Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Help! 100% virus!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-02-2008, 01:19 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: win XP


Help! 100% virus!
First sorry for my bad english!

I'm new here and I don't know anything about HijackThis, but from other posts I can see that you helped alot. So I hope that you'll help me too!

Well, here is the situation.

My boss will kill me if some off work data would be lost. And I think that I have an worm, trojan and many malwares. So I'm f***** up!!!

So please help!

Well here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:59: VIRUS ALERT!, on 2.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\All Users\Application Data\uvohgtwd\sncnevun.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ncxglwlg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ec69c0c3] rundll32.exe "C:\WINDOWS\system32\ufbiiauq.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [shutilset] C:\WINDOWS\system32\ncxglwlg.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [XWNUuDXB4K] C:\Documents and Settings\All Users\Application Data\uvohgtwd\sncnevun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1A0149-708D-4A50-B7EB-BF46332D4692}: NameServer = 192.168.0.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: onfwbsak - {1F730948-FDFD-4258-AE7C-F26DD3C548AE} - C:\WINDOWS\onfwbsak.dll
O21 - SSODL: rwlfsdmk - {7EE134F7-D80C-4F26-A795-C28FA0D486EA} - C:\WINDOWS\rwlfsdmk.dll
O21 - SSODL: StrSh - {6024FE0E-6EEB-4428-0660-0032BEFE4C07} - C:\Program Files\cwpxetc\StrSh.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 6019 bytes


In advance thank you very much!!!

First, I'm sorry for rushing. But it was panic that lead me in insanity.

I didn't follow standard procedures so, here is my apology. next time I'll read a manual before I open it. I guess this can be a lesson for me. I didn't read the "5 step manual", so I blew it up.

Now I've done all 5 steps and now, I think, it's better. But, I couldn't start panda full scan so I scaned my computer with avg anti virus and ad-aware anti virus. And normaly I found plenty of malware. Well, then I enter the task menager (first I could not and I could not even enter regedit.exe, but I find some sites where is a script how to deal with this problem) and I've end a few processes that I know are memory consumers only so my computer can work better. Then I've enter "msconfig" using win+r ('cause run... was not on start panel) and I've turn off some startup unnecessary programs (like volume control etc.) Then I launch HijackThis and here is the latest log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:30: VIRUS ALERT!, on 2.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\All Users\Application Data\uvohgtwd\sncnevun.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ncxglwlg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\template\antivirusi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VirusRemover2008] C:\Program Files\VirusRemover2008\VRM2008.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ec69c0c3] rundll32.exe "C:\WINDOWS\system32\ufbiiauq.dll",b
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [shutilset] C:\WINDOWS\system32\ncxglwlg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [XWNUuDXB4K] C:\Documents and Settings\All Users\Application Data\uvohgtwd\sncnevun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1A0149-708D-4A50-B7EB-BF46332D4692}: NameServer = 192.168.0.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: StrSh - {6024FE0E-6EEB-4428-0660-0032BEFE4C07} - C:\Program Files\cwpxetc\StrSh.dll
O21 - SSODL: onfwbsak - {50D4E2C0-A2DF-4365-8DAD-296FC8F44036} - C:\WINDOWS\onfwbsak.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5249 bytes


And here are some tips: actually things that annoy me.

1. When I click on my computer I have a list of A: drive, E: (cd rom) drive and shared and my documents (erm... like... WHERE ARE MY HARD DRIVES?!?!?!?) (I know that I always can run C: and D: in run - but it's annoying)

2. Right next to a clock is a funny message (it look to me like it's a joke - I don't know why but it does not look professional) like this: 11:23 AM: VIRUS ALERT! (no, really?!?)

and

3. On a start panel I don't have "programs" key (or how do you call it) (I didn't figure it out how to bring it back - other I succeed)

Thank you and again apologies for first "panic post" please ignore it.

Thanks again and sorry for my bad English!
Last edited by amateur; 10-02-2008 at 08:01 AM. Reason: to retain 0-reply status
dd_dusty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-05-2008, 10:54 AM   #2 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,472
OS: XP SP3


Re: Help! 100% virus!
Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it’s taking us longer to catch up. If you haven’t received help elsewhere already and still require assistance please perform the following:
  • Download RSIT by random/random and save it to your desktop.
  • Double click RSIT.exe to start the tool and click Continue at the disclaimer.
  • When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both here.

Please note that the forum is very busy and if I don’t hear from you in three days this thread will be closed.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-07-2008, 12:12 AM   #3 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: win XP


Re: Help! 100% virus!
Thank you! here is the log...

Logfile of random's system information tool 1.04 (written by random/random)
Run by Eco1 at 2008-10-07 08:08:00
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 41 GB (79%) free of 53 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:08: VIRUS ALERT!, on 7.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\All Users\Application Data\uvohgtwd\sncnevun.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ncxglwlg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Eco1\Desktop\RSIT.exe
C:\Program Files\template\antivirusi\Eco1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: QXK Olive - {11DFB01A-0852-4955-9747-C59E21DBBDA5} - C:\WINDOWS\dfmlxbpkvlo.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {6A9D07B2-594E-48CE-B6F7-DC56B3D3BDBE} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - (no file)
O3 - Toolbar: peltodgx - {0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ec69c0c3] rundll32.exe "C:\WINDOWS\system32\uosshhai.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [XWNUuDXB4K] C:\Documents and Settings\All Users\Application Data\uvohgtwd\sncnevun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1A0149-708D-4A50-B7EB-BF46332D4692}: NameServer = 192.168.0.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: jkkKaywT - jkkKaywT.dll (file missing)
O21 - SSODL: StrSh - {6024FE0E-6EEB-4428-0660-0032BEFE4C07} - C:\Program Files\cwpxetc\StrSh.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5813 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11DFB01A-0852-4955-9747-C59E21DBBDA5}]
QXK Olive - C:\WINDOWS\dfmlxbpkvlo.dll [2008-09-30 335872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-10-01 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6A9D07B2-594E-48CE-B6F7-DC56B3D3BDBE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-01 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B09E0F0B-28FE-4A7E-90F6-6D09E4234852}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - peltodgx - C:\WINDOWS\peltodgx.dll [2008-09-30 217088]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-10-01 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-10-01 1234712]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ec69c0c3"=C:\WINDOWS\system32\uosshhai.dll [2008-10-03 80000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"XWNUuDXB4K"=C:\Documents and Settings\All Users\Application Data\uvohgtwd\sncnevun.exe [2008-10-01 77824]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe [2008-04-18 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-06-07 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\jkkKaywT]
jkkKaywT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
StrSh - {6024FE0E-6EEB-4428-0660-0032BEFE4C07} - C:\Program Files\cwpxetc\StrSh.dll [2008-10-01 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B09E0F0B-28FE-4A7E-90F6-6D09E4234852}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\vtUmjIYs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"NoDispCPL"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoToolbarCustomize"=1
"NoDrives"=12
"StartMenuLogoff"=1
"NoStartMenuMorePrograms"=1
"NoSetFolders"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06e8dcc0-fa76-11dc-87d1-001617b61be9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22b3a656-106e-11dd-87d5-001617b61be9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33afc12c-7293-11dc-87b4-001617b61be9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c23fb8-aa2a-11dc-87bd-001617b61be9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b7a46ce-bdd0-11dc-87bf-001617b61be9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{569511f6-ddff-11dc-87c5-001617b61be9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57d9f242-4030-11dc-87af-001617b61be9}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2008-10-07 0855 ----D---- C:\rsit
2008-10-03 16:51:06 ----SH---- C:\WINDOWS\system32\iahhssou.ini
2008-10-03 16:51:05 ----A---- C:\WINDOWS\system32\uosshhai.dll
2008-10-03 14:07:26 ----D---- C:\Program Files\Digeus
2008-10-03 14:07:07 ----D---- C:\WINDOWS\Downloaded Installations
2008-10-02 16:50:32 ----SH---- C:\WINDOWS\system32\cmdwuoqg.ini
2008-10-02 15:27:59 ----D---- C:\WINDOWS\privacy_danger
2008-10-02 11:25:04 ----D---- C:\Documents and Settings\Eco1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-02 10:31:28 ----D---- C:\ie-spyad_zo
2008-10-02 10:21:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 10:19:39 ----D---- C:\Program Files\SpywareBlaster
2008-10-02 09:35:25 ----D---- C:\Program Files\Panda Security
2008-10-01 16:49:44 ----SH---- C:\WINDOWS\system32\quaiibfu.ini
2008-10-01 14:56:20 ----D---- C:\Program Files\Lavasoft
2008-10-01 14:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-01 14:49:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 14:44:45 ----A---- C:\WINDOWS\Freecorder Toolbar Uninstall Log.txt
2008-10-01 14:30:09 ----D---- C:\!KillBox
2008-10-01 13:22:28 ----A---- C:\WINDOWS\system32\mcrh.tmp
2008-10-01 11:21:06 ----HD---- C:\$AVG8.VAULT$
2008-10-01 11:19:33 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2008-10-01 11:19:27 ----D---- C:\Documents and Settings\Eco1\Application Data\AVGTOOLBAR
2008-10-01 11:19:16 ----D---- C:\Program Files\AVG
2008-10-01 11:19:16 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-01 10:59:30 ----D---- C:\Documents and Settings\Eco1\Application Data\VirusRemover2008
2008-10-01 10:48:17 ----SH---- C:\WINDOWS\system32\tpvbsahw.ini
2008-10-01 10:47:42 ----A---- C:\WINDOWS\system32\e74a04bd-.txt
2008-10-01 10:43:47 ----ASH---- C:\WINDOWS\system32\sYIjmUtv.ini2
2008-10-01 10:43:47 ----ASH---- C:\WINDOWS\system32\sYIjmUtv.ini
2008-10-01 10:35:13 ----D---- C:\WINDOWS\system32\smp
2008-10-01 10:35:13 ----D---- C:\WINDOWS\mslagent
2008-10-01 10:35:13 ----D---- C:\Program Files\Inet Delivery
2008-10-01 10:35:13 ----D---- C:\Program Files\akl
2008-10-01 10:35:13 ----A---- C:\WINDOWS\zipped.tmp
2008-10-01 10:35:13 ----A---- C:\WINDOWS\zip3.tmp
2008-10-01 10:35:13 ----A---- C:\WINDOWS\zip2.tmp
2008-10-01 10:35:13 ----A---- C:\WINDOWS\zip1.tmp
2008-10-01 10:35:13 ----A---- C:\WINDOWS\winsystem.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\userconfig9x.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\WINWGPX.EXE
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\winsystem.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\winlogonpc.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\vcatchpi.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\vbsys2.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\thun32.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\thun.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\temp#01.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\taack.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\sysreq.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\ssvchost.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\ssvchost.com
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\ssurf022.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\sncntr.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\Rundl1.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\regm64.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\regc64.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\psoft1.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\psof1.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\ps1.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\newsd32.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\netode.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\mwin32.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\mtr2.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\msvchost.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\mssecu.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\msnbho.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\msgp.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\medup020.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\medup012.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\hxiwlgpm.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\hoproxy.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\h@tkeysh@@k.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\emesx.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\dpcproxy.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\bsva-egihsg52.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\bdn.com
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\awtoolb.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\anticipator.dll
2008-10-01 10:35:13 ----A---- C:\WINDOWS\system32\akttzn.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\mssecu.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\iTunesMusic.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\FVProtect.exe
2008-10-01 10:35:13 ----A---- C:\WINDOWS\bdn.com
2008-10-01 10:35:13 ----A---- C:\WINDOWS\base64.tmp
2008-10-01 10:35:13 ----A---- C:\WINDOWS\a.bat
2008-10-01 10:34:51 ----D---- C:\Program Files\cwpxetc
2008-10-01 10:34:48 ----D---- C:\Documents and Settings\All Users\Application Data\uvohgtwd
2008-10-01 10:34:46 ----A---- C:\WINDOWS\system32\ncxglwlg.exe
2008-10-01 10:33:44 ----D---- C:\Documents and Settings\Eco1\Application Data\TmpRecentIcons
2008-10-01 10:33:35 ----A---- C:\WINDOWS\rwlfsdmk.dll
2008-10-01 10:33:35 ----A---- C:\WINDOWS\peltodgx.dll
2008-10-01 10:33:35 ----A---- C:\WINDOWS\onfwbsak.dll
2008-10-01 10:33:35 ----A---- C:\WINDOWS\fbxrqtwn.exe
2008-10-01 10:33:35 ----A---- C:\WINDOWS\dfmlxbpkvlo.dll
2008-09-30 11:54:10 ----N---- C:\WINDOWS\Setup1.exe
2008-09-30 11:54:09 ----A---- C:\WINDOWS\ST6UNST.EXE
2008-09-22 08:09:54 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-09-22 08:09:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-09-22 08:09:25 ----D---- C:\Program Files\Common Files\Adobe
2008-09-22 08:03:50 ----D---- C:\Program Files\NOS
2008-09-22 08:03:50 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-18 15:23:38 ----D---- C:\Documents and Settings\Eco1\Application Data\MySpace
2008-09-18 15:23:36 ----D---- C:\Program Files\MySpace
2008-09-10 13:46:19 ----D---- C:\Documents and Settings\Eco1\Application Data\Media Player Classic
2008-09-10 13:45:41 ----D---- C:\Documents and Settings\Eco1\Application Data\Google
2008-09-10 13:45:34 ----A---- C:\WINDOWS\system32\unrar.dll
2008-09-10 13:45:34 ----A---- C:\WINDOWS\avisplitter.ini
2008-09-10 13:45:33 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2008-09-10 13:45:33 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-09-10 13:45:33 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-09-10 13:45:32 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2008-09-10 13:45:32 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-10 13:45:32 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-09-10 13:45:32 ----A---- C:\WINDOWS\system32\dpl100.dll
2008-09-10 13:45:32 ----A---- C:\WINDOWS\system32\divx.dll
2008-09-10 13:45:31 ----D---- C:\Program Files\K-Lite Codec Pack
2008-09-10 11:08:24 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

======List of files/folders modified in the last 1 months======

2008-10-07 08:08:50 ----D---- C:\WINDOWS\Temp
2008-10-07 08:07:44 ----D---- C:\WINDOWS\Prefetch
2008-10-07 08:04:17 ----D---- C:\Program Files\Mozilla Firefox
2008-10-06 16:53:57 ----D---- C:\WINDOWS\system32
2008-10-06 11:33:52 ----D---- C:\Program Files\template
2008-10-06 09:16:53 ----D---- C:\WINDOWS
2008-10-03 14:07:27 ----SHD---- C:\WINDOWS\Installer
2008-10-03 14:07:26 ----D---- C:\Program Files
2008-10-02 13:27:24 ----SH---- C:\boot.ini
2008-10-02 13:27:24 ----A---- C:\WINDOWS\win.ini
2008-10-02 13:27:24 ----A---- C:\WINDOWS\system.ini
2008-10-02 13:26:07 ----D---- C:\Program Files\Google
2008-10-02 13:25:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-02 12:29:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-10-02 11:25:04 ----D---- C:\Documents and Settings\Eco1\Application Data\Adobe
2008-10-02 11:01:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 14:56:19 ----D---- C:\WINDOWS\system32\drivers
2008-10-01 14:49:10 ----D---- C:\Program Files\Common Files
2008-10-01 14:45:55 ----D---- C:\WINDOWS\WinSxS
2008-10-01 14:44:04 ----D---- C:\Program Files\Common Files\Wextech Shared
2008-10-01 13:29:42 ----SHD---- C:\System Volume Information
2008-10-01 13:29:42 ----D---- C:\WINDOWS\system32\Restore
2008-09-22 08:10:02 ----D---- C:\Program Files\Adobe
2008-09-11 09:48:05 ----HD---- C:\WINDOWS\inf
2008-09-09 20:47:42 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-10-01 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-10-01 26824]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-06-07 1580544]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-04-29 25280]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-01 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-06-07 409600]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-01 231704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-06-07 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-04-28 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------


... and info...

info.txt logfile of random's system information tool 1.04 2008-10-07 08:08:51

======Uninstall list======

-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{BE83EC7F-7519-4036-8B59-ECE494308124}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
AutoCAD LT 2002-->MsiExec.exe /I{5783F2D7-0109-0409-0000-0060B0CE6BBA}
AutoCAD LT 2008 - English-->C:\Program Files\AutoCAD LT 2008\Setup\Setup.exe /P {5783F2D7-6009-0409-0002-0060B0CE6BBA} /M ACADLT
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
DiemaCAD English 1.0-->"C:\Program Files\DiemaCAD\un_DiemaCAD English_12345.exe"
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic Workstation 0.94f-->"C:\Program Files\Magic Workstation\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MTG GamePack for Magic Workstation-->"C:\Program Files\Magic Workstation\unins001.exe"
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x1a -removeonly
Registry Cleaner 4.7-->MsiExec.exe /I{D3595B04-930B-471B-8404-7F488BD14504}
Risk II-->"C:\Program Files\Risk II\ReflexiveArcade\unins000.exe"
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
The Dark Legions-->"C:\Program Files\The Dark Legions\ReflexiveArcade\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
WebVideo Support-->C:\WINDOWS\fbxrqtwn.exe
Wilo-CAD Bibliothek-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7ED365C8-7CF7-4C4A-944B-063B378F6F8B}\Setup.exe" -l0x7
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
YouTube Downloader 3000 ver. 1.0.2.0-->"C:\Program Files\YouTube Downloader 3000\unins000.exe"

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Autodesk Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


no problem for delay. it's not that bad now. :D
dd_dusty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-07-2008, 05:50 AM   #4 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,472
OS: XP SP3


Re: Help! 100% virus!
Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

We need to install the Windows Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Download the file from the following Microsoft page:

http://www.microsoft.com/downloads/d...displaylang=en

Although this file is for SP2 and you have SP3 installed, you don't need to worry as it will work on both.

Save it as it is originally named to your Desktop.

Now close all open windows and programs, including all antivirus and antispyware programs. Get help here



Then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Recovery Console.

As part of installing the Recovery Console, ComboFix will begin to run. Your desktop may disappear. This is normal. It will return.

ComboFix will now automatically install the Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Recovery Console is installed, this blue window will appear:



Please continue as follows:
  • Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
  • Please click Yes to continue scanning for malware.
When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2008, 10:52 AM   #5 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: win XP


Re: Help! 100% virus!
here is the log:

ComboFix 08-10-08.05 - Eco1 2008-10-09 18:40:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.543 [GMT 2:00]
Running from: C:\Documents and Settings\Eco1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eco1\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Eco1\ravmonlog
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\WINDOWS\a.bat
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\dfmlxbpkvlo.dll
C:\WINDOWS\fbxrqtwn.exe
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mssecu.exe
C:\WINDOWS\onfwbsak.dll
C:\WINDOWS\peltodgx.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\body.gif
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\capt2.gif
C:\WINDOWS\privacy_danger\images\red.gif
C:\WINDOWS\privacy_danger\images\text.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rwlfsdmk.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\cmdwuoqg.ini
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\iahhssou.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\quaiibfu.ini
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sYIjmUtv.ini
C:\WINDOWS\system32\sYIjmUtv.ini2
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\tpvbsahw.ini
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

.
((((((((((((((((((((((((( Files Created from 2008-09-09 to 2008-10-09 )))))))))))))))))))))))))))))))
.

2008-10-07 08:06 . 2008-10-07 08:08 <DIR> d-------- C:\rsit
2008-10-03 14:07 . 2008-10-03 14:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-03 14:07 . 2008-10-03 14:07 <DIR> d-------- C:\Program Files\Digeus
2008-10-02 11:25 . 2008-10-02 11:25 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-02 10:31 . 2008-10-02 10:31 <DIR> d-------- C:\ie-spyad_zo
2008-10-02 10:21 . 2008-10-02 11:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 10:19 . 2008-10-02 10:19 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-02 09:35 . 2008-10-02 09:35 <DIR> d-------- C:\Program Files\Panda Security
2008-10-01 14:56 . 2008-10-01 14:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-01 14:56 . 2008-10-01 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-01 14:49 . 2008-10-01 14:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 14:30 . 2008-10-01 14:30 <DIR> d-------- C:\!KillBox
2008-10-01 11:21 . 2008-10-07 12:46 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-01 11:19 . 2008-10-09 10:26 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-01 11:19 . 2008-10-01 11:19 <DIR> d-------- C:\Program Files\AVG
2008-10-01 11:19 . 2008-10-01 14:34 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\AVGTOOLBAR
2008-10-01 11:19 . 2008-10-01 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-01 11:19 . 2008-10-01 11:19 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-01 11:19 . 2008-10-01 11:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-01 10:59 . 2008-10-01 10:59 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\VirusRemover2008
2008-10-01 10:34 . 2008-10-01 10:34 <DIR> d-------- C:\Program Files\cwpxetc
2008-10-01 10:34 . 2008-10-07 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\uvohgtwd
2008-09-30 11:54 . 2008-09-30 11:54 249,856 --------- C:\WINDOWS\Setup1.exe
2008-09-30 11:54 . 2008-09-30 11:54 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-09-22 08:09 . 2008-09-22 08:09 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-22 08:09 . 2008-09-22 08:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-22 08:03 . 2008-10-01 14:44 <DIR> d-------- C:\Program Files\NOS
2008-09-22 08:03 . 2008-10-01 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-18 15:23 . 2008-09-18 15:23 <DIR> d-------- C:\Program Files\MySpace
2008-09-18 15:23 . 2008-09-18 15:23 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\MySpace
2008-09-10 13:46 . 2008-09-10 13:46 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\Media Player Classic
2008-09-10 13:45 . 2008-09-10 13:45 <DIR> d-------- C:\Program Files\K-Lite Codec Pack

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 09:33 --------- d-----w C:\Program Files\template
2008-10-02 11:26 --------- d-----w C:\Program Files\Google
2008-10-01 12:44 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-08-27 11:00 --------- d-----w C:\Program Files\FLV Player
2008-08-27 10:22 --------- d-----w C:\Program Files\YouTube Downloader 3000
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-01 1234712]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"StrSh"= {6024FE0E-6EEB-4428-0660-0032BEFE4C07} - C:\Program Files\cwpxetc\StrSh.dll [2008-10-01 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-18 01:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16819:TCP"= 16819:TCP:NortonAV

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-01 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-01 231704]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
.
- - - - ORPHANS REMOVED - - - -

BHO-{11DFB01A-0852-4955-9747-C59E21DBBDA5} - C:\WINDOWS\dfmlxbpkvlo.dll
BHO-{6A9D07B2-594E-48CE-B6F7-DC56B3D3BDBE} - (no file)
BHO-{B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - (no file)
Toolbar-{0FA15166-39DA-4DAB-9B1A-0DDDBACA8BD5} - C:\WINDOWS\peltodgx.dll
ShellExecuteHooks-{B09E0F0B-28FE-4A7E-90F6-6D09E4234852} - (no file)
Notify-jkkKaywT - jkkKaywT.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Eco1\Application Data\Mozilla\Firefox\Profiles\y59ns8ck.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 18:46:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-09 18:50:14 - machine was rebooted [Eco1]
ComboFix-quarantined-files.txt 2008-10-09 16:50:10

Pre-Run: 43.328.245.760 bytes free
Post-Run: 43,209,420,800 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

230 --- E O F --- 2008-09-10 09:09:14


in advance thank you!
dd_dusty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2008, 11:05 AM   #6 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,472
OS: XP SP3


Re: Help! 100% virus!
and a fresh HijackThis log please.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-10-2008, 12:29 AM   #7 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: win XP


Re: Help! 100% virus!
oph yeah... sorry... :D


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:27, on 10.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\template\antivirusi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1A0149-708D-4A50-B7EB-BF46332D4692}: NameServer = 192.168.0.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: StrSh - {6024FE0E-6EEB-4428-0660-0032BEFE4C07} - C:\Program Files\cwpxetc\StrSh.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 4999 bytes
dd_dusty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-10-2008, 07:09 AM   #8 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,472
OS: XP SP3


Re: Help! 100% virus!
Hi,

Thanks.

Please scan with HijackThis and put a checkmark against the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

If you have not set your start page to a blank page yourself, you can check this one too:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Blank

Close all browsers and windows other than HijackThis and click on "fix checked". Exit HijackThis.

================================
  • Open notepad (Start>All programs>accessories>notepad ) (It must be notepad, not wordpad, or it won't work)
  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop
  • Click Format and ensure Wordwrap is unchecked.

Code:
KILLALL::

Folder::
C:\Documents and Settings\Eco1\Application Data\VirusRemover2008
C:\Program Files\cwpxetc
C:\Documents and Settings\All Users\Application Data\uvohgtwd

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"StrSh"=-
Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

===========================

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
=====================

Please post back in your next reply:

Combofix.txt
Kaspersky report
a fresh HijackThis log, taken after a reboot.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2008, 02:00 AM   #9 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: win XP


Re: Help! 100% virus!
Sorry for delay!!! I was quite busy this days!


no, thank you! here is the Combofix.txt :

ComboFix 08-10-08.05 - Eco1 2008-10-13 13:25:34.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1033.18.600 [GMT 2:00]
Running from: C:\Documents and Settings\Eco1\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Eco1\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\uvohgtwd
C:\Documents and Settings\Eco1\Application Data\VirusRemover2008
C:\Documents and Settings\Eco1\Application Data\VirusRemover2008\Logs\scns.log
C:\Program Files\cwpxetc

.
((((((((((((((((((((((((( Files Created from 2008-09-13 to 2008-10-13 )))))))))))))))))))))))))))))))
.

2008-10-07 08:06 . 2008-10-07 08:08 <DIR> d-------- C:\rsit
2008-10-03 14:07 . 2008-10-03 14:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-10-03 14:07 . 2008-10-03 14:07 <DIR> d-------- C:\Program Files\Digeus
2008-10-02 11:25 . 2008-10-02 11:25 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-10-02 10:31 . 2008-10-02 10:31 <DIR> d-------- C:\ie-spyad_zo
2008-10-02 10:21 . 2008-10-02 11:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-02 10:19 . 2008-10-02 10:19 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-10-02 09:35 . 2008-10-02 09:35 <DIR> d-------- C:\Program Files\Panda Security
2008-10-01 14:56 . 2008-10-01 14:56 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-01 14:56 . 2008-10-01 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-01 14:49 . 2008-10-01 14:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-01 14:30 . 2008-10-01 14:30 <DIR> d-------- C:\!KillBox
2008-10-01 11:21 . 2008-10-11 12:49 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-01 11:19 . 2008-10-13 08:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-01 11:19 . 2008-10-01 11:19 <DIR> d-------- C:\Program Files\AVG
2008-10-01 11:19 . 2008-10-01 14:34 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\AVGTOOLBAR
2008-10-01 11:19 . 2008-10-01 11:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-01 11:19 . 2008-10-01 11:19 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-01 11:19 . 2008-10-01 11:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-09-30 11:54 . 2008-09-30 11:54 249,856 --------- C:\WINDOWS\Setup1.exe
2008-09-30 11:54 . 2008-09-30 11:54 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-09-22 08:09 . 2008-09-22 08:09 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-22 08:09 . 2008-09-22 08:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-22 08:03 . 2008-10-01 14:44 <DIR> d-------- C:\Program Files\NOS
2008-09-22 08:03 . 2008-10-01 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-18 15:23 . 2008-09-18 15:23 <DIR> d-------- C:\Program Files\MySpace
2008-09-18 15:23 . 2008-09-18 15:23 <DIR> d-------- C:\Documents and Settings\Eco1\Application Data\MySpace

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-06 09:33 --------- d-----w C:\Program Files\template
2008-10-02 11:26 --------- d-----w C:\Program Files\Google
2008-10-01 12:44 --------- d-----w C:\Program Files\Common Files\Wextech Shared
2008-09-10 11:46 --------- d-----w C:\Documents and Settings\Eco1\Application Data\Media Player Classic
2008-09-10 11:45 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-27 11:00 --------- d-----w C:\Program Files\FLV Player
2008-08-27 10:22 --------- d-----w C:\Program Files\YouTube Downloader 3000
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-01 1234712]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 9117696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2008-04-18 01:27 9117696 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16819:TCP"= 16819:TCP:NortonAV

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-01 97928]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-01 231704]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 13:31:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-10-13 13:34:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-13 11:34:53
ComboFix2.txt 2008-10-09 16:50:18

Pre-Run: 43.138.076.672 bytes free
Post-Run: 43,104,456,704 bytes free

119 --- E O F --- 2008-09-10 09:09:14


... Kaspersky report...

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, October 13, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, October 13, 2008 09:16:18
Records in database: 1308180
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 65846
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:05:28


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\onfwbsak.dll.vir Infected: Trojan.Win32.Vapsup.mag 1
C:\QooBox\Quarantine\C\WINDOWS\peltodgx.dll.vir Infected: Trojan.Win32.Vapsup.lzm 1
C:\QooBox\Quarantine\C\WINDOWS\rwlfsdmk.dll.vir Infected: Trojan.Win32.Vapsup.lzj 1

The selected area was scanned.


... and the fresh ...HijackThis log, taken after a reboot... *** you asked...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:57, on 14.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\template\antivirusi\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD LT 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD LT 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD LT 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF1A0149-708D-4A50-B7EB-BF46332D4692}: NameServer = 192.168.0.254
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 4555 bytes


thx!
dd_dusty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-14-2008, 05:40 AM   #10 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,472
OS: XP SP3


Re: Help! 100% virus!
Hi,

The logs are looking good. How is the computer behaving?

The files reported by Kaspersky are in the quarantine folder of Combofix which will be cleared in our next step if everything is running fine.
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2008, 03:32 AM   #11 (permalink)
Registered User
 
Join Date: Oct 2008
Posts: 6
OS: win XP


Re: Help! 100% virus!
Hi again,

I think that computer is a little slower than before, like something is pulling out a maximum of his memory, but I don't know what.

Maybe it's because I have AVG and AdAware installed on it. And now Combofix.

But I guess it will be better after we do those steps of repairing with Combofix.

Can I uninstall AVG or AdAware or maybe even both now?

Thanks again for your quick reply! :D
dd_dusty is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2008, 09:00 AM   #12 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,472
OS: XP SP3


Re: Help! 100% virus!
Hi again,

Quote:
I think that computer is a little slower than before. Maybe it's because I have AVG and AdAware installed on it. And now Combofix.
AVG8 has Spyware protection included in the Antivirus application now and that may be contributing to it. AdAware is an on-demand scanner, unless you have the Adwatch function, so it shouldn't have any affect on the speed of the system.

You can also take a look at the sticky topic at the top of this HijackThis Log Help section --> Is your PC running slow...?

Quote:
But I guess it will be better after we do those steps of repairing with Combofix.
We have no further steps to be done with Combofix other than uninstalling it shortly.

Quote:
Can I uninstall AVG or AdAware or maybe even both now?
I would NOT recommend that you uninstall an antivirus application, unless you replace it with another one. If you decide to do that, make sure that you download the new antivirus application first but not install it just yet. Then disconnect from the internet and uninstall the old one. Reboot. Install the new one, then connect to the internet and update it before you run a scan with it. Always make sure that you have only ONE antivirus application. Otherwise, they may conflict with each other and render the system vulnerable and unstable.

If you have no further malware issues, you're all set to go. The logs are clean.
  • Click Start then Run
  • Now type Combofix /u in the runbox and click OK. Notice the space between the Combofix and the /



This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore to prevent reinfection from old restore points.

Please respond to this thread one more time so we can mark this thread as resolved.

Happy Surfing and Think Prevention!
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:22 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85