Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VUNDO wont leave with Avast..HELP [CLOSED]


  • This topic is locked This topic is locked

#1
kemicalkidd

kemicalkidd

    Member

  • Member
  • PipPip
  • 11 posts
most recent hijack scan


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:48 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\WallMaster\wallmast.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\gebbCUKA.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1209156139453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1209199948500
O20 - Winlogon Notify: gebbCUKA - gebbCUKA.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8258 bytes
  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.



Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
kemicalkidd

kemicalkidd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 4:35:35 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 809537
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 139778
Number of viruses found: 6
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 01:25:06

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\FEDERAL\Application Data\Webroot\Spy Sweeper\Logs\080528145146.ses Object is locked skipped
C:\Documents and Settings\FEDERAL\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\FEDERAL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\FEDERAL\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\FEDERAL\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FEDERAL\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\FEDERAL\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\software\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe/data0017 Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\software\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Nero PhotoShow Express/nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\software\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\software\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso ISOimage: infected - 3 skipped
C:\Documents and Settings\FEDERAL\My Documents\Rars\System Mechanic Professional.7.keygen.zip/SM.7.1.8/SM7_activator.exe/lsass.exe Infected: Backdoor.Win32.MoSucker.ee skipped
C:\Documents and Settings\FEDERAL\My Documents\Rars\System Mechanic Professional.7.keygen.zip/SM.7.1.8/SM7_activator.exe Infected: Backdoor.Win32.MoSucker.ee skipped
C:\Documents and Settings\FEDERAL\My Documents\Rars\System Mechanic Professional.7.keygen.zip ZIP: infected - 2 skipped
C:\Documents and Settings\FEDERAL\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\FEDERAL\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS01866C4B-6FE0-41DD-81D6-CF9ED5E9CB2D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0267D2D4-49C0-4FBA-A801-BB1836C57D5B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS02DED4DE-63B2-4930-A28C-528040224937.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0748621D-F8F2-4B72-B61C-85C61D4C1B7D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS07FB3654-D89F-49B6-9261-937327549F46.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0852F277-3660-44BE-9C87-E20DEE0F6583.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0897328F-8839-4FDF-8F5D-AD06D23DB196.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0C2F348B-9F4D-4B28-B27D-0FD8C5B589CF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS10E87ED3-D99A-4761-AE3F-DEC130EC9C38.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS11825BEA-4DC7-417B-A627-8EE6EFD0DA16.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS11DCF53B-5106-455D-850F-0277D8F17D87.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12143206-5513-45ED-B0F6-47651CD9A380.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A0151DB-654F-40C6-A3E8-CC0B3ED78048.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1B5E4610-11F2-41CC-AC38-FE37C9C16C8F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS262DF378-C9A6-4B51-BC62-3A230E9BEC68.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS29CDF6A8-C29A-4F1C-84C3-F9D941EA0793.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D5C1C58-D8ED-4D36-8F70-05A8909CDE26.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2D7FA2F9-76EB-42E7-9251-171095F67275.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2FFF0C9A-B97E-4E60-87A0-DE3A15A959F8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS34F2139A-FF32-41A8-9788-2CB4F69A9154.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3609496B-4B6B-4896-A101-0CCD2F952A1D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS36E5D1E6-CDCF-4AAE-B495-AA26390A4537.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS428FB964-4896-49E6-9E75-69F25A136783.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS430DABD1-04AD-40F1-9157-9871011C9FA2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS43A70434-BDFE-421D-8951-DD7BE67A385F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS45A42172-3642-43DF-A6BA-C3523C44923D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4902488A-281F-4E07-80BA-190D021012D8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4EF35B54-7E6A-4731-8414-1357B6146DA5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5008F04F-C566-4C61-8721-55E4812FD735.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS529D5AC7-CBC3-4B21-9EE4-409BE7E10B07.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54EA31A3-CB8B-4B70-A1D9-F8EF0372DF8D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55EBFA92-A1D3-4147-BAEC-8FEB065A3B40.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS56C863DE-61F0-4902-931E-D34609F7FEC4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5C5A7A56-E60C-4E15-817C-375AD705B697.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS62CB4B9F-8376-4CDA-B0C5-B426A0C5A818.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS648C6415-9711-4B01-8B96-78409D5F1EB5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS66D19BB0-7203-4AF4-A733-8DBBE3FCA61F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67D3A07B-DA95-476B-A96C-D9990BB0CED7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DE756DE-63AF-4A31-9E89-6F3E0E094168.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73D18A59-A141-4389-90C8-F5149A0FC073.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS73FA1452-7759-4481-BF7B-8ECED8FE3223.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS751D986B-3CC6-4DDF-8E47-038A5CDD82DC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7D32E206-462A-45D2-A1BA-94C00344371C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7E5D2268-C174-4782-87FA-F84E13EA89B4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8026A15D-959E-4A0B-B4C9-E8E9DAE39C4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A22EC05-31B4-4A05-A211-D845DE126176.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8C107B0A-AD08-4D4B-9BB5-F1EE0688E5A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8E94ED50-F10B-480B-B135-6A1D4DA59038.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS916737DA-C2F9-4F3D-80F9-93FDAA93A498.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS91EF34F4-5622-47A5-A284-2D46A6B2A185.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9264AFD6-2793-4EA0-A199-1C91CD3DE9BC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS997205EB-A01D-4386-B1A4-0F3B91B33DA1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9DA8B869-CA66-445D-822E-A93342CBF605.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9FD737CD-18B1-4B8F-90D7-2D6B0B554395.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA14E7B5F-99FD-4E5F-9414-0CCF96FE6AE6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA6603A35-9CEE-4318-B6C1-DF060D6C90D9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA69F8BBC-8B9B-400D-8850-9FF07187F677.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAAD13BF7-68EE-4E21-B758-1828AFA67A3D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAEB4F8FD-2188-4401-BDD1-520AC22A3DFE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB82F4D48-8C8D-4263-BCB1-4D26B6D5A37C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB92F73C1-135F-453B-81A1-C52EFD8CD495.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBAB1D41D-A86C-422E-99C3-13B71DD0EC33.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBB1D86B2-5614-43A9-8562-8A34CDBD263E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBC3460EC-DB88-4FFF-9999-9D8B2EFEF90F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBE2A31CF-CBCC-4C57-973C-907ABC8435B6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBEF34F24-89B5-462C-BBD9-2003015CF408.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBFFD3E09-7A46-4873-81FE-9E6DB1B45A66.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC21132B0-86C3-44D7-97B7-AABDD5305152.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC3DDC0E3-8C68-487A-84B7-0AAEF5AE47A2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC79495F2-D538-4D73-A0C7-2A6DC41CE15E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCDCEA4E4-8A05-4761-881A-F055B1E7046C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD076541E-9BF1-4ACE-8C6A-DFE0FE4C9389.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD37CBBE7-E72A-4CA2-B8A4-B18C1A93F8BF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3EB7B28-97D3-4131-B35C-9C5FFA2CFD2B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD808A4FE-28E2-40C8-8CA8-41B99D85E53E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD9024E3C-0BA2-4036-B53C-9299F0B3C339.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD956B5D8-E1A9-4ABF-9C20-3BA0E372751D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDF15B920-F216-4691-B15C-B6A4A4669846.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE2E0CC09-5C83-4B9D-BA78-4E9DF1C3DB2F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE7A14E29-05CE-4205-B460-DB9E24492E52.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEAB4DFB3-8FC6-4589-9F0E-5354FDEF168E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEC6BD3A6-176D-4070-9B0B-BD4ECA41EC34.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSECF2CF66-5AE6-4DF6-BD0A-0E85D5D902F1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF3220CAE-A4D5-4548-8A6C-22CEC081F0ED.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF4F60207-3211-4474-A265-4E4A4D82A1EA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF6139FB4-3F39-46C3-BF61-D9F08813B559.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF938D60D-A367-4E23-9711-97F3962B62B6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFAF29850-0AA8-4814-980F-70F3AD74E300.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE81377C-F28E-408E-9E8F-D8E632F9E72E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\Program Files\PeerGuardian2\history.db Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP138\A0020115.exe/data0000.cab/WinDll32.exe Infected: Backdoor.Win32.Small.dlv skipped
C:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP138\A0020115.exe/data0000.cab Infected: Backdoor.Win32.Small.dlv skipped
C:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP138\A0020115.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP165\A0034993.exe Infected: not-a-virus:AdWare.Win32.Shopper.r skipped
C:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP173\A0036574.exe Infected: Trojan.Win32.Agent.qoh skipped
C:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP174\A0036622.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.tss skipped
C:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP174\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0E5BEF9C-1442-4295-971F-E0466EF4CD5C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{423842DC-4966-4FD8-B284-A7AAE7DA7129}\RP174\change.log Object is locked skipped

Scan process completed.



--------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by FEDERAL on 2008-05-28 16:39:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
175: 2008-05-28 23:36:31 UTC - RP175 - Deckard's System Scanner Restore Point
174: 2008-05-28 17:12:52 UTC - RP174 - Software Distribution Service 3.0
173: 2008-05-27 15:13:07 UTC - RP173 - Installed Age of Empires III - The Asian Dynasties
172: 2008-05-27 15:09:27 UTC - RP172 - Eliminado Age of Empires III - The Asian Dynasties
171: 2008-05-27 13:24:38 UTC - RP171 - Instalado Age of Empires III - The Asian Dynasties


-- First Restore Point --
1: 2008-04-25 18:12:18 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 16.58 GiB (less than 15%) free.


-- HijackThis (run as FEDERAL.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:07 PM, on 5/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\WallMaster\wallmast.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\FEDERAL\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\FEDERAL.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\gebbCUKA.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] "C:\Program Files\PeerGuardian2\pg2.exe"
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WallMaster.lnk = C:\Program Files\WallMaster\wallmast.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft....k/?LinkId=82580
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1209156139453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1209199948500
O20 - Winlogon Notify: gebbCUKA - gebbCUKA.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8386 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RTL8187_Wireless
Device ID: USB\VID_0BDA&PID_8187\0015AF19E03E
Manufacturer:
Name: RTL8187_Wireless
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF19E03E
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\14F570311D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\14F570311D800
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_820D1043&REV_10\4&19ABE7DE&0&20F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_820D1043&REV_10\4&19ABE7DE&0&20F0
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2008-05-22 18:27:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-28 and 2008-05-28 -----------------------------

2008-05-28 14:56:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-28 14:56:51 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-28 14:56:49 0 d-------- C:\WINDOWS\LastGood
2008-05-28 12:09:22 0 d-------- C:\Program Files\Trend Micro
2008-05-27 22:50:39 0 d-------- C:\VundoFix Backups
2008-05-27 11:11:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-05-27 11:11:05 0 d-------- C:\Program Files\Webroot
2008-05-27 11:11:05 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Webroot
2008-05-27 11:11:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-27 08:21:57 164 --a------ C:\install.dat
2008-05-27 06:41:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2008-05-27 06:12:35 0 d-------- C:\Program Files\Microsoft Games
2008-05-26 11:38:37 0 d-------- C:\Documents and Settings\FEDERAL\scenes
2008-05-22 19:59:18 0 d-------- C:\Program Files\Lemonade Tycoon 2
2008-05-22 19:59:09 0 d-------- C:\Program Files\ReflexiveArcade
2008-05-22 19:46:03 0 d-------- C:\Program Files\TryMedia
2008-05-21 10:24:42 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-05-21 10:24:42 0 d-------- C:\Program Files\MagicDisc
2008-05-21 10:07:09 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-05-20 09:51:10 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-20 09:51:05 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\DAEMON Tools
2008-05-19 20:46:21 0 d-------- C:\Documents and Settings\LocalService\Application Data\WTablet
2008-05-18 22:13:15 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\acccore
2008-05-18 22:12:57 0 d-------- C:\Program Files\Viewpoint
2008-05-18 22:12:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-18 22:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-05-18 22:12:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-18 22:12:34 0 d-------- C:\Program Files\Common Files\AOL
2008-05-18 22:12:21 0 d-------- C:\Program Files\AIM6
2008-05-18 21:57:45 0 d-------- C:\Program Files\MSXML 4.0
2008-05-11 22:38:49 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Nero
2008-05-11 22:35:58 0 d-------- C:\Program Files\Nero
2008-05-11 22:35:58 0 d-------- C:\Program Files\Common Files\Nero
2008-05-11 22:35:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-11 22:34:26 0 d-------- C:\Program Files\[bleep] NFO Viewer
2008-05-05 11:15:07 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\WTablet
2008-05-05 11:14:40 0 d-------- C:\WINDOWS\system32\WTablet
2008-05-05 11:14:34 0 d-------- C:\Program Files\Tablet
2008-05-05 10:09:34 0 d-------- C:\WINDOWS\SHELLNEW
2008-05-05 10:09:32 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-05 09:37:17 0 d-------- C:\Program Files\PeerGuardian2
2008-04-30 17:27:27 0 d-------- C:\Program Files\Common Files\Idu
2008-04-30 17:27:03 0 d-------- C:\Program Files\WarZone
2008-04-30 17:26:27 0 d-------- C:\Program Files\Microprose
2008-04-30 11:04:16 0 d-------- C:\Program Files\iPod
2008-04-30 11:04:11 0 d-------- C:\Program Files\iTunes
2008-04-30 11:03:45 0 d-------- C:\Program Files\Common Files\Apple
2008-04-30 11:02:20 0 d-------- C:\Program Files\Apple Software Update
2008-04-30 11:02:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-29 21:07:00 0 d-------- C:\WINDOWS\pss
2008-04-29 17:12:31 0 d--hs---- C:\found.000
2008-04-28 16:45:19 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Songbird1
2008-04-28 16:44:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-04-28 11:38:05 0 d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-04-28 11:37:44 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Logitech
2008-04-28 11:36:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-04-28 11:36:39 0 d-------- C:\Program Files\Common Files\Logishrd
2008-04-28 11:36:37 0 d-------- C:\Program Files\Logitech
2008-04-28 09:22:25 0 d-------- C:\Program Files\Lavasoft
2008-04-28 09:22:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 09:22:07 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 09:20:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy


-- Find3M Report ---------------------------------------------------------------

2008-05-28 11:36:38 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Azureus
2008-05-27 22:54:33 0 d-------- C:\Program Files\Poweriso
2008-05-27 06:30:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-24 14:55:48 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Adobe
2008-05-19 15:45:39 0 d-------- C:\Program Files\WallMaster
2008-05-18 22:12:34 0 d-------- C:\Program Files\Common Files
2008-05-08 11:51:19 0 d-------- C:\Program Files\Winamp
2008-04-30 12:15:27 0 d-------- C:\Program Files\Azureus
2008-04-30 11:04:31 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Apple Computer
2008-04-28 16:45:21 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Mozilla
2008-04-28 09:18:04 0 d-------- C:\Program Files\MagicISO
2008-04-27 13:33:19 0 d-------- C:\Program Files\Next Limit
2008-04-27 13:26:28 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-04-27 13:26:28 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-04-27 13:26:25 0 d-------- C:\Program Files\Aladdin
2008-04-27 13:24:28 0 d-------- C:\Program Files\2d3
2008-04-27 12:56:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-27 12:56:21 0 d-------- C:\Program Files\Bonjour
2008-04-27 12:49:29 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-27 10:38:00 0 d-------- C:\Program Files\Messenger
2008-04-26 20:30:02 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\vlc
2008-04-26 19:53:33 0 d-------- C:\Program Files\VideoLAN
2008-04-26 18:49:38 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\WinRAR
2008-04-26 18:09:48 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-04-26 15:14:45 0 d-------- C:\Program Files\QuickTime
2008-04-26 15:10:01 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Help
2008-04-26 15:07:28 0 d-------- C:\Program Files\Alwil Software
2008-04-26 14:42:23 0 d-------- C:\Program Files\Movie Maker
2008-04-26 14:41:22 0 d-------- C:\Program Files\Windows NT
2008-04-26 13:58:55 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Winamp
2008-04-26 01:14:05 1160 --a------ C:\WINDOWS\mozver.dat
2008-04-25 14:07:49 0 d-------- C:\Program Files\AveIconifier2
2008-04-25 14:06:24 0 d-------- C:\Program Files\Cogito Research
2008-04-25 13:55:41 0 d-------- C:\Program Files\Devious Codeworks
2008-04-25 13:31:33 0 d-------- C:\Program Files\Activision
2008-04-25 13:27:11 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Macromedia
2008-04-25 13:13:38 0 d-------- C:\Program Files\support.com
2008-04-25 13:13:08 0 d-------- C:\Program Files\Common Files\SupportSoft
2008-04-25 13:07:27 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-25 12:47:06 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-25 12:45:35 0 d-------- C:\Program Files\Analog Devices
2008-04-25 12:43:49 0 d-------- C:\Program Files\ASUS
2008-04-25 12:41:52 0 d-------- C:\Program Files\Realtek
2008-04-25 12:41:48 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\InstallShield
2008-04-25 12:41:35 0 d-------- C:\Program Files\Marvell
2008-04-25 12:39:29 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-25 12:07:15 0 d-------- C:\Program Files\Intel
2008-04-25 12:05:20 0 d-------- C:\Program Files\ATI Technologies
2008-04-25 11:12:13 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Identities
2008-04-25 11:09:19 0 d-------- C:\Program Files\microsoft frontpage
2008-04-25 11:09:12 0 -rahs---- C:\MSDOS.SYS
2008-04-25 11:09:12 0 -rahs---- C:\IO.SYS
2008-04-25 11:09:12 0 --a------ C:\CONFIG.SYS
2008-04-25 11:09:12 0 --a------ C:\AUTOEXEC.BAT
2008-04-25 11:07:22 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-25 11:06:56 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-25 11:06:45 0 d-------- C:\Program Files\Online Services
2008-04-25 11:06:36 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-24 13:16:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-21 12:58:31 0 d-------- C:\Documents and Settings\FEDERAL\Application Data\Sun
2008-04-18 17:22:19 0 d-------- C:\Program Files\Java
2008-04-18 17:21:46 0 d-------- C:\Program Files\Common Files\Java
2008-04-18 07:44:27 0 d-------- C:\Program Files\MAXON
2008-04-18 07:21:40 0 d-------- C:\Program Files\KellySoftware


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54018E98-10E3-46C6-9673-2999253F9C65}]
C:\WINDOWS\system32\gebbCUKA.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 04:19 PM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 09:34 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 07:12 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"CPU Power Monitor"="C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [10/16/2007 11:35 AM]
"Cpu Level Up help"="C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" [11/30/2007 08:03 PM]
"Ai Nap"="C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" [12/10/2007 09:49 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25 AM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/19/2007 10:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 06:40 PM]
"Aim6"="" []

C:\Documents and Settings\FEDERAL\Start Menu\Programs\Startup\
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [5/21/2008 10:24:42 AM]
WallMaster.lnk - C:\Program Files\WallMaster\wallmast.exe [5/19/2008 3:45:36 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/28/2008 11:36:54 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54018E98-10E3-46C6-9673-2999253F9C65}"= C:\WINDOWS\system32\gebbCUKA.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebbCUKA]
gebbCUKA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 01/09/2008 12:30 PM 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\autorun.exe
setup\command- H:\instalar.exe

*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8385 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-28 16:41:01 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 1: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 2: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
CPU 3: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
Percentage of Memory in Use: 20%
Physical Memory (total/avail): 3327.04 MiB / 2636.88 MiB
Pagefile Memory (total/avail): 6491.66 MiB / 5951.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.5 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 153.38 GiB total, 16.58 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 232.88 GiB total, 208.23 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - WDC WD1600YS-01SHB1 - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 153.38 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD2500KS-00MJB0 - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 232.88 GiB - E:

\\.\PHYSICALDRIVE2 - Apple iPod USB Device - 972.69 MiB - 1 partition
\PARTITION0 - Unknown - 894.24 MiB - I:



-- Security Center ---
  • 0

#4
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
You got infected because you downloaded cracks. What a surprise there eh


1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {54018E98-10E3-46C6-9673-2999253F9C65} - C:\WINDOWS\system32\gebbCUKA.dll (file missing)
O20 - Winlogon Notify: gebbCUKA - gebbCUKA.dll (file missing)


2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\software\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail
    C:\Documents and Settings\FEDERAL\My Documents\Rars\System Mechanic Professional.7.keygen.zip
    C:\found.000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{54018E98-10E3-46C6-9673-2999253F9C65}
    HKEY_CLASSES_ROOT\CLSID\{54018E98-10E3-46C6-9673-2999253F9C65}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H
    H:\autorun.exe
    H:\instalar.exe
    
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears
  • 0

#5
kemicalkidd

kemicalkidd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
now i know theres nothing good from them



Explorer killed successfully
C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\software\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail moved successfully.
C:\Documents and Settings\FEDERAL\My Documents\Rars\System Mechanic Professional.7.keygen.zip moved successfully.
C:\found.000 moved successfully.
< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{54018E98-10E3-46C6-9673-2999253F9C65} >
File/Folder [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{54018E98-10E3-46C6-9673-2999253F9C65} not found.
< HKEY_CLASSES_ROOT\CLSID\{54018E98-10E3-46C6-9673-2999253F9C65} >
Registry key HKEY_CLASSES_ROOT\CLSID\{54018E98-10E3-46C6-9673-2999253F9C65}\\ not found.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H\\ deleted successfully.
File/Folder H:\autorun.exe not found.
File/Folder H:\instalar.exe not found.
File/Folder not found.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05282008_171742












Volume in drive C has no label.
Volume Serial Number is 64CE-31D3

Directory of C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads

05/28/2008 10:15 AM <DIR> .
05/28/2008 10:15 AM <DIR> ..
05/25/2008 12:15 AM 103,343,165 1973 - Dark Side Of The Moon.rar
05/19/2008 10:02 PM <DIR> 5000 Professional Fonts
05/26/2008 04:41 PM <DIR> Age Of Empires 3 Incl Expansion and keys
05/27/2008 08:08 AM <DIR> Age Of Empires III The Asian Dynasties [PC-CD] [English] [www.topetorrent.com]
05/27/2008 06:23 AM <DIR> Age Of Empires III The Asian Dynasties [Spanish][PC][WwW.GamesTorrents.CoM]
05/21/2008 10:16 AM <DIR> anime
05/20/2008 12:13 AM <DIR> Convert_DAA_or_UIF_to ISO
05/21/2008 10:22 AM <DIR> fonts
05/28/2008 10:15 AM <DIR> Forgetting Sarah Marshall 2008 Filtered CAM XviD-KingBen (Kingdom-Release)
05/11/2008 11:11 PM 734,074,880 Ghostbusters[1984]DvDrip[Eng]-Stealthmaster.avi
05/19/2008 01:16 PM <DIR> Kim Kardashian Playboy Pics - leaked from the December issue
05/26/2008 01:14 PM 453,146,624 MAXON Cinema 4D v10.506 Studio Bundle MultiLang + Xfrog 4.3.iso
05/24/2008 02:37 PM <DIR> pc.tools.registry.mechanic.7.0.0.1010.+keygen-reseed
05/21/2008 10:16 AM <DIR> software
05/10/2008 05:39 PM 916,899,808 Speed Racer 2008 (High Quality) CAM XViD [ENG].avi
05/20/2008 12:38 PM 730,783,744 Street Kings.avi
05/19/2008 09:44 PM <DIR> The_Best_And_Most_Expensive_Fonts
05/21/2008 01:55 PM <DIR> Vexille.2007.DVDRip.XviD-VxTXviD
05/27/2008 09:49 AM <DIR> Webroot's - SpySweeper 5.5.7.48 + WindowsWasher 6.5
04/23/2008 03:01 PM <DIR> [Divx Mute-Sub ITA] Metropolis (1927)
5 File(s) 2,938,248,221 bytes
17 Dir(s) 17,777,528,832 bytes free
  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\pc.tools.registry.mechanic.7.0.0.1010.+keygen-reseed
    C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\Webroot's - SpySweeper 5.5.7.48 + WindowsWasher 6.5
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




Open Notepad and Copy (Control+C) and Paste (Control+V) the following code into the Notepad window.


@echo off
dir "C:\Documents and Settings\FEDERAL\My Documents\Rars">C:\peek.txt
start C:\peek.txt
del peek.bat


Click on 'File' then 'Save As'
In the Save in drop down box select Desktop
In the File name box type in peek.bat
In the Save as type drop down box select All Files
Close Notepad.

Now, find peek.bat on your Desktop and Double click it
A window will open and close, do not be concerned this is normal.


Post the resulting notepad file that appears


Also post a new DSS log
  • 0

#7
kemicalkidd

kemicalkidd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Explorer killed successfully
C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\pc.tools.registry.mechanic.7.0.0.1010.+keygen-reseed moved successfully.
C:\Documents and Settings\FEDERAL\My Documents\Azureus Downloads\Webroot's - SpySweeper 5.5.7.48 + WindowsWasher 6.5 moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 05292008_090332




Volume in drive C has no label.
Volume Serial Number is 64CE-31D3

Directory of C:\Documents and Settings\FEDERAL\My Documents\Rars

05/02/2008 09:38 AM <DIR> .
05/02/2008 09:38 AM <DIR> ..
04/25/2008 09:34 PM 17,835 33706.rar
09/25/2007 06:43 PM 26,838,295 952lib.zip
01/08/2008 01:30 PM 504,832,215 Adobe After Effects Pro CS3 [FULL cracked] ng.rar
08/28/2007 03:07 PM 170,527,479 Adobe.Photoshop.and.ImageReady.CS3.v9.0.German for www.torrents-and-more.to.rar
01/05/2008 01:09 PM 384,789 ao_ibl_global.zip
09/19/2007 12:08 PM 18,673,992 art130myspace.zip
03/21/2008 07:12 PM 27,142 artisan_12.zip
12/13/2007 07:55 PM 1,100,957 b-cd4u13.7z
04/30/2008 02:10 PM 31,327,447 Bak12.zip
03/21/2008 07:12 PM 8,189 bellerose.zip
10/23/2007 02:50 PM 3,317 blobby.zip
09/25/2007 06:29 PM 2,738,300 bodyshader.zip
09/23/2007 02:16 PM 22,589 Boodas.de My_package.zip
01/05/2008 04:42 PM 227,400 book-result2.c4d.zip
04/21/2008 01:22 PM 775,577 Boxes_2_by_SLjodal.zip
04/21/2008 01:22 PM 1,743,335 Boxes_by_adam3k.rar
04/27/2008 01:29 PM <DIR> brushes
03/21/2008 07:17 PM 26,329 caesar.zip
08/23/2007 03:08 PM 60,542,287 cammap.zip
09/14/2007 11:25 AM 2,356,302 CD_Morph1.0.zip
09/16/2007 08:42 PM 24,210,412 CGChosen_No05_Environments_August2007_.zip
12/11/2007 07:40 PM 1,619,933 COD4 ONLINE crack&patch 1.2.rar
12/11/2007 01:04 PM 13,252,828 CoD4MW-1.3-PatchSetup.jakubjakub.rar
03/21/2008 07:13 PM 13,745 copasetic.zip
12/06/2007 11:02 PM 5,916,517 coudal_lt_071130.zip
09/25/2007 09:22 PM 6,436 Dec06nwNW1z6q_uv-lamp.zip
09/25/2007 08:47 PM 207,043 Decal_Mapping_pdf.zip
01/22/2008 01:10 PM 2,774,351 Designbum_archetype.ai.zip
01/22/2008 01:09 PM 6,797,897 Designbum_archetypeFull_zip.zip
01/22/2008 01:13 PM 78,069,353 Designbum_blurOverlays.zip
01/22/2008 01:10 PM 1,335,487 Designbum_makegeddon.ai.zip
12/12/2007 05:38 PM 95,356,518 diabolic-thefoulplaymixtape_1.zip
09/18/2007 07:43 PM 747,201 digiology_P7210084.JPG.zip
09/30/2007 02:06 PM 18,297 dmn_ae_masanyi.aep.zip
02/20/2008 07:41 PM 27,158 dmn_emer_24.aep.zip
02/20/2008 07:41 PM 20,488 dmn_greisman_14.aep.zip
11/15/2007 02:23 PM 15,459,433 eBook - Maxon Cinema 4D BodyPaint 3D Manual & Turorial + exampl (pdf).zip
01/14/2008 07:36 PM 168,123,131 Ed Banger Records - Ed Rec Volumes 1 + 2.zip
01/05/2008 01:36 PM 75,915 emitter_hidden40w_incandescent_4119.zip
03/21/2008 07:18 PM 69,436 farcry.zip
01/08/2008 03:10 PM 39,834,180 fiend058.rar
11/19/2007 12:55 PM 8,292,524 five-nine06.zip
01/07/2008 02:01 PM 9,332 flt.dll.zip
09/25/2007 06:32 PM 6,877,965 fursamples.zip
02/13/2008 03:21 PM 68,078 geo_sans_light.zip
02/14/2008 08:00 PM 39,601,541 gino_jetaime.zip
01/05/2008 06:53 PM 620,930 interior.zip
05/01/2008 11:39 AM 382,275 Jan074cNtxmRF_lochblech.zip
01/16/2008 06:25 PM 21,760,828 january_2008.zip
09/25/2007 07:23 PM 13,915,066 keys chain tutorials_en.rar
12/10/2007 11:56 AM 89,300,140 Korn - Follow The Leader.rar
12/10/2007 12:27 PM 51,168,878 Korn - Issues.rar
09/14/2007 12:51 PM 1,121,251 lighting01.zip
09/23/2007 01:33 PM 7,245 loading_bar_preloader.zip
03/21/2008 07:14 PM 43,801 makimango.zip
04/16/2008 10:27 AM 3,255,937 ManualCD_Part2.zip
04/16/2008 10:27 AM 2,726,427 ManualCD_Part3.zip
04/16/2008 10:27 AM 6,653,550 ManualCD_Part4.zip
01/08/2008 05:02 PM 18,358 monkeyClouds_02.zip
03/21/2008 07:14 PM 6,457 mouse_deco.zip
04/21/2008 01:19 PM 387,856 Music_Box_Icons_by_basstar.zip
01/05/2008 05:12 PM 12,080,646 mxwl16-32.part4.rar
12/13/2007 07:56 PM 115,620 NiMP.rar
04/28/2008 02:53 PM 20,259 Oct06JzZ0faEp_gold.zip
05/01/2008 11:39 AM 7,776 Oct06u2og1uPs_brushedMetal.zip
10/15/2007 01:58 PM 224,188 osmosis_metalkit.zip
01/05/2008 01:34 PM 85,576 P8F_Glass_with_subtle_iridiscence_8049.zip
02/20/2008 07:41 PM 25,806 particles.aep.zip
10/01/2007 10:23 AM 10,060 pathtext.zip
04/16/2008 11:11 AM 17,884 pink_lines.zip
10/31/2007 02:22 PM 47,306 pt_AEtoC4D_v1.2.zip
05/01/2008 02:25 PM 2,659 RAINBOW_FONT.rar
04/26/2008 06:29 PM 554,899 ResHack.zip
01/21/2008 10:52 AM 5,072,529 revolutionart_issue1.zip
03/21/2008 07:14 PM 16,795 riotsquad.zip
03/21/2008 07:12 PM 69,054 sliced_juice.zip
01/05/2008 01:41 PM 1,391,669 stone_4484.zip
11/16/2007 02:27 PM 19,840,651 T33HandPt1.zip
01/17/2008 11:36 AM 14,155,776 ted_levitt_s_2004.zip
02/07/2008 10:45 PM 54,533,617 ted_sagmeister_s_2004.zip
01/17/2008 11:36 AM 23,287,524 ted_smith_an_2005.zip
04/16/2008 11:32 AM 1,455,549 TheGrasslands.rar
09/25/2007 06:27 PM 473,103 thinking_particles_presets_v2.zip
03/21/2008 07:09 PM 166,787 tiza.zip
09/25/2007 06:43 PM 24,898,212 TPPresets2Manuals.zip
11/13/2007 02:49 PM 3,692,013 tppresets30lib4d.zip
09/14/2007 12:51 PM 19,678 TP_deformer02_bulge.zip
02/20/2008 07:49 PM 5,217,968 TRAPCODE FORM V1.0.zip
01/05/2008 06:54 PM 11,728,278 treemain.zip
11/30/2007 06:06 PM 6,881 undftd.zip
11/29/2007 01:56 PM 1,585,071 un_peacekeepers.zip
04/16/2008 10:27 AM 17,985,513 UVexportTut.zip
01/20/2008 09:33 PM 153,783 vidlak.zip
03/21/2008 07:18 PM 262,242 viper_nora.zip
09/30/2007 05:34 PM 7,365,700 vty-0104.rar
02/13/2008 07:55 PM 5,994,704 vty-0121.7z
04/29/2008 04:36 PM 11,955,826 vvvv_40beta16.zip
04/30/2008 12:10 PM 455,744 WallMaster_Pro_v4.0a.zip
04/05/2007 10:33 PM 511,690 WinBootstrapper1.cab
01/14/2008 03:34 PM 22,128,175 WWCTN_PC.zip
09/18/2007 12:55 PM 533,709 ywft_halloween_freebie.zip
100 File(s) 1,770,478,894 bytes
3 Dir(s) 17,796,464,640 bytes free
  • 0

#8
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Documents and Settings\FEDERAL\My Documents\Rars\Adobe After Effects Pro CS3 [FULL cracked] ng.rar
    C:\Documents and Settings\FEDERAL\My Documents\Rars\Adobe.Photoshop.and.ImageReady.CS3.v9.0.German for www.torrents-and-more.to.rar
    C:\Documents and Settings\FEDERAL\My Documents\Rars\COD4 ONLINE crack&patch 1.2.rar
    C:\Documents and Settings\FEDERAL\My Documents\Rars\CoD4MW-1.3-PatchSetup.jakubjakub.rar
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how your PC is running
  • 0

#9
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP