Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Fake Windows Security Center popup on Windows startup [RESOLVED]


  • This topic is locked This topic is locked

#1
ncjensen

ncjensen

    New Member

  • Member
  • Pip
  • 2 posts
I'm also getting the fake Windows Security Center pop up when I start my computer, as well as the yellow balloons in the system tray that pop up periodically. I've tried several scanners, none of which have been able to remove it so far. Any help here is appreciated -- here are my HJT logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:46 PM, on 5/20/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\SHOREL~1\SHOREW~1\STCHost.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\SHOREL~1\SHOREW~1\CSISCMGR.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://omniportal/_l...eateMySite.aspx
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ShoreTel Personal Call Manager] C:\Program Files\Shoreline Communications\ShoreWare Client\StartCli.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://helpdesk/aspn...ib/mcsimenu.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {3AC3D009-2E89-4F1E-9F51-04D4FBD50122} (Shoretel SClientInstall) - http://phoneserver/s...ientInstall.ocx
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1187991743073
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1187991733903
O16 - DPF: {74233DB3-F72F-44EA-94DC-258A624037E6} (ComponentOne FlexGrid 8.0 (UNICODE Light)) - http://helpdesk/aspn...lib/VSFlex8.CAB
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com.../crusher-us.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://omniture.web...bex/ieatgpc.cab
O16 - DPF: {FDF527BA-DDDA-11D3-AA82-006094EB09CB} (Altiris Clipboard Helper) - http://helpdesk/aspn...eXClipboard.CAB
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} (Plaxo Auto-Import Utility) - http://www.plaxo.com...upldr-2k-xp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = orm.omniture.com
O17 - HKLM\Software\..\Telephony: DomainName = orm.omniture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = orm.omniture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = orm.omniture.com
O20 - AppInit_DLLs: AMINIT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gxryxboe - C:\WINDOWS\SYSTEM32\gxryxboe.dll
O23 - Service: Microsoft DDE+ server (246e082e) - Unknown owner - C:\WINDOWS\system32\.246e082e\246e082e.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12080 bytes





And, here is a log from Combofix:


ComboFix 08-05-19.4 - njensen 2008-05-20 13:59:30.1 - NTFSx86
Running from: C:\Documents and Settings\njensen\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://mom
.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 12:19 . 2008-05-20 12:19 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-05-20 12:19 . 2008-05-20 12:19 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-05-20 11:51 . 2008-05-20 11:51 <DIR> d-------- C:\Documents and Settings\njensen\Application Data\Sunbelt Software
2008-05-20 10:41 . 2008-05-20 11:46 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-05-19 15:23 . 2008-05-19 15:23 <DIR> d-------- C:\VundoFix Backups
2008-05-19 14:55 . 2008-05-19 14:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-19 13:01 . 2008-05-19 13:02 <DIR> d-------- C:\Program Files\Panda Security
2008-05-19 12:10 . 2008-05-19 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-19 12:08 . 2008-05-20 13:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-19 12:08 . 2008-05-19 12:08 <DIR> d-------- C:\Documents and Settings\njensen\Application Data\SUPERAntiSpyware.com
2008-05-19 08:57 . 2008-03-01 07:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-19 08:57 . 2007-04-17 03:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-19 08:57 . 2007-03-07 23:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-19 08:57 . 2008-03-01 07:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-19 08:57 . 2008-03-01 07:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-19 08:57 . 2008-03-01 07:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-19 08:57 . 2008-03-01 07:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-19 08:57 . 2008-03-01 07:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-19 08:57 . 2008-02-22 04:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-05-15 15:41 . 2008-05-19 09:08 <DIR> d-------- C:\Program Files\Maxthon2
2008-05-15 14:22 . 2008-05-15 15:03 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 13:11 . 2008-05-15 13:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-15 13:11 . 2008-05-15 13:11 262,144 --a------ C:\Documents and Settings\MC62A0~1
2008-05-15 13:11 . 2008-05-15 13:11 262,144 --a------ C:\Documents and Settings\MC4723~1
2008-05-15 13:11 . 2008-05-15 13:11 262,144 --a------ C:\Documents and Settings\JMCDON~3
2008-05-15 13:09 . 2008-05-15 13:09 262,144 --a------ C:\Documents and Settings\MCROOK~4
2008-05-15 13:09 . 2008-05-15 13:09 262,144 --a------ C:\Documents and Settings\MCROOK~3
2008-05-15 13:09 . 2008-05-15 13:09 262,144 --a------ C:\Documents and Settings\JMCDON~2
2008-05-15 11:43 . 2008-05-15 11:47 8,192 --a------ C:\Documents and Settings\MCROOK~2
2008-05-15 11:43 . 2008-05-15 11:47 8,192 --a------ C:\Documents and Settings\MCROOK~1
2008-05-15 11:43 . 2008-05-15 11:47 8,192 --a------ C:\Documents and Settings\JMCDON~1
2008-05-15 11:04 . 2008-05-15 11:04 <DIR> d-------- C:\Documents and Settings\njensen\Application Data\Malwarebytes
2008-05-15 11:03 . 2008-05-15 11:03 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-15 11:03 . 2008-05-15 11:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-15 11:03 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-15 11:03 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-14 16:48 . 2008-05-14 16:48 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-14 16:48 . 2008-05-14 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-14 16:38 . 2008-05-15 08:53 2,518 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-14 16:36 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-14 16:36 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-14 16:36 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-14 16:36 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-14 16:36 . 2008-04-23 22:14 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-14 16:36 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-14 16:36 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-14 16:36 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-14 14:57 . 2008-05-14 14:57 249,856 --a------ C:\WINDOWS\system32\gxryxboe.dll
2008-04-30 11:43 . 2008-04-30 11:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-29 10:22 . 2008-04-29 10:22 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-04-29 10:20 . 2008-04-29 10:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-29 10:14 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\003498_.tmp
2008-04-29 09:57 . 2008-04-29 09:57 <DIR> d-------- C:\Documents and Settings\njensen\Application Data\Windows Desktop Search
2008-04-28 09:05 . 2008-04-28 09:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-28 09:05 . 2008-04-28 09:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 19:40 --------- d-----w C:\Documents and Settings\njensen\Application Data\ShoreWare Client
2008-05-20 19:38 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-20 18:17 --------- d-----w C:\Documents and Settings\njensen\Application Data\Apple Computer
2008-05-19 18:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-19 17:51 --------- d-----w C:\Program Files\Maxthon
2008-05-15 21:42 --------- d-----w C:\Documents and Settings\njensen\Application Data\MxBoost
2008-05-14 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-08 18:33 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-08 18:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-02 17:30 --------- d-----w C:\Program Files\CCleaner
2008-04-29 15:54 --------- d-----w C:\Program Files\Windows Desktop Search
2008-04-14 11:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 11:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 11:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 11:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 11:43 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 11:43 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 11:43 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 11:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 11:43 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 11:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 11:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 11:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 11:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 11:40 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-14 07:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 06:58 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-14 06:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 06:51 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-14 06:50 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-14 06:50 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-14 06:50 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-14 06:49 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-14 06:49 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-14 06:49 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-14 06:49 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-14 06:49 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-14 06:48 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-14 06:47 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-14 06:47 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-14 06:47 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-14 06:46 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-14 06:46 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-14 06:45 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-14 06:45 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-14 06:45 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-14 06:45 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-14 06:44 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-14 06:44 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-14 06:30 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-14 06:30 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-14 06:30 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-14 06:27 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-14 06:27 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-14 06:27 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-14 06:27 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-14 06:27 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-14 06:27 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-14 06:27 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-14 06:26 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-14 06:26 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-14 06:26 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-14 06:26 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-14 06:26 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-14 06:26 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-14 06:26 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-14 06:26 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-14 06:26 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-14 06:26 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-14 06:25 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-14 06:24 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-14 06:23 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-14 06:23 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-14 06:23 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-14 06:23 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-14 06:21 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-14 06:21 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-14 06:21 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-14 06:21 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-14 06:21 101,120 ----a-w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-14 06:16 59,136 ----a-w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-14 06:16 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-14 06:16 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-14 06:16 273,024 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 06:16 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-14 06:16 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-14 06:16 18,944 ----a-w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-14 06:16 17,024 ----a-w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-14 06:16 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-14 06:14 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-14 06:14 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-14 06:14 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-14 06:14 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-14 06:13 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-14 06:13 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-14 06:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-14 06:13 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-14 06:11 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
2008-04-14 06:11 42,112 ----a-w C:\WINDOWS\system32\drivers\imapi.sys
2008-04-14 06:09 92,544 ----a-w C:\WINDOWS\system32\drivers\mqac.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ShoreTel Personal Call Manager"="C:\Program Files\Shoreline Communications\ShoreWare Client\StartCli.exe" [2007-09-14 15:39 41000]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-08-30 09:13 160568]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-20 13:39 1510640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 110592 C:\WINDOWS\system32\bthprops.cpl]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-01 16:46 7561216]
"nwiz"="nwiz.exe" [2006-05-01 15:46 1519616 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-05-01 15:46 73728 C:\WINDOWS\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 18:30 282624 C:\WINDOWS\stsystra.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-10-05 23:11 866584]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-02-20 12:29 1191936]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2007-02-18 17:58 143360]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-02-20 22:56:11 1528880]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-20 13:38 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gxryxboe]
gxryxboe.dll 2008-05-14 14:57 249856 C:\WINDOWS\system32\gxryxboe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=AMINIT.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.voxacm150"= vct32150.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=AgentUnInstall.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-2262\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-2558\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-3979\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-4485\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1887399213-3708965502-2405855065-5526\Scripts\Logon\0\0]
"Script"=office-vpn-route.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\246e082e]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--a------ 2005-12-09 21:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
--a------ 2004-03-24 10:13 177152 C:\Program Files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 CCDevice;CCDevice;C:\WINDOWS\system32\drivers\CCDevice.sys [2007-03-07 15:22]
S2 246e082e;Microsoft DDE+ server;C:\WINDOWS\system32\.246e082e\246e082e.exe []

*Newly Created Service* - CATCHME
*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 18:56:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-20 19:40:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 14:02:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\CSGina.dll
-> C:\WINDOWS\system32\gxryxboe.dll
.
Completion time: 2008-05-20 14:03:40
ComboFix-quarantined-files.txt 2008-05-20 20:03:20

Pre-Run: 63,942,602,752 bytes free
Post-Run: 64,008,585,216 bytes free

275 --- E O F --- 2008-05-19 15:09:05
  • 0

Advertisements


#2
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hello ncjensen and Welcome to Geeks to Go!

Sorry for the long wait, busy week.

After checking your log, I found signs of malware on your system. Please stick with me until we get you cleaned up. :)
Please read this post completely before proceeding with the fix. If you have questions, don't hesitate to ask.

Let's start.

First,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next,

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Finally,

Post back with the following logs.

- MBAM log
- SuperAntispyware log
- New HijackThis log

Edited by koko_crunch, 25 May 2008 - 11:13 AM.

  • 0

#3
ncjensen

ncjensen

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I already had a reply on another forum that solved the problem for me, but thanks. If anyone has a similar problem, my solution can be found here: http://forums.majorg...ad.php?t=160072
  • 0

#4
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP