
Rising 20.32.10.00 2008.02.19 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.19 -
TheHacker 6.2.9.223 2008.02.18 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.18 -
Webwasher-Gateway 6.6.2 2008.02.18 -
Additional information
File size: 550912 bytes
MD5: 0144abc4c4a624b583d432ee478a711c
SHA1: b7b579f21bb3f6ebb01a1b6567c11461022eb45e
PEiD: MS Visual C++ v.8 DLL (h-small sig2)
second file scan : File oleaut32.dll received on 02.19.2008 07:04:55 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 5.
Estimated start time is between 50 and 72 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.2.19.1 2008.02.19 -
AntiVir 7.6.0.67 2008.02.18 -
Authentium 4.93.8 2008.02.19 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.18 -
BitDefender 7.2 2008.02.19 -
CAT-QuickHeal 9.50 2008.02.18 -
ClamAV 0.92.1 2008.02.19 -
DrWeb 4.44.0.09170 2008.02.18 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5546 2008.02.18 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.19 -
Fortinet 3.14.0.0 2008.02.19 -
F-Prot 4.4.2.54 2008.02.18 -
F-Secure 6.70.13260.0 2008.02.19 -
Ikarus T3.1.1.20 2008.02.19 -
Kaspersky 7.0.0.125 2008.02.19 -
McAfee 5232 2008.02.18 -
Microsoft 1.3204 2008.02.19 -
NOD32v2 2884 2008.02.18 -
Norman 5.80.02 2008.02.18 -
Panda 9.0.0.4 2008.02.19 -
Prevx1 V2 2008.02.19 -
Rising 20.32.10.00 2008.02.19 -
Sophos 4.26.0 2008.02.19 -
Sunbelt 3.0.884.0 2008.02.19 -
Symantec 10 2008.02.19 -
TheHacker 6.2.9.223 2008.02.18 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.18 -
Webwasher-Gateway 6.6.2 2008.02.18 -
Additional information
File size: 550912 bytes
MD5: 0144abc4c4a624b583d432ee478a711c
SHA1: b7b579f21bb3f6ebb01a1b6567c11461022eb45e
PEiD: MS Visual C++ v.8 DLL (h-small sig2)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP