Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus alert in next to the clock [CLOSED]


  • This topic is locked This topic is locked

#1
DionMcbud

DionMcbud

    New Member

  • Member
  • Pip
  • 7 posts
Hello, please help me as i have a virus that is ripping my desktop PC apart. I tried to download a codec to view a video and now i have a virus. It is slowing my machine down.

I read on Miekiemoes blog that if i registered at this forum someone may be able to help me, please, any help to get rid of this virus would be amazing.

Judging by the other posts i have read about this virus i need to post my log first, could someone please tell me where i find these log details to begin with?.
  • 0

Advertisements


#2
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello DionMcbud, and welcome to Geeks to Go. :)

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
DionMcbud

DionMcbud

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you very much for your reply mate, however, i think i have now solved the problem, i donwloaded combofix and it seemed to wipe the virus from my system, with any luck it will stay that way.

The only problem i have now is one trace of the virus that occurs when i open my browser and it will not direct to my homepage automatically, i instead get a message saying it is not safe to continue, but then i click home again and it will go to google.

any ideas on what to do to get rid of this?.

Thank you for all your help so far.

kristian. x
  • 0

#4
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello DionMcbud,
ComboFix is an extremely powerful tool and should only be used when a helper tells you to.

Please post the ComboFix log, and please download HijackThis and run that from my last post, and include that log as well in your next reply.

Edited by Jimmy2012, 12 July 2008 - 12:00 PM.

  • 0

#5
DionMcbud

DionMcbud

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Jimmy, the logs as requested are as follows;

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:48, on 13/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\WINDOWS\system32\FreezeScreenSaver.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\WINDOWS\system32\CPdeSrvU.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
E:\Program Files\internet explorer\iexplore.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co...t=true&query=%s
O2 - BHO: (no name) - {0ED56A2E-79C5-4BD8-ADD5-F3784969327D} - E:\WINDOWS\system32\pmnlKcdb.dll (file missing)
O2 - BHO: QXK Olive - {3EE58090-72BB-4B74-AC0C-FBC6E1B119A5} - E:\WINDOWS\wbxdpgfelkn.dll
O2 - BHO: {496b2714-0dd2-dbd9-bed4-0ef68c501bb6} - {6bb105c8-6fe0-4deb-9dbd-2dd04172b694} - E:\WINDOWS\system32\csxhsx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] E:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "e:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202842577644
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C6B8A039-7350-42CB-ACF2-CDBB0E598EB0} - http://search.live.c...4/p4dw.cab?ver=
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FreezeScreenSaver - Unknown owner - E:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8229 bytes


Combofix;

ComboFix 08-07-11.1 - Kristian Emmett 2008-07-11 22:03:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.172 [GMT 1:00]
Running from: G:\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\Kristian Emmett\Application Data\macromedia\Flash Player\#SharedObjects\CPCFUTZL\iforex.com
E:\Documents and Settings\Kristian Emmett\Application Data\macromedia\Flash Player\#SharedObjects\CPCFUTZL\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
E:\Documents and Settings\Kristian Emmett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
E:\Documents and Settings\Kristian Emmett\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
E:\Documents and Settings\Kristian Emmett\Desktop\Error Cleaner.url
E:\Documents and Settings\Kristian Emmett\Desktop\Privacy Protector.url
E:\Documents and Settings\Kristian Emmett\Desktop\Spyware&Malware Protection.url
E:\Documents and Settings\Kristian Emmett\Favorites\Error Cleaner.url
E:\Documents and Settings\Kristian Emmett\Favorites\Privacy Protector.url
E:\Documents and Settings\Kristian Emmett\Favorites\Spyware&Malware Protection.url
E:\WINDOWS\enfp.exe
E:\WINDOWS\fdxbameg.dll
E:\WINDOWS\fsrpknov.dll
E:\WINDOWS\gpefaowr.exe
E:\WINDOWS\sqvgnrpx.dll
E:\WINDOWS\system32\bdcKlnmp.ini
E:\WINDOWS\system32\bdcKlnmp.ini2
E:\WINDOWS\system32\fegdavam.ini
E:\WINDOWS\system32\iyiqbykl.ini
E:\WINDOWS\system32\ljJYPjgG.dll
E:\WINDOWS\system32\lkybqiyi.dll
E:\WINDOWS\system32\mcrh.tmp
E:\WINDOWS\system32\mlJCTMdc.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.

