Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help
A little help please. A little help please.
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
Thread Tools
Old 06-22-2008, 02:56 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP SP2


A little help please.
Got something last week it seems while searching on my computer to find a solution to fix a problem with my wife's computer. I don't use IE, so I knew when it popped up the first time something was wrong. IE was popping up all the time, after I closed it, it would pop up again a minute later. Even tried to move, rename, and delete IE, but whenever I did it would find its way back. Ran anti spyware programs and some anti-virus ones but haven't gotten everything.

Right now I have it so that things seem to be running ok, but I know it's still there and is only a matter of time before it starts attacking me again.

Deckard's System Scanner v20071014.68
Run by Kevin on 2008-06-22 15:15:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
115: 2008-06-22 20:15:22 UTC - RP273 - Deckard's System Scanner Restore Point
114: 2008-06-22 08:08:36 UTC - RP272 - System Checkpoint
113: 2008-06-21 08:00:24 UTC - RP271 - Software Distribution Service 3.0
112: 2008-06-20 23:42:05 UTC - RP270 - Installed AVG Free 8.0
111: 2008-06-20 23:30:41 UTC - RP269 - Avira AntiVir Personal - 6/20/2008 18:30


-- First Restore Point --
1: 2008-06-15 20:55:58 UTC - RP159 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-22 15:16:40
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.13)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Kevin\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsaskew.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5mept_ms/157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsaskew.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: (no name) - {13F20E4F-F379-41EA-8F80-CCAAE787362A} - C:\WINDOWS\system32\yayVOGxy.dll (file missing)
O2 - BHO: {951104c6-759f-9c89-4df4-b15467165cb1} - {1bc56176-451b-4fd4-98c9-f9576c401159} - C:\WINDOWS\system32\ikdtalag.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6896AA8F-D206-4839-8696-75A5434A1A27} - C:\WINDOWS\system32\yaywtRiI.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BMe333d2f0] Rundll32.exe "C:\WINDOWS\system32\skwjluik.dll",s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://merillat.view22.com/release_3...iew22RTEv4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: kitcad2 - {BDC75F00-714C-11D4-A28A-40BD04C10008} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: yayVOGxy - C:\WINDOWS\system32\yayVOGxy.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\incdsrv.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470 service
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


--
End of file - 7866 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 slntamrr - c:\windows\system32\drivers\slntamrr.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R2 hardlock - c:\windows\system32\drivers\hardlock.sys <Not Verified; Aladdin Knowledge Systems; Hardlock Device Driver for Windows NT>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>

S3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S4 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
S4 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\444.470 service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-18 19:56:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-21 01:50:07 0 d--h----- C:\$AVG8.VAULT$
2008-06-20 21:47:29 0 d-------- C:\Documents and Settings\Kristen\Application Data\AVGTOOLBAR
2008-06-20 18:42:19 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-20 18:42:19 0 d-------- C:\Documents and Settings\Kevin\Application Data\AVGTOOLBAR
2008-06-20 18:42:06 0 d-------- C:\Program Files\AVG
2008-06-20 18:42:05 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 18:17:06 0 d-------- C:\Documents and Settings\LocalService\My Documents
2008-06-20 08:40:10 80384 --a------ C:\WINDOWS\system32\lefbxmoa.dll
2008-06-20 08:34:50 90112 --a------ C:\WINDOWS\system32\skwjluik.dll
2008-06-20 08:34:10 740788 --ahs---- C:\WINDOWS\system32\xbLUFfhk.ini2
2008-06-20 08:34:02 322048 --a------ C:\WINDOWS\system32\khfFULbx.dll
2008-06-20 00:21:12 90112 --a------ C:\WINDOWS\system32\nymoeeoh.dll
2008-06-19 21:42:33 90112 --a------ C:\WINDOWS\system32\bgcnxeof.dll
2008-06-18 23:48:42 0 d-------- C:\ZonedOut
2008-06-18 18:34:12 0 d-------- C:\ie-spyad_zo
2008-06-18 18:25:42 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-18 18:25:34 0 d-------- C:\Program Files\SpywareBlaster
2008-06-17 21:54:16 0 d-------- C:\Program Files\Panda Security
2008-06-15 19:53:00 0 d-------- C:\Program Files\Lavasoft
2008-06-15 19:52:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 19:51:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 19:38:13 424448 --a------ C:\iexplore.exe <Not Verified; Microsoft Corporation; Microsoft Picture It! 10>
2008-06-15 16:26:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-15 16:25:18 0 dr-h----- C:\Documents and Settings\Kevin\Recent
2008-06-15 16:21:03 0 d-------- C:\Program Files\CCleaner
2008-06-15 16:06:07 13824 --a------ C:\WINDOWS\y.exe
2008-06-15 16:06:06 9984 --a------ C:\WINDOWS\xplugin.dll
2008-06-15 16:06:06 31744 --a------ C:\WINDOWS\x.exe
2008-06-15 16:06:06 32256 --a------ C:\WINDOWS\winmgnt.exe
2008-06-15 16:06:05 31232 --a------ C:\WINDOWS\window.exe
2008-06-15 16:06:05 23040 --a------ C:\WINDOWS\winajbm.dll
2008-06-15 16:06:05 17920 --a------ C:\WINDOWS\win64.exe
2008-06-15 16:06:05 9216 --a------ C:\WINDOWS\win32e.exe
2008-06-15 16:06:05 20480 --a------ C:\WINDOWS\waol.exe
2008-06-15 16:06:05 23296 --a------ C:\WINDOWS\users32.exe
2008-06-15 16:06:04 19712 --a------ C:\WINDOWS\time.exe
2008-06-15 16:06:04 24320 --a------ C:\WINDOWS\systemcritical.exe
2008-06-15 16:06:04 29184 --a------ C:\WINDOWS\systeem.exe
2008-06-15 16:06:04 15360 --a------ C:\WINDOWS\svcinit.exe
2008-06-15 16:06:04 14080 --a------ C:\WINDOWS\svchost32.exe
2008-06-15 16:06:04 23040 --a------ C:\WINDOWS\sistem.exe
2008-06-15 16:06:04 14848 --a------ C:\WINDOWS\searchword.dll
2008-06-15 16:06:03 11264 --a------ C:\WINDOWS\rundll16.exe
2008-06-15 16:06:03 8704 --a------ C:\WINDOWS\quicken.exe
2008-06-15 16:06:03 14336 --a------ C:\WINDOWS\qttasks.exe
2008-06-15 16:06:03 30464 --a------ C:\WINDOWS\olehelp.exe
2008-06-15 16:06:03 20992 --a------ C:\WINDOWS\notepad32.exe
2008-06-15 16:06:03 19712 --a------ C:\WINDOWS\mtwirl32.dll
2008-06-15 16:06:02 21248 --a------ C:\WINDOWS\mswsc20.dll
2008-06-15 16:06:02 21248 --a------ C:\WINDOWS\mswsc10.dll
2008-06-15 16:06:02 27392 --a------ C:\WINDOWS\msupdate.exe
2008-06-15 16:06:01 20736 --a------ C:\WINDOWS\msspi.dll
2008-06-15 16:06:01 19200 --a------ C:\WINDOWS\msconfd.dll
2008-06-15 16:06:01 15360 --a------ C:\WINDOWS\loader.exe
2008-06-15 16:06:01 8704 --a------ C:\WINDOWS\internet.exe
2008-06-15 16:06:01 25600 --a------ C:\WINDOWS\inetinf.exe
2008-06-15 16:06:01 15616 --a------ C:\WINDOWS\iexplorer.exe
2008-06-15 16:06:01 23296 --a------ C:\WINDOWS\iedll.exe
2008-06-15 16:06:01 14848 --a------ C:\WINDOWS\helpcvs.exe
2008-06-15 16:06:01 12544 --a------ C:\WINDOWS\gfmnaaa.dll
2008-06-15 16:06:01 18944 --a------ C:\WINDOWS\funny.exe
2008-06-15 16:06:00 30976 --a------ C:\WINDOWS\funniest.exe
2008-06-15 16:06:00 20736 --a------ C:\WINDOWS\explorer32.exe
2008-06-15 16:06:00 8960 --a------ C:\WINDOWS\explore.exe
2008-06-15 16:06:00 24832 --a------ C:\WINDOWS\editpad.exe
2008-06-15 16:06:00 13312 --a------ C:\WINDOWS\dnsrelay.dll
2008-06-15 16:06:00 14592 --a------ C:\WINDOWS\directx32.exe
2008-06-15 16:06:00 11776 --a------ C:\WINDOWS\ctrlpan.dll
2008-06-15 16:06:00 23552 --a------ C:\WINDOWS\ctfmon32.exe
2008-06-15 16:05:59 32000 --a------ C:\WINDOWS\cpan.dll
2008-06-15 16:05:59 23808 --a------ C:\WINDOWS\clrssn.exe
2008-06-15 16:05:59 9984 --a------ C:\WINDOWS\avpcc.dll
2008-06-15 16:05:59 12032 --a------ C:\WINDOWS\accesss.exe
2008-06-15 15:55:48 729108 --ahs---- C:\WINDOWS\system32\IiRtwyay.ini2
2008-06-15 15:51:13 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-06-15 15:51:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-06-15 15:51:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\NetMon
2008-06-15 15:51:00 0 d--hs---- C:\WINDOWS\S2V2aW4
2008-06-15 15:50:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-06-15 15:50:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-15 15:50:57 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-15 15:50:49 86144 -----n--- C:\WINDOWS\system32\drivers\slntamrr.sys
2008-06-15 15:50:47 0 d-------- C:\WINDOWS\system32\pb109
2008-06-15 15:50:47 0 d-------- C:\WINDOWS\system32\dgi
2008-06-15 15:50:47 0 d-------- C:\WINDOWS\system32\3039a
2008-06-15 15:50:41 0 d-------- C:\WINDOWS\system32\netrax01
2008-06-15 15:50:41 0 d-------- C:\Temp
2008-06-08 13:28:17 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-06-08 13:26:56 265216 --a------ C:\WINDOWS\system32\NVIEWLIB.DLL <Not Verified; K. Nishita; NishitaViewer Library 1.1.4>
2008-06-08 13:26:56 352256 --a------ C:\WINDOWS\system32\ijl15.dll <Not Verified; Intel Corporation; Intel® JPEG Library>
2008-06-08 13:26:56 0 d-------- C:\Program Files\Kitchen Designs for Everyone
2008-06-08 11:35:14 908800 --a------ C:\WINDOWS\system32\CP3245MT.DLL <Not Verified; Inprise Corporation; Borland C++ Builder 4.0>
2008-06-08 11:35:14 24064 --a------ C:\WINDOWS\system32\BORLNDMM.DLL <Not Verified; Inprise Corporation; Borland Memory Manager>
2008-06-08 11:35:12 0 d-------- C:\Program Files\Kitchen
2008-06-08 11:35:12 0 d-------- C:\Program Files\Common Files\Borland Shared
2008-06-08 11:35:07 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-08 11:34:17 38908 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-08 11:22:50 0 d-------- C:\Program Files\View22
2008-06-08 11:17:42 0 d-------- C:\Program Files\Safari
2008-06-08 11:17:25 0 d-------- C:\Program Files\Bonjour
2008-06-08 10:36:30 0 d-------- C:\Documents and Settings\All Users\Application Data\View22
2008-05-31 17:53:44 0 d-------- C:\Program Files\Coupons
2008-05-30 19:48:16 0 d-------- C:\Star Wars - Episode I.I - The Phantom Edit
2008-05-27 23:52:34 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-05-27 22:58:21 0 d-------- C:\Documents and Settings\Kevin\Application Data\Tunebite
2008-05-27 22:57:26 0 d-------- C:\Program Files\RapidSolution
2008-05-27 22:57:26 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution


-- Find3M Report ---------------------------------------------------------------

2008-06-15 19:51:49 0 d-------- C:\Program Files\Common Files
2008-06-15 12:01:04 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-08 13:26:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-08 11:18:11 0 d-------- C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-08 10:32:09 0 d-------- C:\Documents and Settings\Kevin\Application Data\Yahoo!
2008-05-31 16:02:50 0 d-------- C:\Program Files\Microsoft Digital Image 10
2008-05-15 16:13:31 0 d-------- C:\Program Files\SmartFTP Client
2008-05-15 16:13:10 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-05 22:44:51 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-05-05 22:44:51 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-05-05 22:43:49 0 d-------- C:\Program Files\DivX
2008-05-05 22:42:10 0 d-------- C:\Program Files\Common Files\Canopus Shared
2008-05-05 22:42:08 0 d-------- C:\Program Files\Canopus
2008-05-05 22:35:48 0 d-------- C:\Documents and Settings\Kevin\Application Data\Canopus
2008-05-01 14:38:46 0 d-------- C:\Program Files\Real
2008-05-01 14:38:27 0 d-------- C:\Program Files\MSN Messenger
2008-04-29 10:41:25 0 d-------- C:\Program Files\Recuva
2008-04-29 10:29:37 0 d-------- C:\Program Files\Data Doctor Recovery FAT+NTFS (Demo)
2008-04-23 01:08:04 0 d-------- C:\Program Files\Zune
2008-04-22 23:58:04 0 d-------- C:\Program Files\DVD Decrypter


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13F20E4F-F379-41EA-8F80-CCAAE787362A}]
C:\WINDOWS\system32\yayVOGxy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1bc56176-451b-4fd4-98c9-f9576c401159}]
C:\WINDOWS\system32\ikdtalag.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6896AA8F-D206-4839-8696-75A5434A1A27}]
C:\WINDOWS\system32\yaywtRiI.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
06/20/2008 06:42 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [06/20/2008 06:42 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [09/03/2003 05:25 PM C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [03/04/2004 09:29 AM]
"BMe333d2f0"="C:\WINDOWS\system32\skwjluik.dll" [06/20/2008 08:34 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [5/1/2004 1:09:15 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{13F20E4F-F379-41EA-8F80-CCAAE787362A}"= C:\WINDOWS\system32\yayVOGxy.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\iftuyszv.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayVOGxy]
yayVOGxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yaywtRiI

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe333d2f0]
Rundll32.exe "C:\WINDOWS\system32\skwjluik.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e000e16c]
rundll32.exe "C:\WINDOWS\system32\lefbxmoa.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
"C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe" -SelfLaunch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\eMachines Bay Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"C:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsSecurity1.209.4"=2 (0x2)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-06-22 15:17:35 ------------
Attached Files
File Type: txt ActiveScan.txt (229.4 KB, 1 views)
File Type: txt extra.txt (17.3 KB, 2 views)
ChldsPlay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-24-2008, 06:19 AM   #2 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 2,693
OS: XP


Re: A little help please.
Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

Please Do Not Attach logs to your posts unless you are advised to do so.

========

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

=========

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

Viewpoint Media Player <----Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here
and Here

=========

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with all the required logs

=========

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery mode. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once the Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

=========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
Report.txt
C:\Combofix.txt
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.



Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.


If we have helped you in anyway,please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-25-2008, 07:44 PM   #3 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP SP2


Re: A little help please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:19 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsaskew.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsaskew.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/5mept_ms/157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: {951104c6-759f-9c89-4df4-b15467165cb1} - {1bc56176-451b-4fd4-98c9-f9576c401159} - C:\WINDOWS\system32\ikdtalag.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {6896AA8F-D206-4839-8696-75A5434A1A27} - C:\WINDOWS\system32\yaywtRiI.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://merillat.view22.com/release_3...iew22RTEv4.cab
O18 - Protocol: kitcad2 - {BDC75F00-714C-11D4-A28A-40BD04C10008} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6419 bytes



ComboFix 08-06-20.4 - Kevin 2008-06-25 22:55:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe333d2f0.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aomxbfel.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\cwfdwyht.ini
C:\WINDOWS\system32\dldcyuuk.ini
C:\WINDOWS\system32\dpumxdni.ini
C:\WINDOWS\system32\drivers\slntamrr.sys
C:\WINDOWS\system32\dxeucwxk.ini
C:\WINDOWS\system32\IiRtwyay.ini
C:\WINDOWS\system32\IiRtwyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nbtoudhe.ini
C:\WINDOWS\system32\qetsktde.ini
C:\WINDOWS\system32\vaivnjkb.ini
C:\WINDOWS\system32\xbLUFfhk.ini
C:\WINDOWS\system32\xbLUFfhk.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_SLNTAMRR
-------\Service_slntamrr


((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.




SDFix: Version 1.197
Run by Kevin on Wed 06/25/2008 at 09:19 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Name :
MsSecurity1.209.4

Path :
C:\WINDOWS\444.470 service

MsSecurity1.209.4 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Documents and Settings\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareMaster.lnk - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Temp\1cb\syscheck.log - Deleted
C:\WINDOWS\x.exe - Deleted
C:\WINDOWS\y.exe - Deleted
C:\iexplore.exe - Deleted
C:\WINDOWS\accesss.exe - Deleted
C:\WINDOWS\astctl32.ocx - Deleted
C:\WINDOWS\avpcc.dll - Deleted
C:\WINDOWS\clrssn.exe - Deleted
C:\WINDOWS\cpan.dll - Deleted
C:\WINDOWS\ctfmon32.exe - Deleted
C:\WINDOWS\ctrlpan.dll - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\directx32.exe - Deleted
C:\WINDOWS\dnsrelay.dll - Deleted
C:\WINDOWS\editpad.exe - Deleted
C:\WINDOWS\explore.exe - Deleted
C:\WINDOWS\explorer32.exe - Deleted
C:\WINDOWS\funniest.exe - Deleted
C:\WINDOWS\funny.exe - Deleted
C:\WINDOWS\gfmnaaa.dll - Deleted
C:\WINDOWS\helpcvs.exe - Deleted
C:\WINDOWS\iedll.exe - Deleted
C:\WINDOWS\iexplorer.exe - Deleted
C:\WINDOWS\inetinf.exe - Deleted
C:\WINDOWS\internet.exe - Deleted
C:\WINDOWS\loader.exe - Deleted
C:\WINDOWS\megavid.cdt - Deleted
C:\WINDOWS\msconfd.dll - Deleted
C:\WINDOWS\msspi.dll - Deleted
C:\WINDOWS\msupdate.exe - Deleted
C:\WINDOWS\mswsc10.dll - Deleted
C:\WINDOWS\mswsc20.dll - Deleted
C:\WINDOWS\mtwirl32.dll - Deleted
C:\WINDOWS\muotr.so - Deleted
C:\WINDOWS\notepad32.exe - Deleted
C:\WINDOWS\olehelp.exe - Deleted
C:\WINDOWS\qttasks.exe - Deleted
C:\WINDOWS\quicken.exe - Deleted
C:\WINDOWS\rundll16.exe - Deleted
C:\WINDOWS\rundll32.vbe - Deleted
C:\WINDOWS\searchword.dll - Deleted
C:\WINDOWS\sistem.exe - Deleted
C:\WINDOWS\svchost32.exe - Deleted
C:\WINDOWS\svcinit.exe - Deleted
C:\WINDOWS\systeem.exe - Deleted
C:\WINDOWS\systemcritical.exe - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\time.exe - Deleted
C:\WINDOWS\users32.exe - Deleted
C:\WINDOWS\waol.exe - Deleted
C:\WINDOWS\win32e.exe - Deleted
C:\WINDOWS\win64.exe - Deleted
C:\WINDOWS\winajbm.dll - Deleted
C:\WINDOWS\window.exe - Deleted
C:\WINDOWS\winmgnt.exe - Deleted
C:\WINDOWS\xplugin.dll - Deleted
C:\WINDOWS\xxxvideo.hta - Deleted


Could Not Remove C:\WINDOWS\system32\drivers\core.cache.dsk

Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed
Folder C:\Temp\1cb - Removed
Folder C:\Temp\tn3 - Removed
Folder C:\WINDOWS\system32\netrax01 - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 22:17:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Documents and Settings\\Kevin\\Desktop\\dss.exe"="C:\\Documents and Settings\\Kevin\\Desktop\\dss.exe:*:Enabled:dss.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :

C:\WINDOWS\system32\drivers\core.cache.dsk Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 5 Mar 2002 106,564 A..H. --- "C:\Program Files\CompuServe 7.0\csphx.exe"
Tue 5 Mar 2002 32,840 A..H. --- "C:\Program Files\CompuServe 7.0\cstray.exe"
Tue 5 Mar 2002 40,960 A..H. --- "C:\Program Files\CompuServe 7.0\RBM.exe"
Tue 5 Mar 2002 180,288 A..H. --- "C:\Program Files\CompuServe 7.0\wcs2000.exe"
Tue 5 Mar 2002 77,894 A..H. --- "C:\Program Files\CompuServe 7.0\COMIT\cswitch.exe"
Sat 16 Feb 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 6 Apr 2004 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Wed 12 Dec 2001 102,400 A..H. --- "C:\Program Files\Common Files\csshare\shell\us\shellext.dll"

Finished!
ChldsPlay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-26-2008, 04:17 AM   #4 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 2,693
OS: XP


Re: A little help please.
Please post the Combofix log in its entirety.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
Trial of BT-Phorm spyware to start 30th September, 2008- for more information please visit No DPI website for more information.



Phorm, previously known as 121Media were responsible for the Apropos rootkit, see Here for more information on said rootkit.


If we have helped you in anyway,please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-26-2008, 04:01 PM   #5 (permalink)
Registered User
 
Join Date: Jun 2008
Posts: 5
OS: XP SP2


Re: A little help please.
ComboFix 08-06-20.4 - Kevin 2008-06-25 22:55:14.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.576 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kevin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMe333d2f0.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aomxbfel.ini
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\cwfdwyht.ini
C:\WINDOWS\system32\dldcyuuk.ini
C:\WINDOWS\system32\dpumxdni.ini
C:\WINDOWS\system32\drivers\slntamrr.sys
C:\WINDOWS\system32\dxeucwxk.ini
C:\WINDOWS\system32\IiRtwyay.ini
C:\WINDOWS\system32\IiRtwyay.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nbtoudhe.ini
C:\WINDOWS\system32\qetsktde.ini
C:\WINDOWS\system32\vaivnjkb.ini
C:\WINDOWS\system32\xbLUFfhk.ini
C:\WINDOWS\system32\xbLUFfhk.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_SLNTAMRR
-------\Service_slntamrr


((((((((((((((((((((((((( Files Created from 2008-05-26 to 2008-06-26 )))))))))))))))))))))))))))))))
.

2008-06-25 22:14 . 2008-06-25 22:14 932 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-25 21:13 . 2008-06-25 21:13 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-25 21:10 . 2008-06-25 22:22 <DIR> d-------- C:\SDFix
2008-06-25 19:35 . 2008-06-25 19:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 16:58 . 2008-06-22 16:58 <DIR> d-------- C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit
2008-06-22 15:14 . 2008-06-22 15:14 <DIR> d-------- C:\Deckard
2008-06-22 11:06 . 2008-06-22 11:15 77,448,657 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part43.rar
2008-06-22 02:02 . 2008-06-22 02:13 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part41.rar
2008-06-21 22:07 . 2008-06-21 22:19 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part42.rar
2008-06-21 01:50 . 2008-06-24 04:11 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-20 21:47 . 2008-06-21 02:08 <DIR> d-------- C:\Documents and Settings\Kristen\Application Data\AVGTOOLBAR
2008-06-20 18:42 . 2008-06-25 19:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-20 18:42 . 2008-06-20 18:42 <DIR> d-------- C:\Program Files\AVG
2008-06-20 18:42 . 2008-06-20 18:51 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\AVGTOOLBAR
2008-06-20 18:42 . 2008-06-20 18:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 18:42 . 2008-06-20 18:42 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-20 18:42 . 2008-06-20 18:42 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-20 18:42 . 2008-06-20 18:42 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 08:40 . 2008-06-20 08:40 80,384 --a------ C:\WINDOWS\system32\lefbxmoa.dll
2008-06-20 08:34 . 2008-06-20 08:34 322,048 --a------ C:\WINDOWS\system32\khfFULbx.dll
2008-06-20 08:30 . 2008-06-20 08:41 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part40.rar
2008-06-20 00:21 . 2008-06-20 00:21 90,112 --a------ C:\WINDOWS\system32\nymoeeoh.dll
2008-06-19 22:41 . 2008-06-19 22:52 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part39.rar
2008-06-19 21:42 . 2008-06-19 21:42 90,112 --a------ C:\WINDOWS\system32\bgcnxeof.dll
2008-06-19 20:21 . 2008-06-19 20:32 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part38.rar
2008-06-19 12:53 . 2008-06-19 13:04 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part37.rar
2008-06-19 00:52 . 2008-06-19 01:03 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part36.rar
2008-06-18 23:48 . 2008-06-19 00:05 <DIR> d-------- C:\ZonedOut
2008-06-18 20:48 . 2008-06-18 20:59 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part35.rar
2008-06-18 18:34 . 2008-06-18 18:34 <DIR> d-------- C:\ie-spyad_zo
2008-06-18 18:25 . 2008-06-21 00:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-06-18 18:25 . 2008-06-21 00:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 22:28 . 2008-06-17 22:40 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part34.rar
2008-06-17 21:54 . 2008-06-17 21:55 <DIR> d-------- C:\Program Files\Panda Security
2008-06-17 21:43 . 2008-06-21 23:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-17 21:43 . 2008-06-17 21:43 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-15 19:53 . 2008-06-15 19:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-15 19:52 . 2008-06-15 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 19:51 . 2008-06-15 19:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-15 19:30 . 2008-06-15 19:41 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part33.rar
2008-06-15 16:26 . 2008-06-20 18:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-15 16:21 . 2008-06-15 16:21 <DIR> d-------- C:\Program Files\CCleaner
2008-06-15 15:51 . 2008-06-15 22:32 <DIR> d--hs---- C:\WINDOWS\S2V2aW4
2008-06-15 15:50 . 2008-06-15 16:30 <DIR> d-------- C:\WINDOWS\system32\pb109
2008-06-15 15:50 . 2008-06-15 22:32 <DIR> d-------- C:\WINDOWS\system32\dgi
2008-06-15 15:50 . 2008-06-15 16:30 <DIR> d-------- C:\WINDOWS\system32\3039a
2008-06-15 15:50 . 2008-06-15 15:50 <DIR> d-------- C:\Temp\itmp4
2008-06-15 15:50 . 2008-06-25 22:17 <DIR> d-------- C:\Temp
2008-06-15 15:50 . 2008-06-15 15:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-15 15:50 . 2008-06-15 15:50 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\HPAppData
2008-06-15 12:18 . 2008-06-15 12:50 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part32.rar
2008-06-14 21:21 . 2008-06-14 21:39 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part31.rar
2008-06-14 13:30 . 2008-06-14 13:41 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part30.rar
2008-06-14 10:18 . 2008-06-14 10:29 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part29.rar
2008-06-13 20:07 . 2008-06-13 20:19 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part28.rar
2008-06-13 12:47 . 2008-06-13 12:59 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part27.rar
2008-06-13 00:59 . 2008-06-13 01:12 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part26.rar
2008-06-12 20:41 . 2008-06-12 21:30 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part25.rar
2008-06-11 21:51 . 2008-06-11 22:04 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part23.rar
2008-06-11 17:59 . 2008-06-11 18:11 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part24.rar
2008-06-11 07:24 . 2008-06-13 08:10 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 21:14 . 2008-06-10 21:25 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part22.rar
2008-06-10 01:15 . 2008-06-10 01:26 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part20.rar
2008-06-09 22:32 . 2008-06-09 22:43 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part21.rar
2008-06-08 13:28 . 1999-05-06 19:00 140,288 --a------ C:\WINDOWS\system32\Comdlg32.ocx
2008-06-08 13:28 . 1998-06-23 18:00 137,000 --a------ C:\WINDOWS\system32\MSMAPI32.OCX
2008-06-08 13:28 . 1999-03-26 02:00 118,784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL
2008-06-08 13:28 . 1999-06-15 15:30 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-06-08 13:26 . 2008-06-08 13:51 <DIR> d-------- C:\Program Files\Kitchen Designs for Everyone
2008-06-08 13:26 . 2002-03-06 22:58 352,256 --a------ C:\WINDOWS\system32\ijl15.dll
2008-06-08 13:26 . 2002-03-05 01:17 265,216 --a------ C:\WINDOWS\system32\NVIEWLIB.DLL
2008-06-08 11:35 . 2008-06-08 11:36 <DIR> d-------- C:\Program Files\Kitchen
2008-06-08 11:35 . 2008-06-08 11:35 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-06-08 11:34 . 2008-06-08 11:34 38,908 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-08 11:22 . 2008-06-08 11:22 <DIR> d-------- C:\Program Files\View22
2008-06-08 11:17 . 2008-06-08 11:17 <DIR> d-------- C:\Program Files\Safari
2008-06-08 11:17 . 2008-06-08 11:17 <DIR> d-------- C:\Program Files\Bonjour
2008-06-08 10:39 . 2008-06-08 10:52 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part19.rar
2008-06-08 10:36 . 2008-06-08 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\View22
2008-06-08 10:36 . 2006-08-01 23:22 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll
2008-06-07 22:46 . 2008-06-07 22:57 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part18.rar
2008-06-07 10:26 . 2008-06-07 10:37 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part17.rar
2008-06-06 19:49 . 2008-06-06 20:01 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part16.rar
2008-06-06 00:33 . 2008-06-06 00:44 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part15.rar
2008-06-05 21:58 . 2008-06-05 22:09 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part14.rar
2008-06-05 01:47 . 2008-06-05 01:58 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part13.rar
2008-06-04 17:51 . 2008-06-04 18:02 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part12.rar
2008-06-03 22:46 . 2008-06-03 22:57 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part11.rar
2008-06-03 20:17 . 2008-06-03 20:46 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part10.rar
2008-06-02 22:28 . 2008-06-02 22:41 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part09.rar
2008-06-02 18:01 . 2008-06-02 18:13 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part08.rar
2008-06-02 01:36 . 2008-06-02 01:47 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part07.rar
2008-06-01 14:17 . 2008-06-01 14:41 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part06.rar
2008-05-31 18:18 . 2008-05-31 18:42 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part05.rar
2008-05-31 17:54 . 2008-05-31 17:54 206,168 -ra------ C:\WINDOWS\system32\cpnprt2.cid
2008-05-31 17:53 . 2008-05-31 17:53 <DIR> d-------- C:\Program Files\Coupons
2008-05-31 15:55 . 2008-05-31 16:19 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part04.rar
2008-05-31 10:14 . 2008-05-31 10:34 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part03.rar
2008-05-30 20:33 . 2008-05-30 01:42 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part01.rar
2008-05-30 20:32 . 2008-05-30 20:49 104,857,000 --a------ C:\Star_Wars_-__Episode_I.I_-_The_Phantom_Edit.part02.rar
2008-05-30 19:48 . 2008-05-30 19:48 <DIR> d-------- C:\Star Wars - Episode I.I - The Phantom Edit
2008-05-27 23:52 . 2008-05-27 23:52 <DIR> d-------- C:\Program Files\PixiePack Codec Pack
2008-05-27 22:58 . 2008-05-27 23:52 <DIR> d-------- C:\Documents and Settings\Kevin\Application Data\Tunebite
2008-05-27 22:58 . 2008-02-20 13:47 27,936 --a------ C:\WINDOWS\system32\drivers\tbhsd.sys
2008-05-27 22:57 . 2008-05-27 22:57 <DIR> d-------- C:\Program Files\RapidSolution
2008-05-27 22:57 . 2008-05-27 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 00:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-22 22:17 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Ahead
2008-06-15 20:55 --------- d-----w C:\Documents and Settings\Kristen\Application Data\HPAppData
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 18:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 16:18 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-08 15:32 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Yahoo!
2008-05-31 21:02 --------- d-----w C:\Program Files\Microsoft Digital Image 10
2008-05-16 16:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-15 21:14 --------- d-----w C:\Documents and Settings\Kristen\Application Data\SmartFTP
2008-05-15 21:13 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-15 21:13 --------- d-----w C:\Program Files\SmartFTP Client
2008-05-10 06:56 --------- d-----w C:\Documents and Settings\Kristen\Application Data\Template
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 01:30 --------- d-----w C:\Documents and Settings\Kristen\Application Data\Canopus
2008-05-06 03:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Canopus
2008-05-06 03:44 665,600 ----a-w C:\WINDOWS\system32\drivers\hardlock.sys
2008-05-06 03:44 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-05-06 03:44 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2008-05-06 03:43 --------- d-----w C:\Program Files\DivX
2008-05-06 03:42 --------- d-----w C:\Program Files\Common Files\Canopus Shared
2008-05-06 03:42 --------- d-----w C:\Program Files\Canopus
2008-05-06 03:35 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Canopus
2008-05-01 19:38 --------- d-----w C:\Program Files\Real
2008-05-01 19:38 --------- d-----w C:\Program Files\MSN Messenger
2008-04-30 16:33 --------- d-----w C:\Documents and Settings\Kristen\Application Data\Yahoo!
2008-04-29 16:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 16:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 16:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-29 15:41 --------- d-----w C:\Program Files\Recuva
2008-04-29 15:29 --------- d-----w C:\Program Files\Data Doctor Recovery FAT+NTFS (Demo)
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1bc56176-451b-4fd4-98c9-f9576c401159}]
C:\WINDOWS\system32\ikdtalag.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6896AA8F-D206-4839-8696-75A5434A1A27}]
C:\WINDOWS\system32\yaywtRiI.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-20 18:42 1177368]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-03-04 09:29 2904064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2004-05-01 13:09:15 1742384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.CDVC"= cdvccodc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe333d2f0]
C:\WINDOWS\system32\skwjluik.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2003-06-04 10:01 496640 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e000e16c]
--a------ 2008-06-20 08:40 80384 C:\WINDOWS\system32\lefbxmoa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R200 Series]
--a------ 2003-07-08 03:00 99840 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 22:34 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2003-12-18 02:40 1241138 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 19:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 13:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
--a------ 2004-04-28 01:41 188416 C:\Program Files\Common Files\Canopus Shared\ProCoder 2\Kernel\PNXSERVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nForce Tray Options]
--a------ 2003-09-03 17:25 73728 C:\WINDOWS\system32\sstray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-03-04 09:29 2904064 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2004-03-04 09:29 46080 C:\WINDOWS\System32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-03-04 09:29 782336 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-03-12 14:18 135168 C:\Program Files\eMachines Bay Reader\shwiconem.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-01-11 17:54 166304 C:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MsSecurity1.209.4"=2 (0x2)
"InCDsrv"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AOL ACS"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Documents and Settings\\Kevin\\Desktop\\dss.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-20 18:42]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-20 18:42]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-20 18:42]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-20 18:42]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;C:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;C:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 00:56:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-25 22:58:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\DOCUME~1\Kevin\LOCALS~1\Temp\eb363312-a54f-4798-b4f8-57e5e5dd40a3.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-06-25 23:03:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-26 04:03:11

Pre-Run: 44,091,957,248 bytes free
Post-Run: 44,657,532,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

320 --- E O F --- 2008-06-21 08:01:02
ChldsPlay is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Reply With Quote
Old 06-27-2008, 05:14 AM   #6 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Dùn Èideann,Scotland.
Posts: 2,693
OS: XP