Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan.Agent [CLOSED]


  • This topic is locked This topic is locked

#1
SpaCeTraNce

SpaCeTraNce

    Member

  • Member
  • PipPip
  • 35 posts
I am working on a machine that was infected with a rogue software of some sort. I have run MBAM and the system is running clean, now there is a file that I can't seem to get rid of c:\windows\system32\winctrl32.dll. I have deleted it after booting from another boot/system utility disk and it magically reappears :-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:30 PM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {5d241cfc-1b62-96e9-f174-e534731939e3} - {3e939137-435e-471f-9e69-26b1cfc142d5} - C:\WINDOWS\system32\grhxxp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.investors.com
O15 - Trusted Zone: http://*.turbotax.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129054033281
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - AppInit_DLLs: lwevxv.dll mlnsyl.dll
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O24 - Desktop Component 0: (no name) - http://www.aaii.com/images/mainBG.gif

--
End of file - 6601 bytes


Thanks for the help....
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello SpaCeTraNce,

I am having a look at your log and will get back to you in a bit.

regards
emeraldnzl
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again SpaCeTraNce,

Firstly, just a question to answer when you come back. Whose computer are you working on?

Now lets get on with it.

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

It is important you carry out instructions exactly in the order they appear.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Next

Download FixIEDef by ShadowPuterDude to the Desktop.

Double-click FixIEDef
Posted Image

Click 'OK'
Posted Image

Click 'Scan'
Posted Image

Click 'OK' (FixIEDef requires Adminstrator Privileges to run correctly. This box tells you that FixIEDef successfully elevated it's privileges to that of Administrator)
Posted Image
Posted Image
Posted Image

WARNING: FixIEDef will kill all copies of <b>Internet Explorer</b> and <b>Explorer</b> that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.

Everything will be restored to normal, once the malicious file is removed.

Click 'Exit' once FixIEDef displays the All Finished message.
Posted Image

Post the FixIEDef log file, located on the Desktop.
Posted Image

Lastly

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
So when you come back please post
  • VundoFix report
  • FixIEDef log
  • the two DSS reports

  • 0

#4
SpaCeTraNce

SpaCeTraNce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I haven't forgoten about this.... I will run the above fix and attach the logs sometime today. Sorry for the delayed response, please don't close this thread untill we get it resolved. Thanks for your patience.
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hi SpaCeTraNce,

No problem. :)

When you come back please post the logs in the thread rather than attaching them.

If it takes more than one post that's fine.

regards
emeraldnzl
  • 0

#6
SpaCeTraNce

SpaCeTraNce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here is what happened. I didn't want to put this system back on the network up here(I volunteer for a ministry, we have about 25 machines on a workgroup network, with basically no security policies) so I put dss.exe, fixiedef.exe and vundofix.exe on a cd to run on the infected machine. And I accidently ran the vundofix.exe from the cd which means I wasn't able to get the log. It found 4 dll in c:\windows\system32, they looked to me like randomly generated filenames. It fixed those.

Here is the fixIEDef.exe log:
********************************************************************************
* *
* FixIEDef Log *
* Version 1.5.3.6065 *
* *
********************************************************************************

Created at 09:56:39 on Tuesday, August 12, 2008

Time Zone : (GMT-06:00) Central Time (US & Canada)

Logged On User : Jim Graves

Operating System : Microsoft Windows XP Home Edition Service Pack 2
OS Version : 5.1.2600
System Langauge : English (United States)
Keyboard Layout : English (United States)
Processor : X86 Intel® Pentium® 4 CPU 2.26GHz

System Drive : C:\
Windows Directory : C:\WINDOWS
System Directory : C:\WINDOWS\system32

Total Physical Memory : 523056 KB
Free Physical Memory : 214756 KB
Total Virtual Memory : 2097024 KB
Free Virtual Memory : 2018460 KB

Boot State : Normal boot

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Documents and Settings\Jim Graves\Application Data\Sun\Java\Deployment\cache\javapi\*.*
C:\WINDOWS\TEMP\BN3.tmp
C:\WINDOWS\TEMP\BNA.tmp

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Main.txt:

Deckard's System Scanner v20071014.68
Run by Jim Graves on 2008-08-12 09:57:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-08-12 14:57:26 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Jim Graves.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:04 AM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Jim Graves\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jim Graves.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {5d241cfc-1b62-96e9-f174-e534731939e3} - {3e939137-435e-471f-9e69-26b1cfc142d5} - C:\WINDOWS\system32\grhxxp.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129054033281
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.aaii.com/images/mainBG.gif

--
End of file - 8346 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080807-170144-941 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)
S3 Windj41 - c:\windows\system32\drivers\windj41.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdobeActiveFileMonitor (Adobe Active File Monitor) - c:\program files\adobe\photoshop elements 3.0\photoshopelementsfileagent.exe
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>

S4 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-08-12 09:46:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-08-09 12:04:00 264 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-07-12 and 2008-08-12 -----------------------------

2008-08-12 09:53:35 0 d-------- C:\WINDOWS\system32\LogFiles
2008-08-10 18:16:26 0 d-------- C:\VundoFix Backups
2008-08-10 18:09:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 17:54:35 0 d-------- C:\Program Files\Alwil Software
2008-08-10 17:47:26 0 --a-----t C:\Documents and Settings\Jim Graves\x
2008-08-08 11:49:53 0 d-------- C:\Program Files\Windows Defender
2008-08-08 11:45:34 0 d-------- C:\Documents and Settings\Jim Graves\Application Data\U3
2008-08-07 16:57:32 0 d-------- C:\hijackthis
2008-08-07 11:18:45 0 d-------- C:\Documents and Settings\Jim Graves\Application Data\Malwarebytes
2008-08-07 11:18:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 11:18:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 18:59:09 121472 --a------ C:\WINDOWS\system32\rylkwomi.dll
2008-08-06 18:59:09 121472 --a------ C:\WINDOWS\system32\grhxxp.dll
2008-08-06 18:58:59 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Adobe
2008-08-03 12:32:16 0 d-------- C:\Program Files\Common Files\BitDefender
2008-08-02 21:04:00 0 dr-h----- C:\Documents and Settings\Administrator.D8NTZR11\SendTo
2008-08-02 21:04:00 0 dr-h----- C:\Documents and Settings\Administrator.D8NTZR11\Recent
2008-08-02 21:04:00 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\PrintHood
2008-08-02 21:04:00 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\NetHood
2008-08-02 21:04:00 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Symantec
2008-08-02 21:04:00 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Identities
2008-08-02 21:03:59 0 dr------- C:\Documents and Settings\Administrator.D8NTZR11\Start Menu
2008-08-02 21:02:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 20:43:57 0 dr------- C:\Documents and Settings\Administrator.D8NTZR11\Favorites
2008-08-02 20:43:57 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Desktop
2008-08-02 20:43:57 0 d--hs---- C:\Documents and Settings\Administrator.D8NTZR11\Cookies
2008-08-02 20:43:57 0 dr-h----- C:\Documents and Settings\Administrator.D8NTZR11\Application Data
2008-08-02 20:43:57 0 d---s---- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Microsoft
2008-08-02 20:43:56 0 dr------- C:\Documents and Settings\Administrator.D8NTZR11\My Documents
2008-08-02 20:43:56 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\Local Settings
2008-08-02 20:43:55 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\Templates
2008-08-02 20:43:55 3670016 --ah----- C:\Documents and Settings\Administrator.D8NTZR11\NTUSER.DAT
2008-08-02 18:53:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-30 09:31:52 10752 --a------ C:\WINDOWS\DCEBoot.exe


-- Find3M Report ---------------------------------------------------------------

2008-08-12 09:23:48 0 d-------- C:\Program Files\Trend Micro
2008-08-03 12:32:16 0 d-------- C:\Program Files\Common Files
2008-08-02 23:35:03 0 d-------- C:\Program Files\ItsDeductible2005
2008-08-02 21:31:44 0 d-------- C:\Program Files\Symantec
2008-08-02 21:29:50 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3e939137-435e-471f-9e69-26b1cfc142d5}]
08/06/2008 06:59 PM 121472 --a------ C:\WINDOWS\system32\grhxxp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [07/11/2002 03:15 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"UpdReg"="C:\WINDOWS\Updreg.exe" [05/11/2000 01:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/28/2008 05:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"nwiz"="nwiz.exe" [10/06/2003 03:16 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 03:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 10:41 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" []
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [03/28/2001 01:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [05/20/2002 01:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\Jim Graves\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 7:31:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [11/15/2001 7:31:16 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/15/2002 5:45:55 PM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2/4/2003 2:17:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 5:06:54 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci51.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi73.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b036fcb-6569-11dd-9512-0008a10d1b1d}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8972 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-12 10:03:10 ------------

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.26GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 510.8 MiB / 180.57 MiB
Pagefile Memory (total/avail): 990.38 MiB / 732.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.15 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 74.52 GiB total, 15.56 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAXTOR 6L080L4 - 74.55 GiB - 2 partitions
\PARTITION0 - Unknown - 31.35 MiB
\PARTITION1 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

AV: Bitdefender Antivirus v8.0 (BitDefender) Outdated
AV: avast! antivirus 4.8.1229 [VPS 080809-0] v4.8.1229 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Schwab\\Velocity Velocity\\lib\\jre\\bin\\jre.exe"="C:\\Program Files\\Schwab\\Velocity Velocity\\lib\\jre\\bin\\jre.exe:*:Disabled:jre"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2006\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Deluxe 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jim Graves\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D8NTZR11
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jim Graves
LOGONSERVER=\\D8NTZR11
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\COMMON~1\MGISHA~1\Video;C:\Program Files\Common Files\Adaptec Shared\System;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JIMGRA~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JIMGRA~1\LOCALS~1\Temp
USERDOMAIN=D8NTZR11
USERNAME=Jim Graves
USERPROFILE=C:\Documents and Settings\Jim Graves
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Jim Graves (admin)
Administrator.D8NTZR11 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Creative\SBLive\Program\Upddrv2k.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\AudioHQ.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\CTMixer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\HTML.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Midi.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\Restore.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\SoundFont.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBLive\WaveStudio\Wstudio.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{33AE85D9-0386-41AD-BD99-FDF3ABC19DBB}\Setup.exe" -l0x9 -L0x9anything
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 3.0 --> MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AntivirXP08 --> "C:\Program Files\rhccvkj0ep4v\uninstall.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Funhouse --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AD33F54-A430-4CB2-9B7D-6CF4463C91CD}\setup.exe" -l0x9 -uninst
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2236B741-6631-49AE-B76E-3E14CA01CC87}
Canon S520 --> C:\WINDOWS\System32\CNMCP3M.EXE [email protected]:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\DeIsL2.isu" -pCanon S520-c"C:\BJPrinter\CNMWINDOWS\Canon S520 Installer\Inst\bjinst.dll
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities File Viewer Utility 1.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D}
Canon Utilities PhotoStitch 3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RemoteCapture 2.7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Classic PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\setup.exe" -l0x9 ControlPanel
Computerized Investing's Spreadsheet Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7C28C7-ED0C-4D9B-8A09-D6532F6C8C0E}\setup.exe" -uninst
Conexant HSF V92 56K RTAD Speakerphone PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2016&SUBSYS_021913E0\HXFSETUP.EXE -U -IVEN_14F1&DEV_2016&SUBSYS_021913E0
Cool Edit 96 --> C:\WINDOWS\c96unins.exe C:\WINDOWS\c96unins.log
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Dell | Support --> MsiExec.exe /X{91E8A85F-2960-40ED-BA84-7F4567BB00C0}
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Encyclopædia Britannica Deluxe Edition --> "C:\Program Files\Britannica 2003\Deluxe Edition CD\Uninstaller.exe"
Family Tree Maker 8.0 --> C:\WINDOWS\IsUninst.exe -fC:\FTW\Uninst.isu
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 3900 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Extended Capabilities 5.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
hp instant support --> C:\PROGRA~1\HEWLET~1\HPINST~1\Uninstall.exe CeS
HP Photo and Imaging 1.2 - Scanjet 4570c Series --> MsiExec.exe /I{EF729AE1-4AE9-402A-AF64-5C5A8150F549}
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{25F6C900-C138-4888-A56C-91D3D063023A}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Excel Viewer 97 --> C:\Program Files\XLView\setup\setup.exe
Microsoft Picture It! Photo 2002 --> MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Streets and Trips 2002 --> MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Microsoft Works 6.0 --> MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MyDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E835305-63BB-4E55-BBB7-EEBBE67774DB}\setup.exe" -l0x9 -L0x9 /SMAINT
neoDVDplus --> MsiExec.exe /X{D1AD7439-FBCA-4345-A780-2A5617EBA9DE}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvdd.inf
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PrintMaster 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A304FDE-F4E3-446D-AA0D-31425C897B71}\setup.exe" -l0x9 anything
PRO200WL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{280C7673-2DF8-4E74-B031-D8F108BE2A6D}\SETUP.EXE" -uninst
Quick Hide 1.8 --> "C:\Program Files\CronoSoft\Quick Hide Windows\unins000.exe"
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SafeCast Shared Components --> C:\WINDOWS\CDAC13BA.EXE /uninstall
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
Sound Blaster Live! Value --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
StreetSmart Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Installshield Installation Information\{664708B3-C730-11D5-ADE7-00B0D07D157A}\setup.exe" -l0x9
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
Ulead DVD Workshop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}\setup.exe"
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}


-- Application Event Log -------------------------------------------------------

Event Record #/Type53082 / Success
Event Submitted/Written: 08/12/2008 09:24:16 AM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type53075 / Success
Event Submitted/Written: 08/11/2008 06:44:59 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type53074 / Warning
Event Submitted/Written: 08/11/2008 06:38:00 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C

Event Record #/Type53071 / Success
Event Submitted/Written: 08/11/2008 06:34:16 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type53066 / Success
Event Submitted/Written: 08/11/2008 06:27:07 PM
Event ID/Source: 2570 / Adobe Active File Monitor
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19279 / Error
Event Submitted/Written: 08/12/2008 10:00:29 AM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Event Record #/Type19243 / Error
Event Submitted/Written: 08/12/2008 09:24:35 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Beep

Event Record #/Type19242 / Error
Event Submitted/Written: 08/12/2008 09:24:01 AM / 08/12/2008 09:24:26 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type19241 / Error
Event Submitted/Written: 08/12/2008 09:23:56 AM / 08/12/2008 09:24:26 AM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type19234 / Error
Event Submitted/Written: 08/11/2008 06:49:47 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 74.192.80.184 for the Network Card with network address 0008A10D1B1D has been
denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-08-12 10:03:10 ------------




One more thing over the weekend the user tried installing avast when they already had Trend Micro Security installed... between my first post and this one that happened. I removed trend micro. And now I have his system in my office so he(and me) doesn't mess with things anymore....

I appologize for the un professional way this has happened...........
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello SpaCeTraNce,

Firstly, for your future reference, you should be aware that it is not the role of this site to fix up the PCs that you have volunteered to mind at your ministry.

Now

Go to Start > Control Panel > Add or Remove Programs and unistall the following

BitDefender (note conflicts arise if you are running more than one real time anti-virus resulting in little if any protection)
AntivirXP08

Next

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: {5d241cfc-1b62-96e9-f174-e534731939e3} - {3e939137-435e-471f-9e69-26b1cfc142d5} - C:\WINDOWS\system32\grhxxp.dll

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

-----Step 2-----

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\WINDOWS\system32\grhxxp.dll
    C:\WINDOWS\system32\rylkwomi.dll
    C:\WINDOWS\DCEBoot.exe
    C:\Program Files\rhccvkj0ep4v
    Windj41 <delete service>
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci51.sys
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi73.sys
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj41.sys
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b036fcb-6569-11dd-9512-0008a10d1b1d}
    purity
    EmptyTemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Run Deckards System Scanner again.

This time there will only be one log.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, dss will open Notepad .txt please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents in your next reply.

So when you come back please post
  • OTMoveIt2 report
  • DSS log

  • 0

#8
SpaCeTraNce

SpaCeTraNce

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
emeraldnzl,

I will remember to not post logs for machines here at the ministry. That is one reason why I am going through geekU, I just wish there were more hours in a day.... The machine is running much better, here are the logs. Thanks for your help...

OTMoveIt2 log:

Explorer killed successfully
DllUnregisterServer procedure not found in C:\WINDOWS\system32\grhxxp.dll
C:\WINDOWS\system32\grhxxp.dll NOT unregistered.
C:\WINDOWS\system32\grhxxp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\rylkwomi.dll
C:\WINDOWS\system32\rylkwomi.dll NOT unregistered.
C:\WINDOWS\system32\rylkwomi.dll moved successfully.
C:\WINDOWS\DCEBoot.exe moved successfully.
File/Folder C:\Program Files\rhccvkj0ep4v not found.
Windj41 service deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci51.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci51.sys\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi73.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windi73.sys\\ deleted successfully.
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj41.sys >
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj41.sys\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b036fcb-6569-11dd-9512-0008a10d1b1d} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b036fcb-6569-11dd-9512-0008a10d1b1d}\\ deleted successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\JIMGRA~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\JIMGRA~1\LOCALS~1\Temp\~DFB86.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08132008_154041

Files moved on Reboot...
C:\DOCUME~1\JIMGRA~1\LOCALS~1\Temp\hpodvd09.log moved successfully.
C:\DOCUME~1\JIMGRA~1\LOCALS~1\Temp\~DFB86.tmp moved successfully.

DSS Log:
Deckard's System Scanner v20071014.68
Run by Jim Graves on 2008-08-13 15:47:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Jim Graves.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:00 PM, on 8/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\Jim Graves\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JIMGRA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129054033281
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} (Plotwon Control) - http://www.investors...ocx/plotwon.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://www.aaii.com/images/mainBG.gif

--
End of file - 8312 bytes

-- Files created between 2008-07-13 and 2008-08-13 -----------------------------

2008-08-12 10:54:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-08-12 09:53:35 0 d-------- C:\WINDOWS\system32\LogFiles
2008-08-10 18:16:26 0 d-------- C:\VundoFix Backups
2008-08-10 18:09:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 17:54:35 0 d-------- C:\Program Files\Alwil Software
2008-08-10 17:47:26 0 --a-----t C:\Documents and Settings\Jim Graves\x
2008-08-08 11:49:53 0 d-------- C:\Program Files\Windows Defender
2008-08-08 11:45:34 0 d-------- C:\Documents and Settings\Jim Graves\Application Data\U3
2008-08-07 16:57:32 0 d-------- C:\hijackthis
2008-08-07 11:18:45 0 d-------- C:\Documents and Settings\Jim Graves\Application Data\Malwarebytes
2008-08-07 11:18:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 11:18:18 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-06 18:58:59 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Adobe
2008-08-03 12:32:16 0 d-------- C:\Program Files\Common Files\BitDefender
2008-08-02 21:04:00 0 dr-h----- C:\Documents and Settings\Administrator.D8NTZR11\SendTo
2008-08-02 21:04:00 0 dr-h----- C:\Documents and Settings\Administrator.D8NTZR11\Recent
2008-08-02 21:04:00 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\PrintHood
2008-08-02 21:04:00 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\NetHood
2008-08-02 21:04:00 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Symantec
2008-08-02 21:04:00 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Identities
2008-08-02 21:03:59 0 dr------- C:\Documents and Settings\Administrator.D8NTZR11\Start Menu
2008-08-02 21:02:59 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 20:43:57 0 dr------- C:\Documents and Settings\Administrator.D8NTZR11\Favorites
2008-08-02 20:43:57 0 d-------- C:\Documents and Settings\Administrator.D8NTZR11\Desktop
2008-08-02 20:43:57 0 d--hs---- C:\Documents and Settings\Administrator.D8NTZR11\Cookies
2008-08-02 20:43:57 0 dr-h----- C:\Documents and Settings\Administrator.D8NTZR11\Application Data
2008-08-02 20:43:57 0 d---s---- C:\Documents and Settings\Administrator.D8NTZR11\Application Data\Microsoft
2008-08-02 20:43:56 0 dr------- C:\Documents and Settings\Administrator.D8NTZR11\My Documents
2008-08-02 20:43:56 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\Local Settings
2008-08-02 20:43:55 0 d--h----- C:\Documents and Settings\Administrator.D8NTZR11\Templates
2008-08-02 20:43:55 3670016 --ah----- C:\Documents and Settings\Administrator.D8NTZR11\NTUSER.DAT
2008-08-02 18:53:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft


-- Find3M Report ---------------------------------------------------------------

2008-08-12 09:23:48 0 d-------- C:\Program Files\Trend Micro
2008-08-03 12:32:16 0 d-------- C:\Program Files\Common Files
2008-08-02 23:35:03 0 d-------- C:\Program Files\ItsDeductible2005
2008-08-02 21:31:44 0 d-------- C:\Program Files\Symantec
2008-08-02 21:29:50 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell|Alert"="C:\Program Files\Dell\Support\Alert\bin\DAMon.exe" [07/11/2002 03:15 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"UpdReg"="C:\WINDOWS\Updreg.exe" [05/11/2000 01:00 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/28/2008 05:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [04/17/2002 09:42 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"nwiz"="nwiz.exe" [10/06/2003 03:16 PM C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [10/06/2003 03:16 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [08/16/2001 10:41 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" []
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" []
"AHQInit"="C:\Program Files\Creative\SBLive\Program\AHQInit.exe" [03/28/2001 01:00 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [05/20/2002 01:58 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" []
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\Jim Graves\Start Menu\Programs\Startup\
DESKTOP.INI [11/15/2001 7:31:16 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/4/2004 1:12:18 AM]
DESKTOP.INI [11/15/2001 7:31:16 AM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [8/15/2002 5:45:55 PM]
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe [2/4/2003 2:17:18 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [8/7/2001 5:06:54 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"XCOMM"=2 (0x2)
"VSSERV"=2 (0x2)
"scan"=3 (0x3)
"LIVESRV"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-08-13 15:48:52 ------------
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,990 posts
Hello again SpaCeTraNce,

just wish there were more hours in a day


Know that feeling. :)

Looking much better now.

I wonder though, did you uninstall Bitdefender Anti-Virus or perhaps Avast?

They still show up. It might be that you just have the antiphishing agent of Bitdefender. There is also a Symantec service running.

A problem arises when you have more than one real time anti-virus running. Tell me what's what at your next post please.

Now

Please up date your Java

Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JDK) Update and save it to your desktop or the folder you usually download to.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Also

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

Next

Kaspersky only works if you are using Internet Explorer.

Please do an online scan with Kaspersky WebScanner.

Click on the Kaspersky Online Scanner button. A box will come up, click Accept, this will allow it to install an ActiveX component and download its latest anti-virus database. (Note: It may take a couple of minutes)

  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    * Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    * Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    * Now click on the Save as Text button:
  • Save the file to your desktop.
Copy and paste that information in your next post.
  • 0

#10
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP