Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojanmonde Infection


  • This topic is locked This topic is locked
17 replies to this topic

#1 ditavandread

ditavandread

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 14 February 2008 - 09:00 AM

Hello! I am Melesa, currently a junior college student. Recently, around Chinese New Year or so, my laptop was infected with the oh-so-dreaded Trojanmonde. I was gaming, (WoW) and this msn window popped up from one of my friends. Since the message was really similar to something which she might say, I just clicked download before really asking if it was for real and went back to gaming. Then I realised it was a horrible mistake.

I have purchased a version of PC Tools Spyware Doctor, as recommanded by my computer technician some time back. It managed to detect all related files for the time of scan, but somehow the trojan just reappears during the next. I am unable to go on MSN as it spams all my contacts with the same message. This is pretty damaging since I have a major project due and MSN is in a way a tool of communication for my group members. I can't afford to do a system recovery since some of the files here are essential to my school work. Darn my carelessness. The last time my computer was infected was in 2005. Hence my complaceny and guilibility.

I really hope that someone here is able to guide me through the process of getting rid of this trojan. Please and thank you!

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:24 PM, on 2/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\apnsvc.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Documents and Settings\Melesa\My Documents\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23D44BCF-AA7A-41D6-8905-E808F16322EF} - C:\WINDOWS\system32\rqrollj.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {973F2302-813F-48B6-A77E-55574554D421} - C:\WINDOWS\system32\vtsqq.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B12D4C1E-F318-4D69-AA62-AD9BE199CF93} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: (no name) - {C719FE1A-3CC7-4809-80A8-CD82CA6CD6DD} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: (no name) - {EB93D0AE-76A1-4DAF-B641-C7C1B977C9D6} - C:\WINDOWS\system32\jkklj.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Application Manager] apnsvc.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168684170410
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168684128394
O20 - Winlogon Notify: rqrollj - C:\WINDOWS\SYSTEM32\rqrollj.dll
O20 - Winlogon Notify: rqrommm - rqrommm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 16822 bytes

Thanks once more!

~Melesa

BC AdBot (Login to Remove)

 


m

#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 16 February 2008 - 02:31 PM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
Step 2

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix (C:\Combofix.txt) when you've accomplished that, along with a new HijackThis log and the CCleaner Uninstall List (install.txt)
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 ditavandread

ditavandread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 18 February 2008 - 09:08 AM

Hello, thanks for helping me with this issue. Here are the logs you've requested.

Combofix Log

ComboFix 08-02-18.1 - Melesa 2008-02-18 21:26:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.331 [GMT 8:00]
Running from: C:\Documents and Settings\Melesa\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebayvv.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\awtqrpq.dll
C:\WINDOWS\system32\awtrqqo.dll
C:\WINDOWS\system32\awtstqp.dll
C:\WINDOWS\system32\awtuurs.dll
C:\WINDOWS\system32\awvtspm.dll
C:\WINDOWS\system32\awvwuuv.dll
C:\WINDOWS\system32\bigogspc.dll
C:\WINDOWS\system32\byxustt.dll
C:\WINDOWS\system32\byxuuus.dll
C:\WINDOWS\system32\cbxvvss.dll
C:\WINDOWS\system32\cbxwwus.dll
C:\WINDOWS\system32\cpsgogib.ini
C:\WINDOWS\system32\ddaayaa.dll
C:\WINDOWS\system32\ddcbcbx.dll
C:\WINDOWS\system32\ddccaaa.dll
C:\WINDOWS\system32\ddccabx.dll
C:\WINDOWS\system32\ddccdef.dll
C:\WINDOWS\system32\dpouysfr.dll
C:\WINDOWS\system32\efcabyy.dll
C:\WINDOWS\system32\efcbabb.dll
C:\WINDOWS\system32\efccyvt.dll
C:\WINDOWS\system32\efcyvwx.dll
C:\WINDOWS\system32\fcccyxy.dll
C:\WINDOWS\system32\gebayvv.dll
C:\WINDOWS\system32\gebbcdc.dll
C:\WINDOWS\system32\hggfcdc.dll
C:\WINDOWS\system32\hggffcy.dll
C:\WINDOWS\system32\hgggeeb.dll
C:\WINDOWS\system32\hgghhge.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\iifdccy.dll
C:\WINDOWS\system32\iifdeef.dll
C:\WINDOWS\system32\jkkighg.dll
C:\WINDOWS\system32\jkkkkig.dll
C:\WINDOWS\system32\jkkklmn.dll
C:\WINDOWS\system32\khfdbxy.dll
C:\WINDOWS\system32\khfecdc.dll
C:\WINDOWS\system32\khhfghg.dll
C:\WINDOWS\system32\khhihfe.dll
C:\WINDOWS\system32\ljhifee.dll
C:\WINDOWS\system32\ljjjkji.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljhecd.dll
C:\WINDOWS\system32\mljijkl.dll
C:\WINDOWS\system32\mljjihe.dll
C:\WINDOWS\system32\nnnkkhi.dll
C:\WINDOWS\system32\nnnkkjh.dll
C:\WINDOWS\system32\nnnmljk.dll
C:\WINDOWS\system32\opnllji.dll
C:\WINDOWS\system32\opnlmjh.dll
C:\WINDOWS\system32\opnolig.dll
C:\WINDOWS\system32\pmnkjif.dll
C:\WINDOWS\system32\pmnkjih.dll
C:\WINDOWS\system32\pmnliih.dll
C:\WINDOWS\system32\pmnnmml.dll
C:\WINDOWS\system32\pmnoppp.dll
C:\WINDOWS\system32\qomlmki.dll
C:\WINDOWS\system32\qommllk.dll
C:\WINDOWS\system32\qomnkkl.dll
C:\WINDOWS\system32\qrqgxpgn.dll
C:\WINDOWS\system32\rqopnoo.dll
C:\WINDOWS\system32\rqromno.dll
C:\WINDOWS\system32\rqrqono.dll
C:\WINDOWS\system32\rqrsqnm.dll
C:\WINDOWS\system32\rqrsrom.dll
C:\WINDOWS\system32\ssqoonk.dll
C:\WINDOWS\system32\ssqpnlm.dll
C:\WINDOWS\system32\ssqpomn.dll
C:\WINDOWS\system32\ssqrrro.dll
C:\WINDOWS\system32\sstqnnn.dll
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\tuvtroo.dll
C:\WINDOWS\system32\tuvtspn.dll
C:\WINDOWS\system32\tuvutro.dll
C:\WINDOWS\system32\tuvvtqp.dll
C:\WINDOWS\system32\urqoopm.dll
C:\WINDOWS\system32\urqqopm.dll
C:\WINDOWS\system32\vturrrp.dll
C:\WINDOWS\system32\vtuutsp.dll
C:\WINDOWS\system32\vxtmbglt.dll
C:\WINDOWS\system32\wvurstt.dll
C:\WINDOWS\system32\wvuturq.dll
C:\WINDOWS\system32\wvuussp.dll
C:\WINDOWS\system32\wvuvvtq.dll
C:\WINDOWS\system32\wvuvwus.dll
C:\WINDOWS\system32\wvuvwvs.dll
C:\WINDOWS\system32\wvwxwuv.dll
C:\WINDOWS\system32\xbnagaha.dll
C:\WINDOWS\system32\xxwuroo.dll
C:\WINDOWS\system32\xxywwvv.dll
C:\WINDOWS\system32\xxyyxww.dll
C:\WINDOWS\system32\yayyaxv.dll

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cőj
hxxp://au.download.windowsupda
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 21:05 . 2008-02-18 21:05 <DIR> d-------- C:\Program Files\CCleaner
2008-02-17 23:39 . 2008-02-17 23:39 98 --a------ C:\WINDOWS\WirelessFTP.INI
2008-02-15 17:02 . 2008-02-15 17:02 294 --ahs---- C:\WINDOWS\system32\bbjyeikg.ini
2008-02-14 19:45 . 2008-02-14 19:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-14 19:45 . 2008-02-14 19:45 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-14 19:45 . 2008-02-14 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 19:45 . 2008-02-14 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-13 21:42 . 2008-02-18 20:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-13 21:42 . 2008-02-13 21:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-11 22:56 . 2006-09-21 08:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-11 22:56 . 2006-09-21 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-02-10 03:09 . 2004-08-04 20:00 337,920 --a------ C:\WINDOWS\system32\zipfldr.dll
2008-02-10 03:09 . 2004-08-04 20:00 337,920 --a--c--- C:\WINDOWS\system32\dllcache\zipfldr.dll
2008-02-09 02:56 . 2008-02-11 22:17 <DIR> d-------- C:\VundoFix Backups
2008-02-09 02:41 . 2008-02-09 02:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-08 02:15 . 2008-02-18 17:09 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 01:42 . 2008-02-15 22:12 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-08 01:42 . 2008-02-08 01:42 <DIR> d-------- C:\Documents and Settings\Melesa\Application Data\PC Tools
2008-02-08 01:42 . 2008-02-08 23:57 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-08 01:42 . 2008-02-08 23:57 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-08 01:42 . 2008-02-08 02:11 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-08 01:42 . 2008-02-08 02:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-08 01:40 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-08 00:49 . 2008-02-08 00:49 262 --ahs---- C:\WINDOWS\system32\ectoujxu.ini
2008-02-07 21:44 . 2008-02-07 22:19 <DIR> d-------- C:\Program Files\Graphmatica
2008-02-05 21:28 . 2008-02-05 13:19 77,824 -rahs---- C:\WINDOWS\system32\apnsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-16 03:02 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-02-15 22:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-15 13:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-06 11:43 --------- d-----w C:\Documents and Settings\Melesa\Application Data\ZoomBrowser EX
2008-02-06 11:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-03 12:55 --------- d-----w C:\Documents and Settings\Melesa\Application Data\AdobeUM
2008-01-30 01:59 --------- d-----w C:\Program Files\softnyx
2008-01-26 16:44 --------- d-----w C:\Program Files\World of Warcraft
2008-01-17 11:04 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-01-12 14:29 --------- d-----w C:\Documents and Settings\Melesa\Application Data\Apple Computer
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 19:47 118784]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 13:21 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 07:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-28 05:46 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 05:12 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 11:26 23168]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-15 03:11 176128]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2006-06-01 01:43 151552]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 11:35 1732608]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 05:48 479232]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00 208952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Application Manager"="apnsvc.exe" [2008-02-05 13:19 77824 C:\WINDOWS\system32\apnsvc.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-02-08 03:02 1065800]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2006-09-21 08:32:33 491520]
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2006-10-24 12:43:23 778240]

C:\Documents and Settings\Melesa\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2006-10-24 12:43:23 778240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoTaskGrouping"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrommm]
rqrommm.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-06-21 07:11 73728 C:\WINDOWS\system32\VESWinlogon.dll

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 17:32]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 10:10]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 03:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 12:03:13 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Melesa.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 21:50:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2008-02-18 21:55:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 13:55:15
ComboFix2.txt 2008-02-11 15:30:37
ComboFix3.txt 2008-02-11 14:37:54
.
2008-02-13 13:34:37 --- E O F ---

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:49 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Melesa\My Documents\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Application Manager] apnsvc.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168684170410
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168684128394
O20 - Winlogon Notify: rqrommm - rqrommm.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14842 bytes

CCleaner Log

Adobe Acrobat 6.0 Professional
Adobe Common File Installer
Adobe Creative Suite
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Help Center 2.0
Adobe Premiere Elements 2.0
Adobe Reader 7.0.9
Adobe SVG Viewer 3.0
Apple Software Update
Auctioneer AddOns
Bluetooth Stack for Windows by Toshiba
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.30
DVgate Plus
GameGuard
Google Gmail Notifier
Graphmatica
GunboundWC
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB900466)
Hotfix for Windows XP (KB909667)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB935448)
Image Converter 2 Plus
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
InterVideo WinDVDX
iPod Updater 2004-11-15
iTunes
J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 3
LAN Setting Utility
LAN-Express AS IEEE 802.11 Wireless LAN
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MapleStory
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft GB18030 Support Package
mMHouse
mPfMgr
mProSafe
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mWlsSafe
mXML
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
NVIDIA Drivers
OpenMG AAC Add-On Module
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module
OpenMG Secure Module 4.5.01
PictureGear Studio 2.0
Pocket RAR documentation
QuickTime
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Setting Utility Series
Soft Data Fax Modem with SmartCP
SonicStage 4.0
SonicStage Mastering Studio 2.2
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony MP4 Shared Library
Sony USB Mouse
Sony Utilities DLL
Sony Video Shared Library
SPBBC
Spybot - Search & Destroy
SpyHunter
Spyware Doctor 5.0
Symantec KB-DocID:2003093015493306
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VAIO Aqua Breeze Wallpaper
VAIO Control Center
VAIO Cozy Orange Wallpaper
VAIO Edit Components 6.0
VAIO Entertainment Platform
VAIO Event Service
VAIO Long Battery Life Wallpaper
VAIO Manual
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Tender Green Wallpaper
VAIO Update 2
VAIO Zone
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB307154
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver
Wireless LAN Starter
Wireless Switch Setting Utility
World of Warcraft
Yugioh Virtual Desktop

Thank you~!

Edited by ditavandread, 18 February 2008 - 09:09 AM.


#4 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 18 February 2008 - 10:58 AM

Hi :thumbsup:

Step 1

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

J2SE Runtime Environment 5.0 Update 7
Java™ 6 Update 3


Then download and install Java Runtime Environment (JRE) 6 Update 4.

Step 2

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/t/131078/trojanmonde-infection/?p=744469

Collect::

C:\WINDOWS\system32\apnsvc.exe

File::

C:\WINDOWS\system32\bbjyeikg.ini
C:\WINDOWS\system32\ectoujxu.ini

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Application Manager"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrommm]

KillAll::

Click on File > Save as....

In the File Name box, copy/paste CFScript.txt (Note: Do not change the filename!)

Click Save (Save the CFScript in the same location as Combofix.exe)

Close any open windows.

Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe.

A webpage will pop up when Combofix has completed. Please do as instructed and upload the file asked.
It will create a log. Be sure to save it to a convenient location.

Step 3

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • You can also access the log by doing the following:
  • Click on the Malwarebytes' Anti-Malware icon to launch the program.
  • Click on the Logs tab.
  • Click on the log at the bottom of those listed to highlight it.
  • Click Open.
Step 4

In your next reply, please post:
  • the Combofix log (C:\Combofix.txt)
  • the Malwarebytes' Anti-Malware log
  • a new HijackThis log

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#5 ditavandread

ditavandread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 19 February 2008 - 06:05 AM

I seem to have trouble installing the JRE 6 Update 4...

Image of error here.

Combofix Log

ComboFix 08-02-18.1 - Melesa 2008-02-19 18:11:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.498 [GMT 8:00]
Running from: C:\Documents and Settings\Melesa\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Melesa\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\bbjyeikg.ini
C:\WINDOWS\system32\ectoujxu.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iiffeee.dll
C:\WINDOWS\system32\apnsvc.exe
C:\WINDOWS\system32\bbjyeikg.ini
C:\WINDOWS\system32\ectoujxu.ini
C:\WINDOWS\system32\iiffeee.dll
C:\WINDOWS\system32\jkkll.dll

.
((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-18 21:05 . 2008-02-18 21:05 <DIR> d-------- C:\Program Files\CCleaner
2008-02-17 23:39 . 2008-02-17 23:39 98 --a------ C:\WINDOWS\WirelessFTP.INI
2008-02-14 19:45 . 2008-02-14 19:46 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-14 19:45 . 2008-02-14 19:45 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-14 19:45 . 2008-02-14 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-14 19:45 . 2008-02-14 19:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-11 22:56 . 2006-09-21 08:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-11 22:56 . 2006-09-21 08:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2008-02-10 03:09 . 2004-08-04 20:00 337,920 --a------ C:\WINDOWS\system32\zipfldr.dll
2008-02-10 03:09 . 2004-08-04 20:00 337,920 --a--c--- C:\WINDOWS\system32\dllcache\zipfldr.dll
2008-02-09 02:56 . 2008-02-11 22:17 <DIR> d-------- C:\VundoFix Backups
2008-02-09 02:41 . 2008-02-09 02:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-08 02:15 . 2008-02-19 18:23 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-08 01:42 . 2008-02-15 22:12 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-08 01:42 . 2008-02-08 01:42 <DIR> d-------- C:\Documents and Settings\Melesa\Application Data\PC Tools
2008-02-08 01:42 . 2008-02-08 23:57 74,240 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-08 01:42 . 2008-02-08 23:57 56,832 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-08 01:42 . 2008-02-08 02:11 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-08 01:42 . 2008-02-08 02:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-08 01:40 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-07 21:44 . 2008-02-07 22:19 <DIR> d-------- C:\Program Files\Graphmatica

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 10:10 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 22:45 --------- d-----w C:\Program Files\Java
2008-02-18 15:45 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Sony Corporation
2008-02-18 15:40 --------- d-----w C:\Documents and Settings\Melesa\Application Data\ZoomBrowser EX
2008-02-18 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-15 13:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-03 12:55 --------- d-----w C:\Documents and Settings\Melesa\Application Data\AdobeUM
2008-01-30 01:59 --------- d-----w C:\Program Files\softnyx
2008-01-26 16:44 --------- d-----w C:\Program Files\World of Warcraft
2008-01-17 11:04 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-01-12 14:29 --------- d-----w C:\Documents and Settings\Melesa\Application Data\Apple Computer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24 1694208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 19:47 118784]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 13:21 53248]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 07:46 45056 C:\WINDOWS\system32\ico.exe]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-28 05:46 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 05:12 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19 52840]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 11:26 23168]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-15 03:11 176128]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" [2006-06-01 01:43 151552]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 11:35 1732608]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-16 05:48 479232]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 20:00 208952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-02-08 03:02 1065800]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2006-09-21 08:32:33 491520]
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2006-10-24 12:43:23 778240]

C:\Documents and Settings\Melesa\Start Menu\Programs\Startup\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2006-10-24 12:43:23 778240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoTaskGrouping"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{393C2547-B2AB-422C-87AF-385238C73416}"= C:\WINDOWS\system32\iiffeee.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayvv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-06-21 07:11 73728 C:\WINDOWS\system32\VESWinlogon.dll

R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 17:32]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 10:10]

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 03:16:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-15 12:03:13 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Melesa.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 18:22:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
.
**************************************************************************
.
Completion time: 2008-02-19 18:27:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 10:27:32
ComboFix2.txt 2008-02-18 13:55:33
ComboFix3.txt 2008-02-11 15:30:37
ComboFix4.txt 2008-02-11 14:37:54
.
2008-02-13 13:34:37 --- E O F ---

HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:55 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Sony\VAIO Launcher\Launcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\Melesa\My Documents\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.sg/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {973F2302-813F-48B6-A77E-55574554D421} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B12D4C1E-F318-4D69-AA62-AD9BE199CF93} - (no file)
O2 - BHO: (no name) - {C719FE1A-3CC7-4809-80A8-CD82CA6CD6DD} - (no file)
O2 - BHO: (no name) - {EB93D0AE-76A1-4DAF-B641-C7C1B977C9D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168684170410
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168684128394
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O20 - Winlogon Notify: gebayvv - C:\WINDOWS\
O20 - Winlogon Notify: iiffeee - C:\WINDOWS\
O20 - Winlogon Notify: rqrommm - C:\WINDOWS\
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 15926 bytes

Malwarebytes Log

Malwarebytes' Anti-Malware 1.04
Database version: 378

Scan type: Quick Scan
Objects scanned: 25910
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23d44bcf-aa7a-41d6-8905-e808f16322ef} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thank you~!

#6 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 19 February 2008 - 09:58 AM

Hi :thumbsup:

I can't see what the errror message says, the image is too small. Can you type it out please?

Open HijackThis, perform a scan and put a check next to the following items (if present):

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {973F2302-813F-48B6-A77E-55574554D421} - (no file)
O2 - BHO: (no name) - {B12D4C1E-F318-4D69-AA62-AD9BE199CF93} - (no file)
O2 - BHO: (no name) - {C719FE1A-3CC7-4809-80A8-CD82CA6CD6DD} - (no file)
O2 - BHO: (no name) - {EB93D0AE-76A1-4DAF-B641-C7C1B977C9D6} - (no file)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.5.0_07) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O20 - Winlogon Notify: gebayvv - C:\WINDOWS\
O20 - Winlogon Notify: iiffeee - C:\WINDOWS\
O20 - Winlogon Notify: rqrommm - C:\WINDOWS\


Close all programs except HijackThis and click on Fix checked.

Restart your computer.

In your next reply, please let me know how your computer is currently running.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#7 ditavandread

ditavandread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 19 February 2008 - 10:17 AM

Opps, my bad! Wrong url...

Fixed the items listed.

My computer seems to be fine, no Trojans detected so far by Spyware Doctor. However, I am not sure if the infection is completely eradicated...

X_X

#8 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 19 February 2008 - 10:25 AM

Hi :thumbsup:

Opps, my bad! Wrong url...

You've probably downloaded the 64 bit executable. Please download and install the 32 bit version.

My computer seems to be fine, no Trojans detected so far by Spyware Doctor. However, I am not sure if the infection is completely eradicated...

As far as I can see, your computer is clean. What makes you say that you aren't sure the infection is completely gone?
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#9 ditavandread

ditavandread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 19 February 2008 - 10:31 AM

Ahh I see, I am pretty much a computer nut. X_X

Well, there were many instances since my laptop's gotten infected during which infections would just pop up randomly from nowhere day after day, even after scanning a few times over. So I am still worried that the same scenario might happen again...

For example after a first scan, no infections found. But after an hour or so, I'll scan again and new infections will pop up...

#10 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 19 February 2008 - 10:39 AM

Is your Norton subscription up to date?
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#11 ditavandread

ditavandread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 19 February 2008 - 10:41 AM

Nope, mainly relaying on Spyware doctor... That was what the repair lady told me to do if I didn't want to spend on both.

#12 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 19 February 2008 - 10:44 AM

Hi :thumbsup:

Well, I can imagine why you got infected. Anti-Virus is a must.

Click on Start, then Control Panel. Double click on Add or Remove Programs.

Please remove the following program(s):

Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update


Here are a few (free) anti-virus programs, please download and install one of them:
Without a firewall your computer is susceptible to being hacked and taken over. The Windows firewall isn't sufficient as it only monitors incoming connections.

Here are a few (free) firewalls, please download and install one of them:
Post back to me when you've done that, and I'll give you a few more prevention tips to keep your computer clean in the future.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#13 ditavandread

ditavandread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 20 February 2008 - 08:01 AM

Ok done those! My computer seems fine now =D. Thanks for all your help! :thumbsup:

#14 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:34 AM

Posted 20 February 2008 - 12:32 PM

Hi :thumbsup:

I need you to do one last thing.

Open Notepad (Go to Start > Run, type Notepad and hit Enter), and copy/paste the text in the quotebox below into it:

@echo off
for %%g in (
"C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir"
"C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir"
) do zip Files_for_submission %%g
del %0

Click on File > Save As....

In the File Name box, copy and paste in "Collect.bat" (Including the quotes!)

Click Save, and save the file to your desktop.

Double-click Collect.bat, a file named Files_for_submission.zip will be created on your desktop.
  • Please visit this site:

    http://www.bleepingcomputer.com/submit-malware.php?channel=4

  • In the Link to topic where this file was requested: area, copy and paste this:

    http://www.bleepingcomputer.com/forums/t/131078/trojanmonde-infection/?p=744469
  • Please use the Browse button to navigate to the Files_for_submission.zip file on your desktop.
  • Then click Send File.

Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#15 ditavandread

ditavandread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 21 February 2008 - 09:16 AM

Ok done and done! Thanks once more! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users