Help - Search - Members - Calendar
Full Version: Checking if i'm infected
BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal
   
charlie00
Nov 8 2008, 12:00 PM
before i had the recycler virus,
i just want to know if i still have that virus or if i have other virus

here's my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:55 AM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 6885 bytes


i also had this



when i scanned using Housecall Anti Virus (trend micro)

i tried to download the file but it says that the file cannot be found
i think this update was way back year 2004

how can i fix it?
PropagandaPanda
Nov 14 2008, 11:59 AM
Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If you still need help, post a new HijackThis log.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner. If for some reason you cannot complete this scan, skip it.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.
Save Uninstall List with HijackThis
  • Double click the HijackThis icon on your desktop.
  • If you see a while screen, click Main Menu at the middle bottom of the window, otherwise move onto the next step.
  • Click Open the Misc Tools section.
  • Under System tools, select Uninstall Manager....
  • Near the bottom right, click Save list... and save uninstall_list.txt onto your desktop.
  • Close out of HijackThis.
  • Post back with uninstall_list.txt.

Post back with:
-the Kaspersky log
-the uninstall list
-a new HijackThis log

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.
charlie00
Nov 15 2008, 08:00 PM
here's my hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:58 AM, on 11/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 6509 bytes

here's my kaspersky report

Sunday, November 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, November 15, 2008 15:02:46
Records in database: 1385985
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 98500
Threat name 12
Infected objects 27
Suspicious objects 0
Duration of the scan 02:54:48

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\014C0000\49CDE384.VBN Infected: Worm.Win32.Perlovga.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B40000\4AB4C1B5.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02B40001\4AB4C252.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0000\4B9EE229.VBN Infected: Trojan.Win32.Disabler.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0001\4B9EE237.VBN Infected: Trojan.Win32.Disabler.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0002\4B9EE242.VBN Infected: Trojan.Win32.Disabler.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0003\4B9EE24C.VBN Infected: Trojan.Win32.Disabler.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\031C0004\4B9EE256.VBN Infected: Trojan.Win32.Disabler.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000\4ABD11BC.VBN Infected: Trojan-Downloader.Win32.Zlob.wmc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00001\4ABD11CB.VBN Infected: Trojan-Downloader.Win32.Zlob.wmc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440000\4BD66209.VBN Infected: Worm.Win32.Perlovga.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440001\4BD66225.VBN Infected: Trojan-Dropper.Win32.Small.apl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B440002\4BD6622E.VBN Infected: Trojan.Win32.Agent.ad 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DA80000\4DFFE3E4.VBN Infected: Trojan-GameThief.Win32.OnLineGames.alpn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0000\4DFDA500.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sioy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0001\4DFDAB46.VBN Infected: Trojan.Win32.Vaklik.apl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DDC0002\4DFDC122.VBN Infected: Trojan.Win32.Vaklik.apl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E240000\4E672E8B.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sioy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E7C0000(2)\4EFDD8BC.VBN Infected: Trojan-GameThief.Win32.OnLineGames.sgog 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00000\4EF6710E.VBN Infected: Trojan.Win32.Vaklik.arx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EB00001\4EF67140.VBN Infected: Trojan.Win32.Vaklik.aqr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100000\4F927C78.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100001\4F927E0A.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100002\4F928350.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100003\4F9283AB.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100004\4F928D5E.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F100005\4F928E95.VBN Infected: Trojan-Downloader.WMA.GetCodec.c 1
The selected area was scanned.


here's my uninstall list:

Ad-Aware
Adobe AIR
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Reader 9
Adobe Setup
Adobe Shockwave Player
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Any Video Converter 2.6.5
Cisco Networking Academy curriculum 4.0.0.0
Compatibility Pack for the 2007 Office system
DivX Codec
EPSON CardMonitor
EPSON PhotoQuicker3.2
EPSON PhotoStarter3.0
EPSON Printer Software
ES C41 Problem Solver
ESET Smart Security
Freecorder Toolbar
Freecorder Toolbar 3.01 Application
Garena
getPlus®
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Update
Java™ 6 Update 6
Java™ 6 Update 7
jZip
K-Lite Mega Codec Pack 4.1.7
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.4)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
OpenOffice.org Installer 1.0
OpenVPN 2.0.9
Packet Tracer 5.0
PowerDVD
Realtek AC'97 Audio
SAMSUNG CDMA Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Spybot - Search & Destroy
Switch Sound File Converter
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Veoh Web Player Beta
WampServer 2.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! ¤u¨ã¦C
Yahoo! Messenger


thanks a lot
PropagandaPanda
Nov 15 2008, 08:16 PM
Hello.

Looks good to me smile.gif .

Are you having any problems right now?

With Regards,
The Panda
charlie00
Nov 15 2008, 09:07 PM
does it look good? hehe

what do i do with the quarantine files of symantec?

i changed my AV to ESet (Symantec to ESet)
is it ok?

i'm experiencing slow processing speed in my computer

PropagandaPanda
Nov 16 2008, 09:16 AM
Hello.

You can delete the quarentined files.

ESET is a reliable AV from what I hear.

Was the slowness from after the infection, or before?

Please open your Task Manager, select the Processes tab and check which processes are taking the most CPU. We can disable some startup items to free memory later.

With Regards,
The Panda
charlie00
Nov 16 2008, 09:23 AM
can i really delete the quarantine files?

the slowness was after the infection


PropagandaPanda
Nov 16 2008, 09:48 AM
Hello.

Yes you can safely delete those.

That process list looks OK. Could I ask how much RAM you have?

Let's look a bit deeper.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    1. System Protection and Tracing
    2. Processes
    3. Save created processes to the log
    4. Drivers
    5. Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
    • After the reboot, run Gmer again and click on the Rootkit tab.
    • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
    • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
    • Click on the Scan and wait for the scan to finish.
      Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
    • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
    • Note: If you have any problems, try running GMER in Safe Mode
    Important!:Please do not select the Show all checkbox during the scan..

    Download and Run OTViewIt
    • Please download OTViewIt by OldTimer to your desktop.
    • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
    • Check both the Scan All Users and Use Whitelist checkboxes. Set the File Age to 30 days.
    • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.
        OTViewIt.txt <-- Will be opened
        Extra.txt <-- Will be minimized. A new Extra.txt will not be created if one exists already.
      Copy and Paste just the OTViewIt.txt into your next reply.

    Also include a fresh HijackThis log please.

    With Regards,
    The Panda
    charlie00
    Nov 16 2008, 10:24 AM
    i have 448mb of RAM XD

    gmer text:

    GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-11-16 23:16:21
    Windows 5.1.2600 Service Pack 3


    ---- User code sections - GMER 1.0.14 ----

    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1724] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]

    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
    AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
    AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

    ---- EOF - GMER 1.0.14 ----

    otview text

    OTViewIt logfile created on: 11/16/2008 11:18:08 PM - Run
    OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\charlie\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    447.29 Mb Total Physical Memory | 108.27 Mb Available Physical Memory | 24.20% Memory free
    1.03 Gb Paging File | 0.71 Gb Available in Paging File | 68.42% Paging File free
    Paging file location(s): C:\pagefile.sys 672 1344;

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 64.45 Gb Total Space | 46.03 Gb Free Space | 71.41% Space Free | Partition Type: NTFS
    Drive D: | 10.07 Gb Total Space | 0.89 Gb Free Space | 8.81% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: IDANAN
    Current User Name: charlie
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Whitelist: On
    File Age = 30 Days

    ========== Processes ==========

    [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    [2006/08/03 14:53:02 | 00,053,248 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
    [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    [2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    [2008/07/01 09:01:04 | 01,447,168 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
    [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
    [2008/07/01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    [2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\gmer.exe
    [2008/11/15 23:41:11 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    [2008/05/27 21:58:12 | 04,269,296 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    [2008/04/14 08:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
    [2008/04/14 08:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
    [2008/11/16 23:17:37 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\charlie\Desktop\OTViewIt.exe

    ========== (O23) Win32 Services ==========

    [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
    [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
    [2008/07/01 09:08:00 | 00,019,200 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
    [2008/07/01 09:02:28 | 00,468,224 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn [Auto | Running])
    [2008/07/09 22:54:44 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
    File not found -- -- (getPlus® Helper [On_Demand | Stopped])
    [2008/04/18 01:13:44 | 05,750,784 | ---- | M] () -- c:\xampp\mysql\bin\mysqld-nt.exe -- (mysql [Auto | Stopped])
    [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
    [2008/01/18 00:37:26 | 00,024,635 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe -- (wampapache [On_Demand | Stopped])
    [2008/01/18 16:57:54 | 05,750,784 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe -- (wampmysqld [On_Demand | Stopped])
    [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

    ========== Driver Services ==========

    [2007/01/25 16:37:16 | 04,027,456 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
    [2008/07/01 08:56:22 | 00,039,944 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon [Auto | Running])
    [2008/07/01 08:57:14 | 00,053,256 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv [System | Running])
    [2008/07/01 09:04:34 | 00,071,688 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw [Auto | Running])
    [2008/07/01 09:04:36 | 00,030,728 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis [On_Demand | Running])
    [2008/07/01 09:04:38 | 00,054,280 | ---- | M] (ESET) -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi [System | Running])
    [2001/08/17 20:13:08 | 00,027,165 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\drivers\fetnd5.sys -- (FETNDIS [On_Demand | Running])
    [2008/11/16 22:51:10 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
    [2006/04/12 18:04:39 | 00,049,664 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
    [2006/04/12 18:04:39 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
    [2006/04/12 18:04:39 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
    [2004/08/04 06:41:48 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFBS2S2.sys -- (HSFHWBS2 [On_Demand | Running])
    [2004/08/04 06:41:56 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFDPSP2.sys -- (HSF_DP [On_Demand | Running])
    [2004/08/04 06:41:56 | 00,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
    [2004/08/04 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
    [2007/11/13 18:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
    [2005/08/30 17:57:18 | 00,058,320 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
    [2005/08/30 17:58:56 | 00,008,304 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
    [2005/08/30 17:59:00 | 00,094,000 | ---- | M] (MCCI) -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
    [2006/07/24 16:05:00 | 00,005,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
    [2001/08/17 13:49:10 | 00,026,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb [On_Demand | Stopped])
    [2006/10/01 14:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Running])
    [2008/04/14 02:36:40 | 00,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys -- (uagp35 [Boot | Running])
    [2006/08/31 13:06:16 | 00,264,704 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\drivers\vtmini.sys -- (viagfx [On_Demand | Running])
    [2004/08/04 06:41:50 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFCXTS2.sys -- (winachsf [On_Demand | Running])

    ========== (R ) Internet Explorer ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
    "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Default_Secondary_Page_URL"=
    "Extensions Off Page"=about:NoAdd-ons
    "Local Page"=%SystemRoot%\system32\blank.htm
    "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
    "Security Risk Page"=about:SecurityRisk
    "Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    "CustomSearch"=http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
    "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Local Page"=C:\WINDOWS\system32\blank.htm
    "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    "SearchMigratedDefaultName"=Yahoo! Search
    "SearchMigratedDefaultURL"=http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    "Start Page"=http://www.yahoo.com/

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
    ""=http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}" (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
    "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyEnable" = 0
    "ProxyOverride" = *.local

    ========== (O1) Hosts File ==========

    HOSTS File = (287238 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    First 25 entries...
    127.0.0.1 localhost
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123haustiereundmehr.com
    9901 more lines...

    ========== (O2) BHO's ==========

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
    {02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    {1392b8d2-5c05-419f-a8f6-b9f15a596612} (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} (HKLM) -- C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

    ========== (O3) Toolbars ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC}" (HKLM) -- C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}" (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}" (HKLM) -- C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

    ========== (O4) Run Keys ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
    "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
    "VTTimer"=VTTimer.exe (S3 Graphics, Inc.)
    "VTTrayp"=VTtrayp.exe (S3 Graphics Co., Ltd.)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)

    ========== (O4) Startup Folders ==========


    ========== (O6 & O7) Current Version Policies ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDriveTypeAutoRun"=227
    "NoDrives"=0
    "NoDriveAutoRun"=67108863

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "DisableStatusMessages"=0
    "DisableRegistryTools"=0
    "HideLegacyLogonScripts"=0
    "HideLogoffScripts"=0
    "RunLogonScriptSync"=1
    "RunStartupScriptSync"=0
    "HideStartupScripts"=0

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
    "NoDrives"=0

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
    "HideLegacyLogonScripts"=0
    "HideLogoffScripts"=0
    "HideStartupScripts"=0
    "RunLogonScriptSync"=1
    "RunStartupScriptSync"=0

    ========== (O8) IE Context Menu Extensions ==========

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
    E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2003/08/13 02:34:38 | 10,073,144 | ---- | M] (Microsoft Corporation)

    ========== (O9) IE Extensions ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
    {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
    CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
    CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 08:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

    ========== (O12) Internet Explorer Plugins ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
    PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
    PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

    ========== (O13) Default Prefixes ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
    ""=http://

    ========== (O15) Trusted Sites ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    49 domain(s) and sub-domain(s) not assigned to a zone.

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
    55 domain(s) and sub-domain(s) not assigned to a zone.

    ========== (O16) DPF ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
    {149E45D8-163E-4189-86FC-45022AB2B6C9}: file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx -- SpinTop DRM Control
    {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
    {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06
    {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
    {CC450D71-CC90-424C-8638-1F2DBAC87A54}: file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx -- ArmHelper Control
    {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class

    ========== (O17) DNS Name Servers ==========

    {4234E54E-E362-4C9F-A5B0-7306546ADDB5} (Servers: | Description: VIA Compatable Fast Ethernet Adapter)
    {CFD20C10-E597-4F83-BB75-36FAEB0CF17D} (Servers: | Description: )

    ========== Safeboot Options ==========

    "AlternateShell"=cmd.exe

    ========== CDRom AutoRun Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
    "AutoRun" = 1

    ========== Autorun Files on Drives ==========

    AUTOEXEC.BAT []
    [2008/06/07 01:10:42 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


    ========== MountPoints2 ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535a8e9e-abe9-11dd-aaaa-0016eca19b92}\Shell\explore\Command]
    ""=G:\boot.exe -- File not found


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{535a8e9e-abe9-11dd-aaaa-0016eca19b92}\Shell\open\Command]
    ""=G:\boot.exe -- File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [5 C:\WINDOWS\System32\*.tmp files]
    [4 C:\WINDOWS\*.tmp files]
    [2008/11/16 23:17:04 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\charlie\Desktop\OTViewIt.exe
    [2008/11/16 22:51:12 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
    [2008/11/16 22:51:10 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
    [2008/11/16 22:51:10 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
    [2008/11/16 22:51:10 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
    [2008/11/16 22:51:09 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
    [2008/11/16 22:50:40 | 00,811,008 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\gmer.exe
    [2008/11/16 22:50:22 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\gmer.zip
    [2008/11/16 22:20:40 | 00,472,494 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\1.bmp
    [2008/11/16 21:10:34 | 00,005,120 | -HS- | C] () -- C:\Documents and Settings\charlie\Desktop\Thumbs.db
    @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\charlie\Desktop\Thumbs.db:encryptable
    [2008/11/16 20:56:26 | 00,025,563 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\1_862305570l.jpg
    [2008/11/14 05:04:24 | 00,000,000 | ---D | C] -- C:\CISCO_CCNA
    [2008/11/14 02:02:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\EPSON CardMonitor Essential
    [2008/11/14 02:02:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\EPSON PhotoStarter Essential
    [2008/11/12 19:28:44 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
    [2008/11/12 19:24:20 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
    [2008/11/12 18:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
    [2008/11/12 18:16:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\SpinTop
    [2008/11/11 23:00:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Desktop\IM 252
    [2008/11/11 00:31:04 | 00,094,208 | -H-- | C] (PS Soft) -- C:\Documents and Settings\charlie\Desktop\RaveButtons.ocx
    [2008/11/11 00:31:04 | 00,045,056 | -H-- | C] (PS Soft) -- C:\Documents and Settings\charlie\Desktop\Y!Multi Messenger.exe
    [2008/11/10 16:35:59 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to TTW.lnk
    [2008/11/09 00:45:38 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2008/11/08 18:58:45 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2008/11/08 18:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    [2008/11/08 18:42:18 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
    [2008/11/08 18:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
    [2008/11/08 18:40:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2008/11/08 17:38:57 | 00,000,000 | -HSD | C] -- C:\RECYCLER
    [2008/11/08 17:33:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2008/11/03 17:27:29 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to o2mania English.lnk
    [2008/11/03 16:43:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Wordsearch.INI
    [2008/11/03 16:36:20 | 00,000,060 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
    [2008/11/03 16:13:30 | 00,000,000 | ---D | C] -- C:\O2 Jam
    [2008/10/31 18:05:34 | 00,000,447 | ---- | C] () -- C:\Documents and Settings\charlie\Desktop\Garena.lnk
    [2008/10/28 20:17:43 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
    [2008/10/28 20:16:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2008/10/28 19:50:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2008/10/28 19:50:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
    [2008/10/28 19:50:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2008/10/28 19:50:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2008/10/28 19:46:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2008/10/28 19:38:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
    [2008/10/28 19:33:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
    [2008/10/27 10:29:40 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
    [2008/10/27 10:29:38 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
    [2008/10/27 10:29:36 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
    [2008/10/27 10:29:36 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
    [2008/10/27 10:29:32 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
    [2008/10/27 10:29:31 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
    [2008/10/27 10:29:30 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
    [2008/10/27 10:29:28 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
    [2008/10/27 10:29:27 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
    [2008/10/27 10:29:22 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
    [2008/10/27 10:29:22 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
    [2008/10/27 10:29:10 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
    [2008/10/27 10:29:07 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
    [2008/10/27 10:29:06 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
    [2008/10/27 10:29:02 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
    [2008/10/27 10:29:01 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
    [2008/10/27 10:28:57 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
    [2008/10/27 10:28:57 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
    [2008/10/27 10:28:57 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
    [2008/10/27 10:28:55 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
    [2008/10/27 10:28:54 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
    [2008/10/27 10:28:52 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
    [2008/10/27 10:28:52 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
    [2008/10/27 10:28:51 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
    [2008/10/27 10:28:50 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
    [2008/10/27 10:28:46 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
    [2008/10/27 10:28:37 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
    [2008/10/27 10:28:34 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
    [2008/10/27 10:28:34 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
    [2008/10/27 10:28:34 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
    [2008/10/27 10:28:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
    [2008/10/27 10:28:32 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
    [2008/10/27 10:28:31 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
    [2008/10/27 10:28:31 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
    [2008/10/27 10:28:29 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
    [2008/10/27 10:28:29 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
    [2008/10/27 10:27:42 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
    [2008/10/27 10:27:42 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
    [2008/10/27 10:27:42 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
    [2008/10/27 10:27:42 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
    [2008/10/27 10:27:21 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
    [2008/10/27 10:27:20 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
    [2008/10/27 10:27:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
    [2008/10/27 10:27:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
    [2008/10/27 10:27:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
    [2008/10/27 10:27:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
    [2008/10/27 10:27:17 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
    [2008/10/27 10:27:17 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pidgen.dll
    [2008/10/27 10:27:05 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
    [2008/10/27 10:27:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
    [2008/10/27 10:27:04 | 00,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
    [2008/10/27 10:26:59 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
    [2008/10/27 10:26:56 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
    [2008/10/27 10:26:46 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
    [2008/10/27 10:26:45 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
    [2008/10/27 10:26:42 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
    [2008/10/27 10:26:36 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
    [2008/10/27 10:26:33 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
    [2008/10/27 10:26:33 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
    [2008/10/27 10:26:33 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
    [2008/10/27 10:26:33 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
    [2008/10/27 10:26:33 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
    [2008/10/27 10:26:33 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
    [2008/10/27 10:26:33 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
    [2008/10/27 10:26:32 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
    [2008/10/27 10:26:28 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
    [2008/10/27 10:26:28 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
    [2008/10/27 10:26:28 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
    [2008/10/27 10:26:28 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
    [2008/10/27 10:26:28 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
    [2008/10/27 10:26:28 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
    [2008/10/27 10:26:28 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
    [2008/10/27 10:26:26 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
    [2008/10/27 10:26:26 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
    [2008/10/27 10:26:25 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
    [2008/10/27 10:26:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
    [2008/10/27 10:26:12 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
    [2008/10/27 10:26:11 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
    [2008/10/27 10:26:11 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
    [2008/10/27 10:26:11 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
    [2008/10/27 10:26:10 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
    [2008/10/27 10:26:08 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
    [2008/10/27 10:26:02 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
    [2008/10/27 10:26:01 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
    [2008/10/27 10:26:01 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
    [2008/10/27 10:25:59 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
    [2008/10/26 23:07:38 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
    [2008/10/26 23:07:37 | 02,189,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
    [2008/10/26 23:07:36 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
    [2008/10/26 23:07:35 | 02,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
    [2008/10/26 22:59:57 | 01,846,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
    [2008/10/26 22:47:44 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
    [2008/10/26 22:39:42 | 00,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
    [2008/10/26 19:05:23 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
    [2008/10/26 18:01:40 | 00,000,211 | ---- | C] () -- C:\Boot.bak
    [2008/10/26 18:01:34 | 00,260,272 | ---- | C] () -- C:\cmldr
    [2008/10/26 18:01:22 | 00,000,000 | ---D | C] -- C:\cmdcons
    [2008/10/26 17:57:31 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2008/10/26 17:57:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2008/10/26 17:57:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2008/10/26 17:57:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2008/10/26 17:57:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2008/10/26 17:57:30 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
    [2008/10/26 17:57:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2008/10/26 17:57:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2008/10/26 17:57:30 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
    [2008/10/26 17:57:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2008/10/26 17:57:15 | 00,000,000 | ---D | C] -- C:\Qoobox
    [2008/10/26 15:02:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Local Settings\Application Data\ESET
    [2008/10/26 14:13:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\ESET
    [2008/10/26 14:11:35 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
    [2008/10/26 14:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2008/10/26 14:10:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2008/10/26 13:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\TransRender
    [2008/10/26 13:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\Temporary
    [2008/10/26 13:35:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\ConvertTemp
    [2008/10/26 13:35:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Samsung_USB_Drivers
    [2008/10/26 13:34:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\charlie\Application Data\InstallShield
    [2008/10/21 00:41:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

    ========== Files - Modified Within 30 Days ==========

    [5 C:\WINDOWS\System32\*.tmp files]
    [4 C:\WINDOWS\*.tmp files]
    [2008/11/16 23:17:37 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\charlie\Desktop\OTViewIt.exe
    [2008/11/16 22:59:08 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
    [2008/11/16 22:54:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2008/11/16 22:54:00 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2008/11/16 22:53:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2008/11/16 22:52:36 | 02,641,812 | -H-- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\IconCache.db
    [2008/11/16 22:51:10 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
    [2008/11/16 22:51:10 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
    [2008/11/16 22:51:10 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
    [2008/11/16 22:50:30 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\gmer.zip
    [2008/11/16 22:20:41 | 00,472,494 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\1.bmp
    [2008/11/16 21:10:37 | 00,005,120 | -HS- | M] () -- C:\Documents and Settings\charlie\Desktop\Thumbs.db
    @Alternate Data Stream - 0 bytes -> C:\Documents and Settings\charlie\Desktop\Thumbs.db:encryptable
    [2008/11/16 21:09:06 | 00,025,563 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\1_862305570l.jpg
    [2008/11/16 12:55:49 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
    [2008/11/16 11:23:29 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/11/14 02:00:13 | 00,018,563 | ---- | M] () -- C:\WINDOWS\EPSTPLOG.BAK
    [2008/11/12 19:32:53 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2008/11/12 18:20:57 | 00,000,635 | ---- | M] () -- C:\WINDOWS\win.ini
    [2008/11/10 16:35:59 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to TTW.lnk
    [2008/11/09 10:20:17 | 00,000,281 | RHS- | M] () -- C:\boot.ini
    [2008/11/09 10:20:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2008/11/08 20:52:36 | 00,287,238 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2008/11/05 23:53:00 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Microsoft Office Word 2003.lnk
    [2008/11/04 08:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
    [2008/11/03 17:27:29 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Shortcut to o2mania English.lnk
    [2008/11/03 16:43:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Wordsearch.INI
    [2008/11/03 16:36:23 | 00,000,060 | ---- | M] () -- C:\WINDOWS\GECKOS.INI
    [2008/11/03 15:53:34 | 00,046,832 | ---- | M] () -- C:\Documents and Settings\charlie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2008/11/01 01:29:16 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
    [2008/10/31 18:05:34 | 00,000,447 | ---- | M] () -- C:\Documents and Settings\charlie\Desktop\Garena.lnk
    [2008/10/28 20:18:30 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2008/10/28 20:18:30 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2008/10/28 20:18:30 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2008/10/28 20:16:17 | 00,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2008/10/28 19:41:44 | 00,250,048 | RHS- | M] () -- C:\ntldr
    [2008/10/28 09:58:11 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
    [2008/10/24 19:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mrxsmb.sys
    [2008/10/24 19:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
    < End of report >

    hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:19:17 PM, on 11/16/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\charlie\Desktop\gmer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\WINDOWS\System32\NOTEPAD.EXE
    C:\Documents and Settings\charlie\Desktop\OTViewIt.exe
    C:\WINDOWS\notepad.exe
    C:\WINDOWS\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
    O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Text%20Twist/Images/stg_drm.ocx
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Text%20Twist/Images/armhelper.ocx
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: getPlus® Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
    O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

    --
    End of file - 6654 bytes



    PropagandaPanda
    Nov 16 2008, 10:34 AM
    Hello.

    Looks like ComboFix was run.

    Could you post C:\ComboFix.txt ? I want to see what infections were removed.

    With Regards,
    The Panda
    charlie00
    Nov 16 2008, 10:41 AM
    here's my first combo fix - i ran combofix even though no HJT requested it XD

    ComboFix 08-10-24.02 - charlie 2008-10-26 18:35:33.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.184 [GMT 8:00]
    Running from: C:\Documents and Settings\charlie\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\charlie\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    * Created a new restore point
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\RECYCLER\ADAPT_Installer.exe

    .
    ((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
    .

    2008-10-26 14:13 . 2008-10-26 14:13 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\ESET
    2008-10-26 14:11 . 2008-10-26 14:11 <DIR> d-------- C:\Program Files\ESET
    2008-10-26 14:11 . 2008-10-26 14:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
    2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
    2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\TransRender
    2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Temporary
    2008-10-26 13:35 . 2008-10-26 13:35 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\ConvertTemp
    2008-10-26 13:34 . 2008-10-26 13:34 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\InstallShield
    2008-10-26 13:33 . 2008-10-26 13:33 <DIR> d-------- C:\Documents and Settings\charlie\mapua
    2008-10-21 00:41 . 2008-10-26 13:15 <DIR> d-------- C:\WINDOWS\system32\Adobe
    2008-10-09 18:42 . 2008-10-09 18:42 <DIR> d-------- C:\Documents and Settings\charlie\Application Data\Samsung
    2008-10-09 17:57 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
    2008-10-09 17:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
    2008-10-09 17:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
    2008-10-09 17:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
    2008-10-09 17:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
    2008-10-09 17:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
    2008-10-09 17:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
    2008-10-09 17:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
    2008-10-09 17:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-10-09 17:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
    2008-10-09 17:55 . 2008-10-09 17:55 <DIR> d-------- C:\Program Files\Samsung
    2008-10-06 18:50 . 2008-10-06 18:50 <DIR> d-------- C:\Program Files\Veoh Networks
    2008-09-29 18:25 . 2008-10-26 13:21 <DIR> d-------- C:\Program Files\Packet Tracer 5.0

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-26 10:32 --------- d-----w C:\Documents and Settings\charlie\Application Data\uTorrent
    2008-10-26 06:09 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-26 06:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-10-26 05:35 --------- d-----w C:\Program Files\DivX
    2008-10-26 05:35 --------- d-----w C:\Program Files\Any Video Converter
    2008-10-26 05:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-26 05:34 --------- d-----w C:\Program Files\NOS
    2008-10-26 05:34 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-10-26 05:34 --------- d-----w C:\Program Files\Common Files\Adobe
    2008-10-26 05:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
    2008-10-26 05:21 --------- d-----w C:\Program Files\Freecorder
    2008-10-16 05:59 --------- d-----w C:\Documents and Settings\charlie\Application Data\Any Video Converter
    2008-09-27 10:31 --------- d-----w C:\Documents and Settings\charlie\Application Data\Image Zone Express
    2008-09-07 04:54 --------- d-----w C:\Program Files\NCH Software
    2008-09-02 06:16 --------- d-----w C:\Program Files\PLDTPlay
    2008-09-02 06:10 --------- d-----w C:\Program Files\K-Lite Codec Pack
    2008-09-02 05:27 --------- d-----w C:\Program Files\CyberTime
    2008-09-02 05:27 --------- d-----w C:\Documents and Settings\charlie\Application Data\LimeWire
    2008-09-02 05:26 --------- d-----w C:\Program Files\Replay Music 3
    2008-09-02 05:26 --------- d-----w C:\Program Files\Common Files\Stardock
    2008-08-26 12:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\CityPhotos
    2008-08-26 10:26 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-08-26 05:11 --------- d-----w C:\Documents and Settings\charlie\Application Data\DivX
    2008-08-21 08:52 139,264 ----a-w C:\WINDOWS\War3Unin.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2008-04-16 11:06 1524760 --a------ C:\Program Files\Freecorder\tbFree.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\tbFree.dll" [2008-04-16 1524760]

    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-05-27 4269296]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 1694208]
    "VeohPlugin"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-10 3502840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-07-01 1447168]
    "SoundMan"="SOUNDMAN.EXE" [2006-11-17 C:\WINDOWS\SOUNDMAN.EXE]
    "VTTimer"="VTTimer.exe" [2006-08-03 C:\WINDOWS\system32\VTTimer.exe]
    "VTTrayp"="VTtrayp.exe" [2006-08-30 C:\WINDOWS\system32\VTTrayp.exe]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "DisableStatusMessages"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.HFYU"= huffyuv.dll
    "VIDC.VP31"= vp31vfw.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "C:\\Program Files\\PLDTPlay\\ServerScout\\ServerScout.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "C:\\wamp\\bin\\apache\\apache2.2.8\\bin\\httpd.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "D:\\Warcraft III\\Garena\\Garena.exe"=
    "C:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "C:\\Program Files\\Packet Tracer 5.0\\bin\\PacketTracer5.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
    S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys [ ]
    S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [ ]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
    S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
    S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [ ]
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-NavLogon - (no file)


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\charlie\Application Data\Mozilla\Firefox\Profiles\igysnclo.default\
    FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    FF -: plugin - C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF -: plugin - C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
    .
    .
    ------- File Associations -------
    .
    inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-26 18:37:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    **************************************************************************
    .
    Completion time: 2008-10-26 18:41:20
    ComboFix-quarantined-files.txt 2008-10-26 10:40:17

    Pre-Run: 44,922,716,160 bytes free
    Post-Run: 44,913,070,080 bytes free

    174 --- E O F --- 2008-07-10 06:53:57

    charlie00
    Nov 16 2008, 10:51 AM
    i can't paste my second combo fix log
    it is too long (i ran it again without any request from HJT)

    here's the second log

    http://www.sendspace.com/file/6ivbjp
    PropagandaPanda
    Nov 16 2008, 12:44 PM
    Hello.

    Still nothing. Your logs are quite slim already.

    Try reinstalling your antivirus, as that often takes up lots of resouces.

    We'll try reinstall SP3 if it's still slow.

    With Regards,
    The Panda
    charlie00
    Nov 17 2008, 03:24 AM
    thanks a lot for your help
    PropagandaPanda
    Nov 17 2008, 08:14 AM
    Hello.

    OK, post back when you are done that.

    With Regards,
    The Panda
    PropagandaPanda
    Nov 22 2008, 09:56 AM
    Hello.

    There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
    If you are the topic starter and need this topic reopened, send me a message.

    Everyone else, please begin a new topic.

    With Regards,
    The Panda
    This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
    Invision Power Board © 2001-2009 Invision Power Services, Inc.