Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Tiny.id, Ezula,vbstat, Virtuamonde, Etc. - Please Help.


  • Please log in to reply
3 replies to this topic

#1 homeplanetpost

homeplanetpost

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 08 August 2007 - 10:04 PM

Our post production computer which we rent to clients came back with a barrage of virii. We're in the middle of two shows and could certainly use some insight on ridding ourselves of endless popups and virus alerts. Tried NOD, Adaware, Hijack, and a virtuamonde fix tool (to no avail).

Thanks for any help. Here are the logs. Combo First....

ComboFix 07-08-09.3 - "Administrator" 2007-08-08 17:33:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2069 [GMT -8:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADMINI~1\APPLIC~1\install.dat
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\racle~1
C:\DOCUME~1\ADMINI~1\MYDOCU~1.\racle~1\w?auboot.exe
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs.\Outerinfo
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs.\Outerinfo\Terms.lnk
C:\DOCUME~1\ADMINI~1\STARTM~1\Programs.\Outerinfo\Uninstall.lnk
C:\Program Files\appatc~1
C:\Program Files\appatc~1\A?pPatch\
C:\Program Files\codec_setup.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\fnts~1
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\aumqjrqu.dll
C:\WINDOWS\system32\byxyyxy.dll
C:\WINDOWS\system32\euzhuw.dll
C:\WINDOWS\system32\fccayya.dll
C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini
C:\WINDOWS\system32\gwdkkomr.dll
C:\WINDOWS\system32\jkkjjki.dll
C:\WINDOWS\system32\kcshincx.dll
C:\WINDOWS\system32\klikalka.exe
C:\WINDOWS\system32\kownnnny.exe
C:\WINDOWS\system32\kyjuynne.exe
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\mngavfqd.dll
C:\WINDOWS\system32\mt_32.dll
C:\WINDOWS\system32\netp.dll
C:\WINDOWS\system32\qxwwblio.exe
C:\WINDOWS\system32\rmokkdwg.ini
C:\WINDOWS\system32\srutv.bak1
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.tmp
C:\WINDOWS\system32\ssqnlki.dll
C:\WINDOWS\system32\viqeawki.exe
C:\WINDOWS\system32\vrhyoebk.exe
C:\WINDOWS\system32\vturs.dll
C:\WINDOWS\system32\winload.dll
C:\WINDOWS\system32\winnet.dll
C:\WINDOWS\system32\wnsapiicomsv32.exe
C:\WINDOWS\system32\wsock.dll
C:\WINDOWS\system32\xfcjaknv.exe


((((((((((((((((((((((((( Files Created from 2007-07-09 to 2007-08-09 )))))))))))))))))))))))))))))))


2007-08-08 17:33 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 12:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-07 12:52 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-07 12:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-08-07 11:57 <DIR> d-------- C:\Program Files\Lavasoft
2007-08-07 11:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-07 11:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-07 11:50 0 --a------ C:\WINDOWS\nsreg.dat
2007-08-06 20:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\HP
2007-08-06 20:23 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-08-06 19:31 <DIR> d-------- C:\Program Files\Common Files\HP
2007-08-06 19:30 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-08-06 19:28 876,544 -ra------ C:\WINDOWS\system32\hpwwiax1.dll
2007-08-06 19:28 835,072 -ra------ C:\WINDOWS\system32\hpwtiop1.dll
2007-08-06 19:28 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2007-08-06 19:28 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2007-08-06 19:28 6,784 --a------ C:\WINDOWS\system32\dllcache\serscan.sys
2007-08-06 19:28 38,400 --a------ C:\WINDOWS\system32\hpz3l4sa.dll
2007-08-06 19:28 286,720 -ra------ C:\WINDOWS\system32\HPZc3212.dll
2007-08-06 19:28 258,122 -ra------ C:\WINDOWS\system32\hpovst09.dll
2007-08-06 19:24 <DIR> d-------- C:\TEMP
2007-08-06 19:22 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-08-06 19:22 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-08-06 19:22 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-08-06 19:22 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2007-08-06 19:22 <DIR> d-------- C:\WINDOWS\carrier
2007-08-06 19:22 <DIR> d-------- C:\Program Files\HP
2007-08-06 19:20 142,067 --a------ C:\WINDOWS\hpwins05.dat
2007-08-01 13:17 <DIR> d-------- C:\Program Files\Magicantispy
2007-08-01 13:14 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\U3


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 18:31 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\WTablet
2007-08-08 12:41 --------- d-ah----- C:\Program Files\WindowsUpdate
2007-06-21 14:51 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Avid
2007-06-21 14:27 --------- d-------- C:\Program Files\Avid
2007-06-21 14:26 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-21 14:25 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\PACE Anti-Piracy
2007-06-21 14:24 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InstallShield
2007-06-21 14:22 --------- d-------- C:\Program Files\Common Files\Avid
2007-06-16 00:31 893568 --a------ C:\WINDOWS\system32\drivers\AvidNitrisBase.sys
2007-06-16 00:31 800384 --a------ C:\WINDOWS\system32\drivers\AvidNitrisCodec.sys
2007-06-16 00:30 56832 --a------ C:\WINDOWS\system32\drivers\AvidXPSerial.sys
2007-06-15 23:40 516096 --a------ C:\WINDOWS\system32\AvidSDM.dll
2007-06-15 23:40 49152 --a------ C:\WINDOWS\system32\AvidSDMService.exe
2007-06-15 23:40 1536000 --a------ C:\WINDOWS\system32\AvidStartup.exe
2007-06-15 23:09 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-15 23:09 483328 --a------ C:\WINDOWS\system32\Dsi.dll
2007-06-15 23:09 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-15 23:09 1060864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-15 22:32 141312 --a------ C:\WINDOWS\system32\FFBTN32.dll
2007-06-15 22:26 45056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2007-06-15 22:26 25244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-06-15 22:17 7962624 --a------ C:\WINDOWS\system32\SVI.dll
2007-06-15 22:15 765952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2007-06-15 22:15 544768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2007-06-15 22:15 2179072 --a------ C:\WINDOWS\system32\MFC71d.dll
2007-06-15 22:15 2174464 --a------ C:\WINDOWS\system32\mfc71ud.dll
2007-06-15 22:15 1047552 --a------ C:\WINDOWS\system32\MFC71u.dll
2007-06-15 22:14 180276 --a------ C:\WINDOWS\system32\Mspdb50.dll
2007-06-15 22:11 53248 --a------ C:\WINDOWS\system32\ipl.dll
2007-06-15 22:11 2981888 --a------ C:\WINDOWS\system32\iplw7.dll
2007-06-15 22:11 2973696 --a------ C:\WINDOWS\system32\iplA6.dll
2007-06-15 22:11 2785280 --a------ C:\WINDOWS\system32\iplM6.dll
2007-06-15 22:11 2686976 --a------ C:\WINDOWS\system32\iplM5.dll
2007-06-15 22:11 2531328 --a------ C:\WINDOWS\system32\iplP6.dll
2007-06-15 22:11 2502656 --a------ C:\WINDOWS\system32\iplPX.dll
2007-06-15 22:11 19968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-06-15 22:11 1728606 --a------ C:\WINDOWS\system32\libmmdd.dll
2007-06-15 22:11 1658973 --a------ C:\WINDOWS\system32\libmmd.dll
2007-06-15 22:11 122880 --a------ C:\WINDOWS\system32\PtSSE2.dll
2007-06-15 21:27 102400 --a------ C:\WINDOWS\system32\Dac32.dll
2007-06-15 21:24 675840 --a------ C:\WINDOWS\system32\mmclientVC7.dll
2007-06-15 21:24 65536 --a------ C:\WINDOWS\system32\AvidQTUpdaterVC7.dll
2007-06-15 21:23 614400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll
2007-06-15 21:23 61440 --a------ C:\WINDOWS\system32\libjpegV4.dll
2007-05-16 06:07 8192 --a------ C:\WINDOWS\system32\msiphelp.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"DrvLsnr"="C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 04:34]
"PRONoMgrWired"="c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-11-18 10:16]
"PDF Complete"="C:\Program Files\PDF Complete\pdfsty.exe" [2005-03-06 20:52]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-19 07:15]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe" [2005-09-19 00:53]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 00:29]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [2007-03-01 15:11]
"MDGetStarted.exe"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-02-21 10:05]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-12-09 01:17]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-07 12:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 13:13]
"Altn"="C:\PROGRA~1\APPATC~1\lsass.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Avid Unity Connection Manager.lnk - C:\Program Files\Avid Technology\AvidUnity\ConnectionManager\ConnectionManager.exe [2007-03-26 12:13:18]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winzwr32]
winzwr32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Altn]
"C:\PROGRA~1\APPATC~1\lsass.exe" -vt yazb

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\TEMP\winB255.tmp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
rundll32.exe C:\WINDOWS\system32\drvliv.dll,startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ithmc]
"C:\Documents and Settings\Administrator\My Documents\?racle\w?auboot.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magicantispy]
C:\Program Files\Magicantispy\Magicantispy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RunDLL32.exe NvMCTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Promon.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SManager]
smanager.7.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\system32\fuqryilg.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows update loader]
C:\Windows\xpupdate.exe

R0 avidcomm;AvidComm;C:\WINDOWS\system32\drivers\avidcomm.sys
R0 ExpresFC;ExpresFC;C:\WINDOWS\system32\DRIVERS\ExpresFC.sys
R0 MDFSYSNT;MacDrive file system driver;C:\WINDOWS\system32\drivers\MDFSYSNT.sys
R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys
R0 sbp2port;SBP-2 Transport/Protocol Bus Driver;C:\WINDOWS\system32\DRIVERS\sbp2port.sys
R0 TPkd;TPkd;C:\WINDOWS\system32\drivers\TPkd.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 nod32drv;nod32drv;C:\WINDOWS\system32\drivers\nod32drv.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\system32\drivers\pwd_2k.sys
R1 RxFilter;RxFilter;C:\WINDOWS\system32\DRIVERS\RxFilter.sys
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
R2 AvidFS;AvidFS;C:\WINDOWS\system32\drivers\AvidFS.sys
R2 DigiNet;Digidesign Ethernet Support;C:\WINDOWS\system32\DRIVERS\diginet.sys
R2 fsdk-wrap;fsdk-wrap;C:\WINDOWS\system32\drivers\fsdk-wrap.sys
R2 MacDriveService;MacDriveService;"C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe"
R2 Net Driver HPZ12;Net Driver HPZ12;C:\WINDOWS\System32\svchost.exe -k HPZ12
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService
R2 Sentinel;Sentinel;C:\WINDOWS\system32\Drivers\SENTINEL.SYS
R2 SoundMAX Agent Service (default);SoundMAX Agent Service;C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
R3 AvidNitrisBase;Avid Nitris Base Driver;C:\WINDOWS\system32\DRIVERS\AvidNitrisBase.sys
R3 AvidNitrisCodec;Avid Nitris Codec Driver;C:\WINDOWS\system32\DRIVERS\AvidNitrisCodec.sys
R3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
R3 SNTNLUSB;SafeNet USB SuperPro/UltraPro;C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
S2 AvidUnityFS;AvidUnity FS;C:\WINDOWS\system32\AvidFS_Service.exe
S3 iAimFP5;iAimFP5;C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
S3 iAimFP6;iAimFP6;C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
S3 iAimFP7;iAimFP7;C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
S3 iAimTV5;iAimTV5;C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
S3 iAimTV6;iAimTV6;C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
S3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
S4 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12


Contents of the 'Scheduled Tasks' folder
2007-07-20 05:01:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 18:32:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\CancelAutoplay\CLSID]
"\30 A?E?2?A?E?D?8?F?-?5?6?9?5?-?4?a?6?d?-?9?7?0?9?-?1?4?E?5?1?C?D?1?7?B?1?C?'?"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AE3C133819C0AA344A4D7222C1361193\Usage]
"statusexe"=dword:370811e7
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EED08B1E597A8524485470C460EAA38B\Usage]
"MarketResearch"=dword:3708001b

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

Completion time: 2007-08-08 18:32:42 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-08 18:32

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:20:30 PM, on 8/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avid Technology\AvidUnity\ConnectionManager\ConnectionManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\Documents and Settings\Administrator\My Documents\?racle\w?auboot.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\mjkgvqxt.dll",forkonce
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Altn] "C:\PROGRA~1\APPATC~1\lsass.exe" -vt ndrv
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKLM\..\Policies\Explorer\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Avid Unity Connection Manager.lnk = C:\Program Files\Avid Technology\AvidUnity\ConnectionManager\ConnectionManager.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174521182593
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\system32\winload.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: AvidUnity FS (AvidUnityFS) - Unknown owner - C:\WINDOWS\system32\AvidFS_Service.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 7939 bytes

Attached Files



BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 09 August 2007 - 05:56 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum homeplanetpost :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Please move HijackThis to a permanent folder on the hard drive such as C:\HJT.
Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse any line entry deletion if found to be necessary.
If you run Hijackthis from the desktop, the files it removes will not be backed up properly.

How to create a new folder named HJT
1. Click Start/My Computer,in the 'My Computer' window,open the window in which you want to create the new folder,click on Local Disk C:
2. From the 'File' menu choose 'New'.
3. From the 'New' menu choose 'Folder'.
4. Type the folder name: HJT
5. Then press Enter.
---------------------------------------------------
Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
---------------------------------------------------
Now go to:
C:\HJT\HijackThis.exe
Right click on Hijackthis.exe and select 'Rename', rename it to abc.bat
Double click on abc.bat(which is still Hijackthis.exe),post that log into your next reply please.
Posted Image
Posted Image

#3 homeplanetpost

homeplanetpost
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 09 August 2007 - 12:00 PM

Revised HJT log from correct folder. My system gets incredibly slow in safe mode and the desktop goes completely black making it impossible to use anything.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:35 AM, on 8/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avid Technology\AvidUnity\ConnectionManager\ConnectionManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [PRONoMgrWired] c:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Altn] "C:\PROGRA~1\APPATC~1\lsass.exe" -vt ndrv
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Avid Unity Connection Manager.lnk = C:\Program Files\Avid Technology\AvidUnity\ConnectionManager\ConnectionManager.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174521182593
O20 - Winlogon Notify: winzwr32 - winzwr32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: AvidUnity FS (AvidUnityFS) - Unknown owner - C:\WINDOWS\system32\AvidFS_Service.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Dantz - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 8001 bytes

Attached Files


Edited by homeplanetpost, 09 August 2007 - 12:02 PM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 09 August 2007 - 02:38 PM

Double click on combofix.exe again and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Also post a new Hijackthis log please.

Post all logs/reports directly into this topic,not as attachments,thanks.

Edited by RichieUK, 09 August 2007 - 02:39 PM.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users