Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • This topic is locked This topic is locked
12 replies to this topic

#1 tranQu111ty

tranQu111ty

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 12 August 2007 - 06:13 AM

Thanks in advance!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:30 PM, on 12/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.exe
d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
d:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Config\lsass.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
D:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\PROGRA~1\SYSTEM~1\WScheduler.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Razer\Krait\razerhid.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Razer\Krait\razertra.exe
D:\Program Files\Razer\Krait\razerofa.exe
D:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Winamp\winamp.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thewest.com.au/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\lsass.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaBtSh] d:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "d:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WScheduler] d:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [System Updater Machine] system.exe
O4 - HKLM\..\Run: [Krait] D:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\RunServices: [System Updater Machine] system.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "d:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABIT uGuruIII] D:\Program Files\U-ABIT\abitEQ\ABITEQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: E-mail.lnk = ?
O4 - Global Startup: Spybot - Search & Destroy.lnk = D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 8215 bytes

I had several viruses on my computer... I hope I've cleaned them all out.

Edited by tranQu111ty, 12 August 2007 - 06:14 AM.


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 12 August 2007 - 06:40 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum tranQu111ty :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Download SDFix.exe and save it to your desktop:
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double click on SDFix on your desktop,and install the fix to C:\

Please then reboot your computer into Safe Mode by doing the following:

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode,go to and open the C:\SDFix folder,then double click on RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.

Download Combofix and save to your desktop:
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 tranQu111ty

tranQu111ty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 12 August 2007 - 12:26 PM

SDFix: Version 1.98

Run by Administrator on Mon 13/08/2007 at 01:09 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Program Files\\uTorrent\\utorrent1.6__mult10_nc.exe"="D:\\Program Files\\uTorrent\\utorrent1.6__mult10_nc.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Program Files\\mIRC\\mirc.exe"="D:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\Program Files\\ICQLite\\ICQLite.exe"="D:\\Program Files\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"D:\\Documents and Settings\\Holacyoske\\My Documents\\My Downloads\\utorrent.exe"="D:\\Documents and Settings\\Holacyoske\\My Documents\\My Downloads\\utorrent.exe:*:Enabled:ęTorrent"
"D:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe"="D:\\Program Files\\Sony Ericsson\\Update Service\\ma3platform.exe:*:Enabled:ma3platform"
"D:\\Program Files\\uTorrent\\utorrent.exe"="D:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:ęTorrent"
"D:\\Program Files\\Paltalk Messenger\\paltalk.exe"="D:\\Program Files\\Paltalk Messenger\\paltalk.exe:*:Enabled:Paltalk 9.0"
"D:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="D:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="D:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"D:\\Program Files\\iSpeed\\ispeed3.exe"="D:\\Program Files\\iSpeed\\ispeed3.exe:*:Enabled:TCP/IP Optimization Utility"
"D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="D:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\\Program Files\\Shareaza\\Shareaza.exe"="D:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"="D:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"D:\\Program Files\\MSN Messenger\\livecall.exe"="D:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Documents and Settings\Sensei\Local Settings\Application Data\Microsoft\Messenger\joyfulmedusa@hotmail.com\Sharing Folders\baby_girl0782@hotmail.com\Thumbs.db
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

Finished

And now I'll just get the ComboFix's log.

#4 tranQu111ty

tranQu111ty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 12 August 2007 - 12:30 PM

ComboFix 07-08-12.5 - "Sensei" 2007-08-13 1:26:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1530 [GMT 8:00]


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-13 01:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-13 01:08 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-13 01:07 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-12 17:58 13,324 --a------ C:\WINDOWS\system32\drivers\krait.sys
2007-08-12 14:25 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-08-12 14:25 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-08-12 14:25 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-08-12 14:25 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-08-12 14:25 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-08-12 14:25 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-08-12 14:25 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-08-12 14:25 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-08-12 14:25 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-08-12 14:25 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-08-12 14:25 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-08-12 14:25 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-08-12 14:25 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-08-12 14:25 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-08-12 14:25 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-08-12 14:25 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-08-12 14:25 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-08-12 14:25 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-08-12 14:25 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-08-12 14:25 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-08-12 14:25 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-08-12 14:25 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-08-12 14:25 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-08-12 04:09 <DIR> d--h----- C:\WINDOWS\PIF
2007-08-11 03:28 <DIR> d-------- C:\Credit Card Generator With CVV2 ID CVC2 Generator (2008)
2007-08-09 02:58 <DIR> d-------- C:\DOCUME~1\Sensei\APPLIC~1\Flock
2007-08-09 02:34 <DIR> d-------- C:\DOCUME~1\Sensei\APPLIC~1\Opera
2007-08-08 23:38 <DIR> d-------- C:\DOCUME~1\Sensei\APPLIC~1\MxBoost
2007-07-29 02:15 <DIR> d-------- C:\DOCUME~1\Sensei\APPLIC~1\uTorrent
2007-07-27 07:06 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-27 07:06 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-17 16:59 95,488 -ra------ C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-07-17 16:59 <DIR> d-------- C:\WINDOWS\OPTIONS
2007-07-17 16:58 <DIR> d-------- C:\DOCUME~1\Sensei\APPLIC~1\InstallShield


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-13 01:19 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\Skype
2007-08-13 01:17 --------- d-------- d:\Program Files\Mozilla Thunderbird
2007-08-12 17:58 --------- d--h----- d:\Program Files\InstallShield Installation Information
2007-08-12 17:58 --------- d-------- d:\Program Files\Razer
2007-08-12 11:11 --------- d-------- d:\Program Files\U-ABIT
2007-08-10 08:08 --------- d-------- d:\Program Files\VirtualDJ
2007-08-10 02:09 --------- d-------- d:\Program Files\Flock
2007-08-10 02:09 --------- d-------- d:\Program Files\DivX
2007-08-09 03:02 --------- d-------- d:\Program Files\Opera
2007-08-08 23:40 --------- d-------- d:\Program Files\Maxthon2
2007-08-08 07:19 --------- d-------- d:\Program Files\mIRC
2007-08-08 04:49 --------- d-------- d:\Program Files\Sony Ericsson
2007-08-06 02:03 --------- d-------- d:\Program Files\uTorrent
2007-08-03 02:47 --------- d-------- d:\Program Files\Westnet Usage Grabber
2007-07-29 20:39 --------- d-------- d:\Program Files\Creative
2007-07-21 19:01 --------- d-------- d:\Program Files\Microsoft Bootvis
2007-07-21 14:28 --------- d-------- d:\Program Files\Shareaza
2007-07-21 12:18 --------- d-------- d:\Program Files\Apple Software Update
2007-07-17 16:59 --------- d-------- d:\Program Files\Realtek
2007-07-15 18:54 --------- d-------- d:\Program Files\Mobile Action
2007-07-14 21:13 --------- d-------- d:\Program Files\Registry Clean Expert
2007-07-12 04:07 --------- d-------- d:\Program Files\Nvu
2007-07-12 04:07 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\Nvu
2007-07-12 03:57 --------- d-------- d:\Program Files\FreshDevices
2007-07-10 15:38 --------- d-------- d:\Program Files\OpenOffice.org 2.2
2007-07-10 15:35 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\OpenOffice.org2
2007-07-10 15:34 --------- d-------- d:\Program Files\MagicISO
2007-07-10 15:17 --------- d-------- d:\Program Files\Microsoft Works
2007-07-10 15:16 --------- d-------- d:\Program Files\MSBuild
2007-07-10 15:15 --------- d-------- d:\Program Files\Microsoft.NET
2007-07-10 15:13 --------- d-------- d:\Program Files\Microsoft Visual Studio 8
2007-07-08 05:14 --------- d-------- d:\Program Files\SystemScheduler
2007-07-02 00:25 --------- d-------- d:\Program Files\Intel
2007-06-30 00:58 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\ATI
2007-06-30 00:56 --------- d-------- d:\Program Files\ATI Technologies
2007-06-29 01:01 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\X-Setup Pro
2007-06-29 00:50 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\AdobeUM
2007-06-28 11:49 --------- d-------- d:\Program Files\7-Zip
2007-06-28 11:47 --------- d-------- d:\Program Files\Filzip
2007-06-27 19:30 --------- d-------- d:\Program Files\Lavasoft
2007-06-26 23:07 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\vlc
2007-06-26 21:25 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\dvdcss
2007-06-26 21:24 --------- d-------- d:\Program Files\VideoLAN
2007-06-26 21:18 --------- d-------- d:\Program Files\J River
2007-06-26 20:09 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\Apple Computer
2007-06-26 19:20 --------- d-------- d:\Program Files\Winamp
2007-06-26 01:20 359808 --a--c--- C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-06-26 01:20 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-06-26 01:20 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-06-22 11:16 --------- d-------- d:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-22 11:16 --------- d-------- d:\Program Files\Malicious Software Removal Tool
2007-06-22 11:15 --------- d-------- d:\Program Files\MSXML 6.0
2007-06-22 11:10 --------- d-------- d:\Program Files\AutoPatcher
2007-06-21 22:56 --------- d-------- d:\Program Files\iSpeed
2007-06-21 22:05 --------- d-------- d:\Program Files\CCleaner
2007-06-21 11:33 --------- d-------- C:\DOCUME~1\Sensei\APPLIC~1\Help
2007-06-19 22:25 --------- d-------- d:\Program Files\QuickTime
2007-06-14 03:50 43152 --a------ C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-06-14 03:25 339968 --a------ C:\WINDOWS\system32\ATIDEMGX.dll
2007-06-14 03:24 268288 --a--c--- C:\WINDOWS\system32\dllcache\ati2dvag.dll
2007-06-14 03:24 268288 --a------ C:\WINDOWS\system32\ati2dvag.dll
2007-06-14 03:24 2155520 --a--c--- C:\WINDOWS\system32\dllcache\ati2mtag.sys
2007-06-14 03:24 2155520 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-06-14 03:23 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2007-06-14 03:17 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2007-06-14 03:17 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2007-06-14 03:17 139264 --a------ C:\WINDOWS\system32\atipdlxx.dll
2007-06-14 03:17 118784 --a------ C:\WINDOWS\system32\Oemdspif.dll
2007-06-14 03:16 118784 --a------ C:\WINDOWS\system32\ati2evxx.dll
2007-06-14 03:15 483328 --a------ C:\WINDOWS\system32\ati2evxx.exe
2007-06-14 03:14 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2007-06-14 03:10 8097792 --a------ C:\WINDOWS\system32\atioglx2.dll
2007-06-14 03:07 2922208 --a--c--- C:\WINDOWS\system32\dllcache\ati3duag.dll
2007-06-14 03:07 2922208 --a------ C:\WINDOWS\system32\ati3duag.dll
2007-06-14 02:57 1512960 --a--c--- C:\WINDOWS\system32\dllcache\ativvaxx.dll
2007-06-14 02:57 1512960 --a------ C:\WINDOWS\system32\ativvaxx.dll
2007-06-14 02:46 5431296 --a------ C:\WINDOWS\system32\atioglxx.dll
2007-06-14 02:43 262144 --a------ C:\WINDOWS\system32\atikvmag.dll
2007-06-14 02:42 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2007-06-14 02:41 50176 --a------ C:\WINDOWS\system32\atiok3x2.dll
2007-06-14 02:41 49152 --a------ C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-14 02:36 368640 --a--c--- C:\WINDOWS\system32\dllcache\ati2cqag.dll
2007-06-14 02:36 368640 --a------ C:\WINDOWS\system32\ati2cqag.dll
2007-06-13 14:29 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-05-31 14:45 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-05-31 14:44 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-05-31 14:44 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-05-31 14:44 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-05-31 14:44 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-05-12 08:31 490272 --a------ C:\WINDOWS\system32\LVUI2.dll
2007-05-12 08:31 465696 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2007-05-12 08:28 416544 --a------ C:\WINDOWS\system32\LVCodec2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="D:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 10:42]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"MaBtSh"="d:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [2006-02-08 17:29]
"LogitechQuickCamRibbon"="d:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-17 11:32 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-17 11:32 C:\WINDOWS\CTHELPER.EXE]
"AVG7_CC"="d:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-21 11:37]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"WScheduler"="d:\PROGRA~1\SYSTEM~1\WScheduler.exe" [2007-06-25 20:19]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SunJavaUpdateSched"="d:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"System Updater Machine"="system.exe" []
"Krait"="D:\Program Files\Razer\Krait\razerhid.exe" [2007-02-16 17:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-02-22 22:31]
"MsnMsgr"="d:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"ABIT uGuruIII"="D:\Program Files\U-ABIT\abitEQ\ABITEQ.exe" [2007-02-01 15:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"System Updater Machine"=system.exe

R3 ABIT-IO;ABIT-IO;\??\D:\Program Files\U-ABIT\abitEQ\ABIT-IO.sys
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys
R3 krait03;Razer krait USB Filter Driver;C:\WINDOWS\system32\Drivers\krait.sys
R3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys
R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
S3 Ma730Hid;Ma730Hid;C:\WINDOWS\system32\DRIVERS\Ma730Hid.sys
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys


Contents of the 'Scheduled Tasks' folder
2007-08-11 04:05:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - D:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-07-08 02:00:00 C:\WINDOWS\Tasks\shutdown.job - C:\WINDOWS\system32\shutdown.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 01:26:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-13 1:27:20

--- E O F ---

And now another HijackThis log...

#5 tranQu111ty

tranQu111ty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 12 August 2007 - 12:31 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:18 AM, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
d:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
D:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\PROGRA~1\SYSTEM~1\WScheduler.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Razer\Krait\razerhid.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Razer\Krait\razertra.exe
D:\Program Files\Razer\Krait\razerofa.exe
D:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thewest.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaBtSh] d:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "d:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WScheduler] d:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [System Updater Machine] system.exe
O4 - HKLM\..\Run: [Krait] D:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\RunServices: [System Updater Machine] system.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "d:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABIT uGuruIII] D:\Program Files\U-ABIT\abitEQ\ABITEQ.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: E-mail.lnk = ?
O4 - Startup: Internet.lnk = ?
O4 - Global Startup: Spybot - Search & Destroy.lnk = D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 8123 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 12 August 2007 - 01:14 PM

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [System Updater Machine] system.exe
O4 - HKLM\..\RunServices: [System Updater Machine] system.exe

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#7 tranQu111ty

tranQu111ty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 12 August 2007 - 04:01 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/13/2007 at 04:57 AM

Application Version : 3.9.1008

Core Rules Database Version : 3284
Trace Rules Database Version: 1295

Scan type : Complete Scan
Total Scan Time : 00:24:49

Memory items scanned : 592
Memory threats detected : 0
Registry items scanned : 6113
Registry threats detected : 0
File items scanned : 29383
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\Sensei\Cookies\sensei@bs.serving-sys[2].txt
C:\Documents and Settings\Sensei\Cookies\sensei@pamedia.com[1].txt
C:\Documents and Settings\Sensei\Cookies\sensei@adopt.euroclick[2].txt
C:\Documents and Settings\Sensei\Cookies\sensei@media.sensis.com[2].txt
C:\Documents and Settings\Sensei\Cookies\sensei@clickshift[2].txt
C:\Documents and Settings\Sensei\Cookies\sensei@serving-sys[2].txt
C:\Documents and Settings\Sensei\Cookies\sensei@cgi-bin[2].txt
C:\Documents and Settings\Sensei\Cookies\sensei@windowsmedia[1].txt
C:\Documents and Settings\Sensei\Cookies\sensei@sensismediasmart.com[1].txt

And the HijackThis log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:19 AM, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
d:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
D:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
D:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\CTHELPER.EXE
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
D:\PROGRA~1\SYSTEM~1\WScheduler.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\Razer\Krait\razerhid.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\Razer\Krait\razertra.exe
D:\Program Files\Razer\Krait\razerofa.exe
D:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
d:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thewest.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] D:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MaBtSh] d:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "d:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WScheduler] d:\PROGRA~1\SYSTEM~1\WScheduler.exe /LOGON
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "d:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Krait] D:\Program Files\Razer\Krait\razerhid.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "d:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ABIT uGuruIII] D:\Program Files\U-ABIT\abitEQ\ABITEQ.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: E-mail.lnk = ?
O4 - Startup: Internet.lnk = ?
O4 - Global Startup: Spybot - Search & Destroy.lnk = D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - d:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - d:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BF8E841-BAA8-4260-96FA-DF92C3F4E1FF}: NameServer = 192.168.1.254
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

--
End of file - 8168 bytes

#8 tranQu111ty

tranQu111ty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 12 August 2007 - 04:05 PM

My computer is running much better... well done and thank you. :thumbsup:

I usually use Spybot for my spyware. Run SUPERAntiSpyware and Spybot with each other or can I just use one to pick up everything?

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 13 August 2007 - 02:43 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
SDFix.exe
Combofix

C:\SDFix
C:\QOOBOX

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

----------------------------------------------------

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

I usually use Spybot for my spyware. Run SUPERAntiSpyware and Spybot with each other or can I just use one to pick up everything?

There's no reason at all why you can't run them both.
I suggest you also download and use the following for extra protection:

SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html

Ad-Aware 2007 Free:
http://www.lavasoftusa.com/products/ad_aware_free.php
Posted Image
Posted Image

#10 tranQu111ty

tranQu111ty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 14 August 2007 - 01:21 PM

Everything is running fine except my web browsers. The pages are not fully loading and sometimes will not load up at all. This happens in IE as well as Firefox which I currently use. I'm running Windows XP SP2.

Any suggestions?

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 14 August 2007 - 02:22 PM

Download/install Internet Explorer 7:
http://www.microsoft.com/windows/downloads/ie/getitnow.mspx

Try creating a new profile within Firefox by following these instructions carefully,see if that helps:
http://www.mozilla.org/support/firefox/profile#new

Let me know how you get on.
Posted Image
Posted Image

#12 tranQu111ty

tranQu111ty
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 15 August 2007 - 01:08 AM

I have managed to fix the problem. Thanks for all your help it's been much appreciated. :thumbsup:

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 15 August 2007 - 05:15 AM

You're most welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users