2008-07-11 20:29 . 2008-07-11 20:29 116,864 --a------ E:\WINDOWS\system32\csxhsx.dll
2008-07-11 20:29 . 2008-07-11 20:29 116,864 --a------ E:\WINDOWS\system32\bxoeqlvf.dll
2008-07-11 18:52 . 2008-07-11 18:52 321,792 --a------ E:\WINDOWS\system32\pmnlKcdb.dll
2008-07-11 18:43 . 2008-07-11 16:48 393,216 --a------ E:\WINDOWS\wbxdpgfelkn.dll
2008-07-10 11:11 . 2008-07-10 11:11 <DIR> d-------- E:\Documents and Settings\Kristian Emmett\Application Data\Leadertech
2008-07-10 11:06 . 2008-07-10 11:06 0 --a------ E:\WINDOWS\PowerReg.dat
2008-07-10 11:02 . 2008-07-10 11:02 <DIR> d-------- E:\Program Files\Infogrames Interactive
2008-07-10 10:58 . 2008-07-10 10:58 <DIR> d-------- E:\Program Files\DAEMON Tools Lite
2008-07-10 10:22 . 2008-07-10 10:22 <DIR> d-------- E:\WINDOWS\system32\Adobe
2008-06-26 20:21 . 2008-06-26 20:21 <DIR> d-------- E:\Program Files\Freeze.com
2008-06-26 20:21 . 2006-03-31 03:11 761,856 --a------ E:\WINDOWS\Lightning Storm.scr
2008-06-26 20:21 . 2005-09-29 14:55 69,632 --a------ E:\WINDOWS\system32\FreezeScreenSaver.exe
2008-06-21 14:39 . 2008-06-21 14:40 <DIR> d-------- E:\Program Files\Google
2008-06-21 14:39 . 2008-07-11 18:31 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 10:46 . 2008-06-21 10:46 2,560 --a------ E:\WINDOWS\_MSRSTRT.EXE
2008-06-20 18:46 . 2008-06-20 18:46 245,248 -----c--- E:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 18:46 . 2008-06-20 18:46 147,968 -----c--- E:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 15:54 . 2008-04-23 05:16 6,066,176 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-20 15:54 . 2007-04-17 10:32 2,455,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-20 15:54 . 2007-03-08 06:10 991,232 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-20 15:54 . 2008-04-23 05:16 459,264 -----c--- E:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-20 15:54 . 2008-04-23 05:16 383,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-20 15:54 . 2008-04-23 05:16 267,776 -----c--- E:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-20 15:54 . 2008-04-23 05:16 63,488 -----c--- E:\WINDOWS\system32\dllcache\icardie.dll
2008-06-20 15:54 . 2008-04-23 05:16 52,224 -----c--- E:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-20 15:54 . 2008-04-22 08:39 13,824 -----c--- E:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-20 12:51 . 2008-06-20 12:51 361,600 -----c--- E:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:40 . 2008-06-20 12:40 138,496 -----c--- E:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 12:08 . 2008-06-20 12:08 225,856 -----c--- E:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 14:16 . 2008-06-15 14:17 <DIR> d-------- E:\Program Files\Windows Live Safety Center
2008-06-12 20:07 . 2008-06-12 20:07 <DIR> d--h----- E:\$AVG8.VAULT$
2008-06-12 15:06 . 2008-06-12 15:06 <DIR> d-------- E:\Documents and Settings\Kristian Emmett\Application Data\True Sword
2008-06-12 15:05 . 2008-06-16 11:59 <DIR> d-------- E:\Program Files\True Sword 4
2008-06-12 15:05 . 2008-06-12 15:05 5,810,981 --a------ E:\Documents and Settings\Kristian Emmett\Application Data\TrueSword4.exe
2008-06-12 14:36 . 2008-06-12 14:36 <DIR> d-------- E:\WINDOWS\system32\scripting
2008-06-12 14:36 . 2008-06-12 14:36 <DIR> d-------- E:\WINDOWS\system32\en
2008-06-12 14:36 . 2008-06-12 14:36 <DIR> d-------- E:\WINDOWS\l2schemas
2008-06-12 14:11 . 2008-04-14 01:12 712,704 --a------ E:\WINDOWS\system32\windowscodecs.dll
2008-06-12 14:11 . 2008-04-14 01:12 346,112 --a------ E:\WINDOWS\system32\windowscodecsext.dll
2008-06-12 14:11 . 2008-04-14 01:12 276,992 --a------ E:\WINDOWS\system32\wmphoto.dll
2008-06-12 14:11 . 2008-04-14 01:12 69,120 --a------ E:\WINDOWS\system32\wlanapi.dll
2008-06-12 14:11 . 2008-04-14 01:12 53,248 --a------ E:\WINDOWS\system32\tsgqec.dll
2008-06-12 14:11 . 2008-04-14 01:12 50,688 --a------ E:\WINDOWS\system32\tspkg.dll
2008-06-12 14:09 . 2008-04-14 01:11 650,752 --a------ E:\WINDOWS\system32\dot3ui.dll
2008-06-12 14:08 . 2008-04-14 01:11 233,472 --a------ E:\WINDOWS\system32\azroles.dll
2008-06-12 14:08 . 2008-04-14 01:11 136,192 --a------ E:\WINDOWS\system32\aaclient.dll
2008-06-12 14:08 . 2008-04-14 01:11 12,800 --a------ E:\WINDOWS\system32\credssp.dll
2008-06-12 14:08 . 2008-04-14 01:11 7,168 --a------ E:\WINDOWS\system32\bitsprx4.dll
2008-06-12 13:46 . 2008-06-12 13:46 <DIR> d-------- E:\Program Files\Microsoft Silverlight
2008-06-12 13:29 . 2008-07-11 09:34 <DIR> d-------- E:\WINDOWS\system32\drivers\Avg
2008-06-12 13:29 . 2008-06-12 13:29 <DIR> d-------- E:\Program Files\AVG
2008-06-12 13:29 . 2008-06-12 13:29 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\avg8
2008-06-12 13:29 . 2008-07-04 11:49 96,520 --a------ E:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-12 13:29 . 2008-07-04 11:49 76,040 --a------ E:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-12 13:29 . 2008-07-04 11:49 10,520 --a------ E:\WINDOWS\system32\avgrsstx.dll
2008-06-11 12:31 . 2008-05-08 15:02 203,136 -----c--- E:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-11 12:30 . 2008-06-13 12:05 272,128 -----c--- E:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 21:08 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\DNA
2008-07-11 16:56 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\BitTorrent
2008-07-11 09:00 --------- d-----w E:\Program Files\Lexmark X1100 Series
2008-07-10 11:20 --------- d-----w E:\Program Files\eMule
2008-07-10 10:24 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-07-10 09:54 717,296 ----a-w E:\WINDOWS\system32\drivers\sptd.sys
2008-06-22 09:52 --------- d-----w E:\Program Files\Yahoo!
2008-06-21 13:36 --------- d-----w E:\Program Files\DivX
2008-06-21 09:47 --------- d-----w E:\Program Files\VoyagerTest
2008-06-20 17:46 245,248 ----a-w E:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w E:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w E:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w E:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w E:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 10:57 --------- d-----w E:\Program Files\Stop Motion Animator
2008-06-03 15:22 --------- d-----w E:\Program Files\QuickTime
2008-05-30 23:22 823,296 ----a-w E:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w E:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w E:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w E:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w E:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 13:21 --------- d-----w E:\Program Files\Soulseek
2008-05-18 12:05 --------- d-----w E:\Documents and Settings\All Users\Application Data\Creative
2008-05-18 12:00 --------- d-----w E:\Program Files\Creative
2008-05-18 11:59 --------- d--h--w E:\Program Files\Creative Installation Information
2008-05-18 11:58 --------- d-----w E:\Program Files\Common Files\Creative
2008-05-18 11:54 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-05-18 10:31 --------- d-----w E:\Program Files\Corel
2008-05-09 10:53 90,112 ----a-w E:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w E:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w E:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w E:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w E:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w E:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w E:\WINDOWS\system32\quartz.dll
2008-05-05 10:51 2,516 --sha-w E:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 04:16 826,368 ----a-w E:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w E:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w E:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w E:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w E:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w E:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w E:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w E:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w E:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w E:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w E:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w E:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w E:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w E:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w E:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w E:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w E:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w E:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w E:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w E:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w E:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w E:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w E:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w E:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w E:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w E:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w E:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w E:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w E:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w E:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w E:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w E:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w E:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w E:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w E:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w E:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w E:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w E:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w E:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w E:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w E:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w E:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ED56A2E-79C5-4BD8-ADD5-F3784969327D}]
2008-07-11 18:52 321792 --a------ E:\WINDOWS\system32\pmnlKcdb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3EE58090-72BB-4B74-AC0C-FBC6E1B119A5}]
2008-07-11 16:48 393216 --a------ E:\WINDOWS\wbxdpgfelkn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6bb105c8-6fe0-4deb-9dbd-2dd04172b694}]
2008-07-11 20:29 116864 --a------ E:\WINDOWS\system32\csxhsx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="E:\Program Files\DNA\btdna.exe" [2008-05-08 17:17 289088]
"CTSyncU.exe"="E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 14:39 68856]
"DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-08 17:22 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="E:\WINDOWS\System32\igfxtray.exe" [2006-08-14 15:39 98304]
"HotKeysCmds"="E:\WINDOWS\System32\hkcmd.exe" [2006-08-14 15:41 114688]
"Persistence"="E:\WINDOWS\System32\igfxpers.exe" [2006-08-14 15:38 94208]
"Lexmark X1100 Series"="E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43 57344]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HostManager"="E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
"ISUSPM Startup"="E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2008-06-03 16:22 413696]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 11:49 1232152]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 15:07 90112 E:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

E:\Documents and Settings\Kristian Emmett\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-07-10 11:22:33 225280]
PowerReg Scheduler.exe [2008-07-10 11:06:22 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-26 01:52 50736 E:\Program Files\Common Files\AOL\1202796242\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-08-06 19:03 155648 E:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\DNA\\btdna.exe"=
"G:\\Games\\Civ2\\civ2.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\WINDOWS\\system32\\LEXPPS.EXE"=
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"E:\\Program Files\\Common Files\\AOL\\1202796242\\ee\\aolsoftware.exe"=
"E:\\Program Files\\Soulseek\\slsk.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 11:49]
R2 avg8emc;AVG8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 11:49]
R2 avg8wd;AVG8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 11:49]
R2 AvgTdiX;AVG8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 11:49]
R2 FreezeScreenSaver;FreezeScreenSaver;E:\WINDOWS\system32\FreezeScreenSaver.exe [2005-09-29 14:55]
S1 vcdrom;Virtual CD-ROM Device Driver;E:\Documents and Settings\Kristian Emmett\Desktop\VCdRom.sys []
S3 PPPoEWin;PPPoEWin Miniport;E:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-07-11 21:13:42 E:\WINDOWS\Tasks\MP Scheduled Scan.job"
- E:\Program Files\Windows Defender\MpCmdRun.exe
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{8D52F0EB-21CC-422D-8042-D2F69614D8A6} - E:\WINDOWS\sqvgnrpx.dll
HKLM-Run-000000af - E:\WINDOWS\system32\lkybqiyi.dll
SSODL-fsrpknov-{81522D36-FB23-4757-9EC8-A01C18AA1356} - E:\WINDOWS\fsrpknov.dll
SSODL-fdxbameg-{DD8ABF55-33F6-40FC-817C-A94BF92E5043} - E:\WINDOWS\fdxbameg.dll
MSConfigStartUp-AVG7_CC - E:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-DAEMON Tools-1033 - E:\Program Files\D-Tools\daemon.exe
MSConfigStartUp-RoxioAudioCentral - E:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
MSConfigStartUp-RoxioDragToDisc - E:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
MSConfigStartUp-RoxioEngineUtility - E:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-11 22:10:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\cmd.exe
E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\WINDOWS\system32\CPdeSrvU.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-11 22:16:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-11 21:16:38

Pre-Run: 30,908,551,168 bytes free
Post-Run: 30,845,095,936 bytes free

297 --- E O F --- 2008-07-11 17:19:45



Hope these are up to scratch with what you need to see, thanks for your continued help Jimmy.

DionMcBud.
  • 0

#6
DionMcbud

DionMcbud

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
You will have noticed that i run my windows system from the E drive and not C drive. Neglected to mention that, everything runs the same i just installed windows on E.

Cheers. x
  • 0

#7
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello DionMcbud,
If you have any questions please feel free to ask. :)

I do not see a Firewall on your computer. A firewall can help protect you from Hackers and some types of Malware. I recommend you download a firewall. Here are a few to chose from(all are free).
Comodo
Zone Alarm
OutPost
Out of these I would recommend Comodo, please only install one firewall at a time. If you need any help installing/using one of these firewalls please let me know.

STEP 1
I see that you have P2P(Peer to Peer) programs on your computer.While the programs it self may be safe the files you get can be illegal and can also have malware in them. I recommend you remove any P2P programs you have.(if you do not want to remove the P2P programs please skip this step and move on to the next one.)

Please click start>control panel>add/remove programs. And remove the following programs.(if present) Also remove any other P2P programs you may have.
BitTorrent
eMule
Soulseek


Once you have done that please remove the following folders(if present)
E:\Documents and Settings\Kristian Emmett\Application Data\BitTorrent
E:\Program Files\eMule
E:\Program Files\Soulseek

STEP 2
Please reopen HijackThis and click on Do a system scan only.And put a check next to the following entries.

O2 - BHO: (no name) - {0ED56A2E-79C5-4BD8-ADD5-F3784969327D} - E:\WINDOWS\system32\pmnlKcdb.dll (file missing)
O2 - BHO: QXK Olive - {3EE58090-72BB-4B74-AC0C-FBC6E1B119A5} - E:\WINDOWS\wbxdpgfelkn.dll
O2 - BHO: {496b2714-0dd2-dbd9-bed4-0ef68c501bb6} - {6bb105c8-6fe0-4deb-9dbd-2dd04172b694} - E:\WINDOWS\system32\csxhsx.dll (file missing)
O23 - Service: FreezeScreenSaver - Unknown owner - E:\WINDOWS\system32\FreezeScreenSaver.exe

Once you have the checks in those entries please make sure all open windows are closed(keep HijackThis open) and click fix checked on HijackThis. A box will open up asking if you want to fix the selected items, please click yes. After you have fixed those entires you can close HijackThis.

STEP 3
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
E:\WINDOWS\system32\csxhsx.dll
E:\WINDOWS\system32\pmnlKcdb.dll
E:\WINDOWS\system32\bxoeqlvf.dll
E:\Program Files\Freeze.com
E:\WINDOWS\system32\FreezeScreenSaver.exe
E:\WINDOWS\wbxdpgfelkn.dll
E:\WINDOWS\Lightning Storm.scr

Driver::
FreezeScreenSaver

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#8
DionMcbud

DionMcbud

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello mate, the new Logs are as follows:

combofix:

ComboFix 08-07-11.1 - Kristian Emmett 2008-07-14 15:00:48.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.190 [GMT 1:00]
Running from: G:\ComboFix.exe
Command switches used :: E:\Documents and Settings\Kristian Emmett\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
E:\Program Files\Freeze.com
E:\WINDOWS\Lightning Storm.scr
E:\WINDOWS\system32\bxoeqlvf.dll
E:\WINDOWS\system32\csxhsx.dll
E:\WINDOWS\system32\FreezeScreenSaver.exe
E:\WINDOWS\system32\pmnlKcdb.dll
E:\WINDOWS\wbxdpgfelkn.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\Lightning Storm.scr
E:\WINDOWS\system32\FreezeScreenSaver.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FREEZESCREENSAVER
-------\Service_FreezeScreenSaver


((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 14:56 . 2008-07-14 14:56 0 --a------ E:\Documents and Settings\Kristian Emmett\.exe
2008-07-13 11:28 . 2008-07-13 11:28 <DIR> d-------- E:\Program Files\Trend Micro
2008-07-10 11:11 . 2008-07-10 11:11 <DIR> d-------- E:\Documents and Settings\Kristian Emmett\Application Data\Leadertech
2008-07-10 11:06 . 2008-07-10 11:06 0 --a------ E:\WINDOWS\PowerReg.dat
2008-07-10 11:02 . 2008-07-10 11:02 <DIR> d-------- E:\Program Files\Infogrames Interactive
2008-07-10 10:58 . 2008-07-10 10:58 <DIR> d-------- E:\Program Files\DAEMON Tools Lite
2008-07-10 10:22 . 2008-07-10 10:22 <DIR> d-------- E:\WINDOWS\system32\Adobe
2008-06-26 20:21 . 2008-06-26 20:21 <DIR> d-------- E:\Program Files\Freeze.com
2008-06-21 14:39 . 2008-06-21 14:40 <DIR> d-------- E:\Program Files\Google
2008-06-21 14:39 . 2008-07-13 11:22 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 10:46 . 2008-06-21 10:46 2,560 --a------ E:\WINDOWS\_MSRSTRT.EXE
2008-06-20 18:46 . 2008-06-20 18:46 245,248 -----c--- E:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 18:46 . 2008-06-20 18:46 147,968 -----c--- E:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 15:54 . 2008-04-23 05:16 6,066,176 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-20 15:54 . 2007-04-17 10:32 2,455,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-20 15:54 . 2007-03-08 06:10 991,232 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-20 15:54 . 2008-04-23 05:16 459,264 -----c--- E:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-20 15:54 . 2008-04-23 05:16 383,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-20 15:54 . 2008-04-23 05:16 267,776 -----c--- E:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-20 15:54 . 2008-04-23 05:16 63,488 -----c--- E:\WINDOWS\system32\dllcache\icardie.dll
2008-06-20 15:54 . 2008-04-23 05:16 52,224 -----c--- E:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-20 15:54 . 2008-04-22 08:39 13,824 -----c--- E:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-20 12:51 . 2008-06-20 12:51 361,600 -----c--- E:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:40 . 2008-06-20 12:40 138,496 -----c--- E:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 12:08 . 2008-06-20 12:08 225,856 -----c--- E:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 14:16 . 2008-06-15 14:17 <DIR> d-------- E:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 14:03 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\DNA
2008-07-11 16:56 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\BitTorrent
2008-07-11 09:00 --------- d-----w E:\Program Files\Lexmark X1100 Series
2008-07-10 11:20 --------- d-----w E:\Program Files\eMule
2008-07-10 10:24 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-07-10 09:54 717,296 ----a-w E:\WINDOWS\system32\drivers\sptd.sys
2008-07-04 10:49 96,520 ----a-w E:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 10:49 76,040 ----a-w E:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 10:49 10,520 ----a-w E:\WINDOWS\system32\avgrsstx.dll
2008-06-22 09:52 --------- d-----w E:\Program Files\Yahoo!
2008-06-21 13:36 --------- d-----w E:\Program Files\DivX
2008-06-21 09:47 --------- d-----w E:\Program Files\VoyagerTest
2008-06-20 17:46 245,248 ----a-w E:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w E:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w E:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w E:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 10:59 --------- d-----w E:\Program Files\True Sword 4
2008-06-13 11:05 272,128 ----a-w E:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:06 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\True Sword
2008-06-12 14:05 5,810,981 ----a-w E:\Documents and Settings\Kristian Emmett\Application Data\TrueSword4.exe
2008-06-12 12:46 --------- d-----w E:\Program Files\Microsoft Silverlight
2008-06-12 12:29 --------- d-----w E:\Program Files\AVG
2008-06-12 12:29 --------- d-----w E:\Documents and Settings\All Users\Application Data\avg8
2008-06-07 10:57 --------- d-----w E:\Program Files\Stop Motion Animator
2008-06-03 15:22 --------- d-----w E:\Program Files\QuickTime
2008-05-30 23:22 823,296 ----a-w E:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w E:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w E:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w E:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w E:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 13:21 --------- d-----w E:\Program Files\Soulseek
2008-05-18 12:05 --------- d-----w E:\Documents and Settings\All Users\Application Data\Creative
2008-05-18 12:00 --------- d-----w E:\Program Files\Creative
2008-05-18 11:59 --------- d--h--w E:\Program Files\Creative Installation Information
2008-05-18 11:58 --------- d-----w E:\Program Files\Common Files\Creative
2008-05-18 11:54 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-05-18 10:31 --------- d-----w E:\Program Files\Corel
2008-05-09 10:53 90,112 ----a-w E:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w E:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w E:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w E:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w E:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w E:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w E:\WINDOWS\system32\quartz.dll
2008-05-05 10:51 2,516 --sha-w E:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 04:16 826,368 ----a-w E:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w E:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w E:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w E:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w E:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w E:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w E:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w E:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w E:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w E:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w E:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w E:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w E:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w E:\WINDOWS\system32\msafd.dll
.

((((((((((((((((((((((((((((( [email protected]_22.16.20.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 21:09:51 2,048 --s-a-w E:\WINDOWS\bootstat.dat
+ 2008-07-14 14:05:12 2,048 --s-a-w E:\WINDOWS\bootstat.dat
- 2008-07-11 21:10:23 40,960 ----a-w E:\WINDOWS\TEMP\rtdrvmon.exe
+ 2008-07-14 14:05:38 40,960 ----a-w E:\WINDOWS\TEMP\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="E:\Program Files\DNA\btdna.exe" [2008-05-08 17:17 289088]
"CTSyncU.exe"="E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 14:39 68856]
"DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-08 17:22 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="E:\WINDOWS\System32\igfxtray.exe" [2006-08-14 15:39 98304]
"HotKeysCmds"="E:\WINDOWS\System32\hkcmd.exe" [2006-08-14 15:41 114688]
"Persistence"="E:\WINDOWS\System32\igfxpers.exe" [2006-08-14 15:38 94208]
"Lexmark X1100 Series"="E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43 57344]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HostManager"="E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
"ISUSPM Startup"="E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2008-06-03 16:22 413696]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 11:49 1232152]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 15:07 90112 E:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

E:\Documents and Settings\Kristian Emmett\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-07-10 11:22:33 225280]
PowerReg Scheduler.exe [2008-07-10 11:06:22 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-26 01:52 50736 E:\Program Files\Common Files\AOL\1202796242\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-08-06 19:03 155648 E:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\DNA\\btdna.exe"=
"G:\\Games\\Civ2\\civ2.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\WINDOWS\\system32\\LEXPPS.EXE"=
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"E:\\Program Files\\Common Files\\AOL\\1202796242\\ee\\aolsoftware.exe"=
"E:\\Program Files\\Soulseek\\slsk.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\Infogrames Interactive\\Civilization III\\Civ3PTW\\Civilization3X.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 11:49]
R2 avg8emc;AVG8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 11:49]
R2 avg8wd;AVG8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 11:49]
R2 AvgTdiX;AVG8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 11:49]
S1 vcdrom;Virtual CD-ROM Device Driver;E:\Documents and Settings\Kristian Emmett\Desktop\VCdRom.sys []
S3 PPPoEWin;PPPoEWin Miniport;E:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 14:08:41 E:\WINDOWS\Tasks\MP Scheduled Scan.job"
- E:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 15:05:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\cmd.exe
E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\WINDOWS\system32\CPdeSrvU.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-14 15:10:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 14:10:19
ComboFix2.txt 2008-07-11 21:16:50

Pre-Run: 30,445,256,704 bytes free
Post-Run: 30,818,988,032 bytes free

232 --- E O F --- 2008-07-11 17:19:45


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:26:25, on 14/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\WINDOWS\system32\CPdeSrvU.exe
E:\WINDOWS\explorer.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co...t=true&query=%s
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] E:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202842577644
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C6B8A039-7350-42CB-ACF2-CDBB0E598EB0} - http://search.live.c...4/p4dw.cab?ver=
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 7722 bytes


Hope this is ok.

Cheers,
DionMcBud :)
  • 0

#9
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello DionMcbud,
How is your computer is running?

STEP 1
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
E:\Documents and Settings\Kristian Emmett\.exe

Folder::
E:\Program Files\Freeze.com

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

STEP 2
Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~~
In your next reply please have these logs.
The ComboFix log
A new HijackThis log
And the Kaspersky log
  • 0

#10
DionMcbud

DionMcbud

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello mate, my computer is running ok to be honest, the only problem i keep getting is virus warnings from my AVG free system that ask me to heal a file and then delete it.

The new logs are:

Combofix:

ComboFix 08-07-11.1 - Kristian Emmett 2008-07-14 21:23:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.171 [GMT 1:00]
Running from: G:\ComboFix.exe
Command switches used :: E:\Documents and Settings\Kristian Emmett\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
E:\Documents and Settings\Kristian Emmett\.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\Documents and Settings\Kristian Emmett\.exe
E:\Program Files\Freeze.com
E:\Program Files\Freeze.com\Lightning Storm\dticon.url
E:\Program Files\Freeze.com\Lightning Storm\freeze.ico
E:\Program Files\Freeze.com\Lightning Storm\freeze.url
E:\Program Files\Freeze.com\Lightning Storm\INSTALL.LOG
E:\Program Files\Freeze.com\Lightning Storm\license.txt
E:\Program Files\Freeze.com\Lightning Storm\lightningstorm.ico
E:\Program Files\Freeze.com\Lightning Storm\ptest.exe
E:\Program Files\Freeze.com\Lightning Storm\remove.exe
E:\Program Files\Freeze.com\Lightning Storm\resources
E:\Program Files\Freeze.com\Lightning Storm\settings.dat
E:\Program Files\Freeze.com\Lightning Storm\settings.xml
E:\Program Files\Freeze.com\Lightning Storm\smenu.url
E:\Program Files\Freeze.com\Lightning Storm\Test Lightning Storm.lnk
E:\Program Files\Freeze.com\Lightning Storm\undata.exe
E:\Program Files\Freeze.com\Lightning Storm\undata.ini
E:\Program Files\Freeze.com\Lightning Storm\UNINSTAL.EXE

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-13 11:28 . 2008-07-13 11:28 <DIR> d-------- E:\Program Files\Trend Micro
2008-07-10 11:11 . 2008-07-10 11:11 <DIR> d-------- E:\Documents and Settings\Kristian Emmett\Application Data\Leadertech
2008-07-10 11:06 . 2008-07-10 11:06 0 --a------ E:\WINDOWS\PowerReg.dat
2008-07-10 11:02 . 2008-07-10 11:02 <DIR> d-------- E:\Program Files\Infogrames Interactive
2008-07-10 10:58 . 2008-07-10 10:58 <DIR> d-------- E:\Program Files\DAEMON Tools Lite
2008-07-10 10:22 . 2008-07-10 10:22 <DIR> d-------- E:\WINDOWS\system32\Adobe
2008-06-21 14:39 . 2008-06-21 14:40 <DIR> d-------- E:\Program Files\Google
2008-06-21 14:39 . 2008-07-13 11:22 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-21 10:46 . 2008-06-21 10:46 2,560 --a------ E:\WINDOWS\_MSRSTRT.EXE
2008-06-20 18:46 . 2008-06-20 18:46 245,248 -----c--- E:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 18:46 . 2008-06-20 18:46 147,968 -----c--- E:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 15:54 . 2008-04-23 05:16 6,066,176 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-20 15:54 . 2007-04-17 10:32 2,455,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-20 15:54 . 2007-03-08 06:10 991,232 -----c--- E:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-20 15:54 . 2008-04-23 05:16 459,264 -----c--- E:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-20 15:54 . 2008-04-23 05:16 383,488 -----c--- E:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-20 15:54 . 2008-04-23 05:16 267,776 -----c--- E:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-20 15:54 . 2008-04-23 05:16 63,488 -----c--- E:\WINDOWS\system32\dllcache\icardie.dll
2008-06-20 15:54 . 2008-04-23 05:16 52,224 -----c--- E:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-20 15:54 . 2008-04-22 08:39 13,824 -----c--- E:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-20 12:51 . 2008-06-20 12:51 361,600 -----c--- E:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 12:40 . 2008-06-20 12:40 138,496 -----c--- E:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 12:08 . 2008-06-20 12:08 225,856 -----c--- E:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 14:16 . 2008-06-15 14:17 <DIR> d-------- E:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:25 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\DNA
2008-07-11 16:56 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\BitTorrent
2008-07-11 09:00 --------- d-----w E:\Program Files\Lexmark X1100 Series
2008-07-10 11:20 --------- d-----w E:\Program Files\eMule
2008-07-10 10:24 --------- d--h--w E:\Program Files\InstallShield Installation Information
2008-07-10 09:54 717,296 ----a-w E:\WINDOWS\system32\drivers\sptd.sys
2008-07-04 10:49 96,520 ----a-w E:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-04 10:49 76,040 ----a-w E:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-04 10:49 10,520 ----a-w E:\WINDOWS\system32\avgrsstx.dll
2008-06-22 09:52 --------- d-----w E:\Program Files\Yahoo!
2008-06-21 13:36 --------- d-----w E:\Program Files\DivX
2008-06-21 09:47 --------- d-----w E:\Program Files\VoyagerTest
2008-06-20 17:46 245,248 ----a-w E:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w E:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w E:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w E:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-16 10:59 --------- d-----w E:\Program Files\True Sword 4
2008-06-13 11:05 272,128 ----a-w E:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 14:06 --------- d-----w E:\Documents and Settings\Kristian Emmett\Application Data\True Sword
2008-06-12 14:05 5,810,981 ----a-w E:\Documents and Settings\Kristian Emmett\Application Data\TrueSword4.exe
2008-06-12 12:46 --------- d-----w E:\Program Files\Microsoft Silverlight
2008-06-12 12:29 --------- d-----w E:\Program Files\AVG
2008-06-12 12:29 --------- d-----w E:\Documents and Settings\All Users\Application Data\avg8
2008-06-07 10:57 --------- d-----w E:\Program Files\Stop Motion Animator
2008-06-03 15:22 --------- d-----w E:\Program Files\QuickTime
2008-05-30 23:22 823,296 ----a-w E:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w E:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w E:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w E:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w E:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w E:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w E:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w E:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w E:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w E:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w E:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w E:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w E:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w E:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w E:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w E:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w E:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w E:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w E:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-19 13:21 --------- d-----w E:\Program Files\Soulseek
2008-05-18 12:05 --------- d-----w E:\Documents and Settings\All Users\Application Data\Creative
2008-05-18 12:00 --------- d-----w E:\Program Files\Creative
2008-05-18 11:59 --------- d--h--w E:\Program Files\Creative Installation Information
2008-05-18 11:58 --------- d-----w E:\Program Files\Common Files\Creative
2008-05-18 11:54 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-05-18 10:31 --------- d-----w E:\Program Files\Corel
2008-05-09 10:53 90,112 ----a-w E:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w E:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w E:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w E:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w E:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w E:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w E:\WINDOWS\system32\quartz.dll
2008-05-05 10:51 2,516 --sha-w E:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 04:16 826,368 ----a-w E:\WINDOWS\system32\wininet.dll
2008-04-14 04:42 985,088 ----a-w E:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w E:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w E:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w E:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w E:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w E:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w E:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w E:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w E:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w E:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w E:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w E:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w E:\WINDOWS\system32\msafd.dll
.

((((((((((((((((((((((((((((( [email protected]_22.16.20.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 21:09:51 2,048 --s-a-w E:\WINDOWS\bootstat.dat
+ 2008-07-14 20:35:58 2,048 --s-a-w E:\WINDOWS\bootstat.dat
- 2008-07-11 21:10:23 40,960 ----a-w E:\WINDOWS\TEMP\rtdrvmon.exe
+ 2008-07-14 20:36:25 40,960 ----a-w E:\WINDOWS\TEMP\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="E:\Program Files\DNA\btdna.exe" [2008-05-08 17:17 289088]
"CTSyncU.exe"="E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-21 14:39 68856]
"DAEMON Tools Lite"="E:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-08 17:22 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="E:\WINDOWS\System32\igfxtray.exe" [2006-08-14 15:39 98304]
"HotKeysCmds"="E:\WINDOWS\System32\hkcmd.exe" [2006-08-14 15:41 114688]
"Persistence"="E:\WINDOWS\System32\igfxpers.exe" [2006-08-14 15:38 94208]
"Lexmark X1100 Series"="E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:43 57344]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"HostManager"="E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]
"ISUSPM Startup"="E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"QuickTime Task"="E:\Program Files\QuickTime\qttask.exe" [2008-06-03 16:22 413696]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-04 11:49 1232152]
"SoundMan"="SOUNDMAN.EXE" [2005-11-11 15:07 90112 E:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="E:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]
"DWQueuedReporting"="E:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 17:38 39264]

E:\Documents and Settings\Kristian Emmett\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-07-10 11:22:33 225280]
PowerReg Scheduler.exe [2008-07-10 11:06:22 256000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-26 01:52 50736 E:\Program Files\Common Files\AOL\1202796242\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-08-06 19:03 155648 E:\WINDOWS\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"E:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\DNA\\btdna.exe"=
"G:\\Games\\Civ2\\civ2.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\WINDOWS\\system32\\LEXPPS.EXE"=
"E:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"E:\\Program Files\\Common Files\\AOL\\1202796242\\ee\\aolsoftware.exe"=
"E:\\Program Files\\Soulseek\\slsk.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\Program Files\\Infogrames Interactive\\Civilization III\\Civ3PTW\\Civilization3X.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-04 11:49]
R2 avg8emc;AVG8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-04 11:49]
R2 avg8wd;AVG8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 11:49]
R2 AvgTdiX;AVG8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-04 11:49]
S1 vcdrom;Virtual CD-ROM Device Driver;E:\Documents and Settings\Kristian Emmett\Desktop\VCdRom.sys []
S3 PPPoEWin;PPPoEWin Miniport;E:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 20:39:42 E:\WINDOWS\Tasks\MP Scheduled Scan.job"
- E:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 21:36:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\LEXPPS.EXE
E:\WINDOWS\system32\cmd.exe
E:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\WINDOWS\system32\CPdeSrvU.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-14 21:42:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 20:41:58
ComboFix2.txt 2008-07-14 14:10:31
ComboFix3.txt 2008-07-11 21:16:50

Pre-Run: 30,729,760,768 bytes free
Post-Run: 30,797,221,888 bytes free

237 --- E O F --- 2008-07-11 17:19:45



Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:56, on 14/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Windows Defender\MsMpEng.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\LEXBCES.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\LEXPPS.EXE
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\System32\hkcmd.exe
E:\WINDOWS\System32\igfxpers.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\Program Files\DNA\btdna.exe
E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
E:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
E:\WINDOWS\system32\CPdeSrvU.exe
E:\WINDOWS\explorer.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co...t=true&query=%s
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] E:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "E:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1202796242\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "E:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zon...wn.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1202842577644
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C6B8A039-7350-42CB-ACF2-CDBB0E598EB0} - http://search.live.c...4/p4dw.cab?ver=
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - E:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 7745 bytes



Kaspersky Log:


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 15, 2008 12:56:30 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 14/07/2008
Kaspersky Anti-Virus database records: 953406
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 48233
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 00:51:51

Infected Object Name / Virus Name / Last Action
E:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
E:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02142008-185143.log Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Local Settings\History\History.IE5\MSHist012008071420080715\index.dat Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
E:\Documents and Settings\Kristian Emmett\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\Kristian Emmett\ntuser.dat Object is locked skipped
E:\Documents and Settings\Kristian Emmett\NTUSER.DAT.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
E:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
E:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
E:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
E:\QooBox\Quarantine\E\WINDOWS\system32\ljJYPjgG.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
E:\QooBox\Quarantine\E\WINDOWS\system32\mlJCTMdc.dll.vir Infected: Trojan.Win32.Monderb.gen skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{2BB0A60F-B18F-4ADA-B541-1A96E7F93BC0}\RP337\A0019780.dll Object is locked skipped
E:\System Volume Information\_restore{2BB0A60F-B18F-4ADA-B541-1A96E7F93BC0}\RP337\A0019782.exe Object is locked skipped
E:\System Volume Information\_restore{2BB0A60F-B18F-4ADA-B541-1A96E7F93BC0}\RP337\A0019954.dll Object is locked skipped
E:\System Volume Information\_restore{2BB0A60F-B18F-4ADA-B541-1A96E7F93BC0}\RP337\A0019955.dll Object is locked skipped
E:\System Volume Information\_restore{2BB0A60F-B18F-4ADA-B541-1A96E7F93BC0}\RP338\A0019959.dll Object is locked skipped
E:\System Volume Information\_restore{2BB0A60F-B18F-4ADA-B541-1A96E7F93BC0}\RP341\change.log Object is locked skipped
E:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
E:\WINDOWS\SchedLgU.Txt Object is locked skipped
E:\WINDOWS\SoftwareDistribution\EventCache\{83FEACDA-BE8E-481C-B540-DFDB74DF790A}.bin Object is locked skipped
E:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
E:\WINDOWS\Sti_Trace.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
E:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
E:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\default Object is locked skipped
E:\WINDOWS\system32\config\default.LOG Object is locked skipped
E:\WINDOWS\system32\config\Internet.evt Object is locked skipped
E:\WINDOWS\system32\config\SAM Object is locked skipped
E:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
E:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\SECURITY Object is locked skipped
E:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
E:\WINDOWS\system32\config\software Object is locked skipped
E:\WINDOWS\system32\config\software.LOG Object is locked skipped
E:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
E:\WINDOWS\system32\config\system Object is locked skipped
E:\WINDOWS\system32\config\system.LOG Object is locked skipped
E:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
E:\WINDOWS\system32\h323log.txt Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
E:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
E:\WINDOWS\wiadebug.log Object is locked skipped
E:\WINDOWS\wiaservc.log Object is locked skipped
E:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\_restore{2BB0A60F-B18F-4ADA-B541-1A96E7F93BC0}\RP341\change.log Object is locked skipped

Scan process completed.





I need to let you know that during the last combo fix scan and also the kaspersky scan my computer was running very very slow and making alot of noise, it also took a very long time to shut it down ect after the scans were complete. But all waorked out and it seems fine again.

Cheer for your continued help bro. :) :)
  • 0

#11
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello DionMcbud,

the only problem i keep getting is virus warnings from my AVG free system that ask me to heal a file and then delete it.

Could you please tell me where AVG keeps finding these virus?
  • 0

#12
DionMcbud

DionMcbud

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Mostly in volume control and system32 files dude.
  • 0

#13
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello DionMcbud,

Mostly in volume control and system32 files dude.

When was the last time you got any warnings about any virus in the System32 folder? The reason I ask is because all your logs that are coming back look clean.

Also could you please post the AVG anti-virus log in your next reply as well.
  • 0

#14
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP