Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was Vundo Now I Dont Know


  • This topic is locked This topic is locked
12 replies to this topic

#1 Necrotic Freak

Necrotic Freak

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 01 August 2008 - 09:39 PM

Ok I had gotten the Vundo Trojan. I update and run malwarebytes, spybot, SAS, and AVG anti-virus regularly. MB, SAS and spybot all detected the Vundo. However neither could completely remove it. I searched around and found Virtumundo-be-gone and VundoFix. I ran them both and now I get balloons in my Systems tray/Task tray/Notification tray saying that the files pertaining to MB Spybot, and a windows files are corrupt (Never the same file) and that I need to run chkdsk utility. I ran the chkdsk with the /f parameter, Confirmed it to run at next start up, restarted, but no chkdsk run. I tried to run all scans again in safe mode but could not get into safe mode. My desktop icon flash every ten mins as if my explorer crashed and restarted. I tried to resore to an earlier point. No luck. I tried to scan using Kasperkey online scanner but could not get the updates. So I am here at my wits end. Is My system clean and I'm just being paranoid or what?

Deckard's System Scanner v20071014.68
Run by Mine on 2008-08-01 22:00:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
30: 2008-08-02 02:00:39 UTC - RP30 - Deckard's System Scanner Restore Point
29: 2008-07-31 01:06:05 UTC - RP28 - Removed Ad-Aware
28: 2008-07-31 01:01:32 UTC - RP27 - Restore Operation
26: 2008-07-31 00:57:04 UTC - RP26 - Restore Operation
25: 2008-07-30 21:27:40 UTC - RP25 - Restore Operation




-- First Restore Point --
1: 2008-07-09 21:58:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mine.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:14 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
F:\WINDOWS\system32\IoctlSvc.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
F:\Documents and Settings\Mine\Desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Mine.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = F:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212334061717
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - F:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - F:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - F:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - F:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: V2i Protector - PowerQuest Corporation - F:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6792 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PQV2i - f:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 PQIMount - f:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Nero BackItUp Scheduler 3 - f:\program files\nero\nero8\nero backitup\nbservice.exe
R2 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
R2 V2i Protector - f:\program files\powerquest\drive image 7.0\agent\pqv2isvc.exe <Not Verified; PowerQuest Corporation; V2i Protector>

S2 GEARSecurity - f:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S3 FLEXnet Licensing Service - "f:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-26 17:47:39 340 --a------ F:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1206567840.job


-- Files created between 2008-07-01 and 2008-08-01 -----------------------------

2008-07-30 21:10:45 0 dr-h----- F:\Documents and Settings\Mine\Recent
2008-07-23 18:01:31 0 d-------- F:\Documents and Settings\Mine\Application Data\gtk-2.0
2008-07-22 18:17:48 0 d-------- F:\Program Files\Avira
2008-07-18 19:57:55 0 d-------- F:\cmdcons
2008-07-18 19:52:42 68096 --a------ F:\WINDOWS\zip.exe
2008-07-18 19:52:42 49152 --a------ F:\WINDOWS\VFind.exe
2008-07-18 19:52:42 212480 --a------ F:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-18 19:52:42 136704 --a------ F:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-18 19:52:42 161792 --a------ F:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-18 19:52:42 98816 --a------ F:\WINDOWS\sed.exe
2008-07-18 19:52:42 80412 --a------ F:\WINDOWS\grep.exe
2008-07-18 19:52:42 89504 --a------ F:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-16 10:34:02 19 --a------ F:\WINDOWS\system32\nifile
2008-07-16 10:34:02 28 --a------ F:\WINDOWS\system32\kifile
2008-07-16 10:33:09 0 d--hs---- F:\WINDOWS\ftpcache
2008-07-14 16:53:41 0 d-------- F:\Program Files\CDisplay
2008-07-14 16:45:22 0 d-------- F:\Documents and Settings\Mine\.gimp-2.4
2008-07-14 12:58:35 0 d-a------ F:\Program Files\ZoneAlarmSB
2008-07-12 14:45:25 0 d-------- F:\Documents and Settings\Mine\.thumbnails
2008-07-11 20:14:41 0 d-------- F:\Program Files\digestIT 2004 <DIGEST~1>
2008-07-10 19:20:24 0 d-------- F:\Documents and Settings\Administrator\Application Data\Nero
2008-07-10 17:19:14 0 d-------- F:\I386
2008-07-09 17:03:00 0 d-------- F:\VundoFix Backups
2008-07-08 21:03:22 82944 --a------ F:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-08 21:03:20 25600 --a------ F:\WINDOWS\system32\WS2Fix.exe
2008-07-08 21:03:20 289144 --a------ F:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-08 21:03:18 288417 --a------ F:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-08 21:03:18 51200 --a------ F:\WINDOWS\system32\dumphive.exe
2008-07-08 21:03:15 53248 --a------ F:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-08 17:49:00 0 d-------- F:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-07-08 00:14:16 303104 --a------ F:\WINDOWS\system32\dkirsotx.exe
2008-07-07 18:52:19 0 d-------- F:\Program Files\audiograbber
2008-07-04 00:41:02 0 d-------- F:\Documents and Settings\Mine\.gimp-2.2
2008-07-04 00:38:48 0 d-------- F:\Program Files\GIMP-2.0
2008-07-04 00:34:19 0 d-------- F:\Program Files\Common Files\GTK


-- Find3M Report ---------------------------------------------------------------

2008-07-30 21:08:10 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 21:06:17 0 d-------- F:\Program Files\Common Files
2008-07-30 21:06:12 0 d-------- F:\Program Files\Lavasoft
2008-07-21 18:45:01 0 d-------- F:\Program Files\SpywareBlaster
2008-07-18 17:17:03 0 d-------- F:\Program Files\Winamp
2008-07-18 17:15:37 0 d-------- F:\Documents and Settings\Mine\Application Data\Winamp
2008-07-14 12:58:35 4212 ---h----- F:\WINDOWS\system32\zllictbl.dat
2008-07-14 12:05:23 0 d-------- F:\Documents and Settings\Mine\Application Data\CoreFTP
2008-07-10 18:01:20 0 d-------- F:\Documents and Settings\Mine\Application Data\Sony Corporation
2008-07-10 17:02:41 0 d-------- F:\Program Files\Gabest
2008-07-09 18:36:36 0 d-------- F:\Program Files\Trojan Killer
2008-07-09 18:25:56 0 d-------- F:\Documents and Settings\Mine\Application Data\SUPERAntiSpyware.com
2008-07-09 18:25:45 0 d-------- F:\Program Files\SUPERAntiSpyware
2008-07-08 16:05:39 0 d-------- F:\Program Files\AviSynth 2.5
2008-07-06 12:02:45 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-06-15 13:31:34 629 --a------ F:\Documents and Settings\Mine\Application Data\AutoGK.ini
2008-06-15 13:20:07 0 d-------- F:\Documents and Settings\Mine\Application Data\IsolatedStorage
2008-06-14 10:06:58 0 d-------- F:\Program Files\AutoGK
2008-06-14 10:06:54 43698 --a------ F:\WINDOWS\system32\xvid-uninstall.exe
2008-06-14 10:04:29 0 d-------- F:\Program Files\DVD Decrypter
2008-06-13 21:51:31 0 d-------- F:\Program Files\FLV Player
2008-06-09 18:22:37 0 d-------- F:\Program Files\TrojanHunter 5.0
2008-06-07 20:29:28 0 d-------- F:\Program Files\CoreFTP
2008-06-04 19:37:27 0 d-------- F:\Program Files\Picasa2
2008-06-04 18:06:52 0 d-------- F:\Program Files\Sony
2008-06-04 18:01:12 0 d-------- F:\Program Files\Common Files\InstallShield
2008-06-02 19:23:38 0 d-------- F:\Program Files\Defraggler


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/29/2004 08:15 AM]
"IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\point32.exe" [06/03/2004 02:50 AM]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/05/2008 10:29 PM]
"NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [02/28/2008 09:59 AM]
"ZoneAlarm Client"="F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

F:\Documents and Settings\Mine\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - F:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

*Newly Created Service* - CATCHME



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8940 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-01 22:04:06 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 767.48 MiB / 325.12 MiB
Pagefile Memory (total/avail): 1878.23 MiB / 1506.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1938.5 MiB

C: is Fixed (NTFS) - 37.27 GiB total, 3.21 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 149.04 GiB total, 95.94 GiB free.

\\.\PHYSICALDRIVE1 - ST340014A - 37.27 GiB - 1 partition
\PARTITION0 - Installable File System - 37.27 GiB - C:

\\.\PHYSICALDRIVE0 - WDC WD1600AAJB-00PVA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

FW: ZoneAlarm Firewall v7.0.483.000 (Check Point, LTD.)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"="F:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Mine\Application Data
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=Mine
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Mine
LOGONSERVER=\\Mike
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\system32\wbem;F:\Program Files\ATI Technologies\ATI Control Panel;F:\Program Files\Common Files\GTK\2.0\bin;F:\Program Files\Common Files\Nero\Lib\;F:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=F:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Mine\LOCALS~1\Temp
TMP=F:\DOCUME~1\Mine\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=Mike
USERNAME=Mine
USERPROFILE=F:\Documents and Settings\Mine
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mine (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

AnyDVD --> "F:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="F:\Program Files\SlySoft\AnyDVD"
Avira UnErase Personal --> F:\Program Files\Avira\UnErase\uninstall.exe
CCleaner (remove only) --> "F:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "F:\Program Files\CDisplay\unins000.exe"
GIMP 2.4.6 --> "F:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware --> "F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mozilla Firefox (2.0.0.16) --> F:\Program Files\Mozilla Firefox\uninstall\helper.exe
SpywareBlaster 4.1 --> "F:\Program Files\SpywareBlaster\unins000.exe"
Winamp --> "F:\Program Files\Winamp\UninstWA.exe"
ZoneAlarm --> F:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type934 / Error
Event Submitted/Written: 07/30/2008 10:01:48 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 452615105.

Event Record #/Type932 / Error
Event Submitted/Written: 07/30/2008 10:01:25 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type891 / Error
Event Submitted/Written: 07/30/2008 07:02:57 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mbam.exe, version 1.23.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type863 / Error
Event Submitted/Written: 07/29/2008 04:10:00 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module flvsplitter.ax, version 1.0.0.1, fault address 0x0001c292.
Processing media-specific event for [wmplayer.exe!ws!]

Event Record #/Type862 / Error
Event Submitted/Written: 07/29/2008 04:09:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module flvsplitter.ax, version 1.0.0.1, fault address 0x0001c292.
Processing media-specific event for [wmplayer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type45009 / Error
Event Submitted/Written: 08/01/2008 09:13:53 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type45008 / Error
Event Submitted/Written: 08/01/2008 09:13:50 PM / 08/01/2008 09:13:51 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type45007 / Error
Event Submitted/Written: 08/01/2008 09:13:48 PM / 08/01/2008 09:13:51 PM
Event ID/Source: 7 / Disk
Event Description:
The device, \Device\Harddisk0\D, has a bad block.

Event Record #/Type44876 / Error
Event Submitted/Written: 08/01/2008 08:06:46 PM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for F:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll.
Reference error message: The operation completed successfully.
.

Event Record #/Type44875 / Error
Event Submitted/Written: 08/01/2008 08:06:46 PM
Event ID/Source: 58 / SideBySide
Event Description:
Syntax error in manifest or policy file "Manifest Parse Error : An Invalid character was found in text content.
1" on line Manifest Parse Error : An Invalid character was found in text content.
2.



-- End of Deckard's System Scanner: finished at 2008-08-01 22:04:06 ------------

Edited by Necrotic Freak, 01 August 2008 - 09:46 PM.


BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:08:07 AM

Posted 10 August 2008 - 10:39 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 Necrotic Freak

Necrotic Freak
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 11 August 2008 - 06:50 PM

Snowhite,

Thank you for your help. I still cannot get Kasperkey to update its files. I have been trying to get a scan for close to twelve hrs now and it hasn't even started the scan yet. Just a quick update on my computer I have drivers missing since i used it last. To be more specific my sound drivers. Here are the DSS logs you requested. Thank you again.

Deckard's System Scanner v20071014.68
Run by Mine on 2008-08-11 19:39:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-08-11 23:39:20 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-08-11 10:00:22 UTC - RP20 - Software Distribution Service 3.0
19: 2008-08-11 01:35:10 UTC - RP19 - Software Distribution Service 3.0
18: 2008-08-10 16:37:22 UTC - RP18 - Software Distribution Service 3.0
17: 2008-08-10 12:32:06 UTC - RP17 - Avg8 Update


-- First Restore Point --
1: 2008-08-08 20:41:39 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Mine.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:43 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\SpywareGuard\sgmain.exe
F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
F:\Program Files\SpywareGuard\sgbhp.exe
F:\Documents and Settings\Mine\desktop\dss.exe
F:\PROGRA~1\TRENDM~1\HIJACK~1\Mine.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = F:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: SpywareGuard.lnk = F:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Append to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1212334061717
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6518 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PQV2i - f:\windows\system32\drivers\pqv2i.sys <Not Verified; StorageCraft; V2i Protector>
R1 PQIMount - f:\windows\system32\drivers\pqimount.sys <Not Verified; PowerQuest Corporation; V2i Protector>

S3 catchme - f:\docume~1\mine\locals~1\temp\catchme.sys (file missing)
S3 FETNDIS (VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver) - f:\windows\system32\drivers\fetnd5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R3 FLEXnet Licensing Service - "f:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S4 GEARSecurity - f:\windows\system32\gearsec.exe <Not Verified; GEAR Software; gearsec>
S4 Nero BackItUp Scheduler 3 - f:\program files\nero\nero8\nero backitup\nbservice.exe
S4 PLFlash DeviceIoControl Service - f:\windows\system32\ioctlsvc.exe <Not Verified; Prolific Technology Inc.; IoctlSvc Application>
S4 V2i Protector - f:\program files\powerquest\drive image 7.0\agent\pqv2isvc.exe <Not Verified; PowerQuest Corporation; V2i Protector>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

F:\WINDOWS\system32\svchost.exe (pid 1068)
2008-04-23 00:16:28 267776 --a------ F:\WINDOWS\system32\iertutil.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>

F:\WINDOWS\explorer.exe (pid 1908)
2008-04-23 00:16:28 267776 --a------ F:\WINDOWS\system32\iertutil.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2008-04-23 00:16:28 6066176 --a------ F:\WINDOWS\system32\ieframe.dll <Not Verified; Microsoft Corporation; Windows® Internet Explorer>
2007-12-29 01:04:02 159744 --a------ F:\Program Files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll
2007-12-29 01:03:34 23552 --a------ F:\Program Files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll
2004-09-08 20:51:54 121344 --a------ F:\Program Files\WinRAR\RarExt.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-06-26 17:47:39 340 --a------ F:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1206567840.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 19:19:24 0 d--h----- F:\WINDOWS\msdownld.tmp
2008-08-11 19:19:15 0 d-------- F:\WINDOWS\Logs
2008-08-11 14:51:34 0 d-------- F:\WINDOWS\system32\CatRoot_bak
2008-08-10 21:56:47 0 d-------- F:\Documents and Settings\Mine\Application Data\Winamp
2008-08-10 12:47:57 0 d-------- F:\WINDOWS\LastGood
2008-08-09 13:33:42 0 d-------- F:\Program Files\Common Files\Macrovision Shared
2008-08-09 11:31:09 0 dr-h----- F:\Documents and Settings\Mine\Recent
2008-08-08 22:46:33 0 d-------- F:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 19:00:12 0 d-------- F:\WINDOWS\ERUNT
2008-08-08 12:20:58 68096 --a------ F:\WINDOWS\zip.exe
2008-08-08 12:20:58 49152 --a------ F:\WINDOWS\VFind.exe
2008-08-08 12:20:58 212480 --a------ F:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-08 12:20:58 136704 --a------ F:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-08 12:20:58 161792 --a------ F:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-08 12:20:58 98816 --a------ F:\WINDOWS\sed.exe
2008-08-08 12:20:58 80412 --a------ F:\WINDOWS\grep.exe
2008-08-08 12:20:58 89504 --a------ F:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-08-07 13:04:59 0 d-------- F:\Program Files\SpywareGuard
2008-08-06 20:32:12 0 d-------- F:\Combo-Fix
2008-08-01 21:58:51 686630 --a------ F:\dss.exe
2008-07-23 18:01:31 0 d-------- F:\Documents and Settings\Mine\Application Data\gtk-2.0
2008-07-22 18:17:48 0 d-------- F:\Program Files\Avira
2008-07-18 19:57:55 0 d-------- F:\cmdcons
2008-07-16 10:34:02 19 --a------ F:\WINDOWS\system32\nifile
2008-07-16 10:34:02 28 --a------ F:\WINDOWS\system32\kifile
2008-07-16 10:33:09 0 d--hs---- F:\WINDOWS\ftpcache
2008-07-14 16:53:41 0 d-------- F:\Program Files\CDisplay
2008-07-14 16:45:22 0 d-------- F:\Documents and Settings\Mine\.gimp-2.4
2008-07-14 12:58:35 0 d-a------ F:\Program Files\ZoneAlarmSB
2008-07-12 14:45:25 0 d-------- F:\Documents and Settings\Mine\.thumbnails
2008-07-11 20:14:41 0 d-------- F:\Program Files\digestIT 2004 <DIGEST~1>


-- Find3M Report ---------------------------------------------------------------

2008-08-11 19:32:37 0 d-------- F:\Documents and Settings\Mine\Application Data\uTorrent
2008-08-10 21:57:32 0 d-------- F:\Program Files\Winamp
2008-08-09 13:33:42 0 d-------- F:\Program Files\Common Files
2008-08-09 13:26:51 0 d-------- F:\Program Files\Common Files\Adobe
2008-08-08 16:10:34 23348 --a------ F:\WINDOWS\system32\emptyregdb.dat
2008-08-07 13:34:29 0 d-------- F:\Program Files\SpywareBlaster
2008-07-30 21:06:12 0 d-------- F:\Program Files\Lavasoft
2008-07-23 17:59:28 0 d-------- F:\Program Files\GIMP-2.0
2008-07-14 12:58:35 4212 --ah----- F:\WINDOWS\system32\zllictbl.dat
2008-07-14 12:05:23 0 d-------- F:\Documents and Settings\Mine\Application Data\CoreFTP
2008-07-10 18:01:20 0 d-------- F:\Documents and Settings\Mine\Application Data\Sony Corporation
2008-07-10 17:02:41 0 d-------- F:\Program Files\Gabest
2008-07-09 18:36:36 0 d-------- F:\Program Files\Trojan Killer
2008-07-09 18:25:56 0 d-------- F:\Documents and Settings\Mine\Application Data\SUPERAntiSpyware.com
2008-07-09 18:25:45 0 d-------- F:\Program Files\SUPERAntiSpyware
2008-07-08 16:05:39 0 d-------- F:\Program Files\AviSynth 2.5
2008-07-08 00:15:00 303104 --a------ F:\WINDOWS\system32\dkirsotx.exe
2008-07-07 19:10:31 0 d-------- F:\Program Files\audiograbber
2008-07-06 12:02:45 0 d--h----- F:\Program Files\InstallShield Installation Information
2008-07-04 00:34:19 0 d-------- F:\Program Files\Common Files\GTK
2008-06-15 13:31:34 629 --a------ F:\Documents and Settings\Mine\Application Data\AutoGK.ini
2008-06-15 13:20:07 0 d-------- F:\Documents and Settings\Mine\Application Data\IsolatedStorage
2008-06-14 10:06:58 0 d-------- F:\Program Files\AutoGK
2008-06-14 10:06:54 43698 --a------ F:\WINDOWS\system32\xvid-uninstall.exe
2008-06-14 10:04:29 0 d-------- F:\Program Files\DVD Decrypter
2008-06-13 21:51:31 0 d-------- F:\Program Files\FLV Player


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07/09/2008 09:05 AM]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [08/10/2008 08:31 AM]
"ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [09/29/2004 08:15 AM]
"Acrobat Assistant 8.0"="F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM]
"@"="" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe

F:\Documents and Settings\Mine\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - F:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]
SpywareGuard.lnk - F:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"F:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"vsmon"=2 (0x2)
"V2i Protector"=2 (0x2)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"Pml Driver HPZ12"=3 (0x3)
"PlugPlay"=2 (0x2)
"PLFlash DeviceIoControl Service"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"NMIndexingService"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
"GEARSecurity"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"avg8wd"=2 (0x2)
"AudioSrv"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)




-- End of Deckard's System Scanner: finished at 2008-08-11 19:41:40 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 767.48 MiB / 361.71 MiB
Pagefile Memory (total/avail): 1878.23 MiB / 1559.49 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1908.27 MiB

C: is Fixed (NTFS) - 37.27 GiB total, 2.26 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Fixed (NTFS) - 149.04 GiB total, 96.25 GiB free.
G: is Removable (FAT)

\\.\PHYSICALDRIVE1 - ST340014A - 37.27 GiB - 1 partition
\PARTITION0 - Installable File System - 37.27 GiB - C:

\\.\PHYSICALDRIVE0 - WDC WD1600AAJB-00PVA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - F:

\\.\PHYSICALDRIVE2 - UFD USB Flash Drive USB Device - 957 MiB - 1 partition
\PARTITION0 (bootable) - MS-DOS V4 Huge - 955.98 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.483.000 (Check Point, LTD.)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"="F:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Mine\Application Data
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=NIGHTSPEAR
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Mine
LOGONSERVER=\\NIGHTSPEAR
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\system32\WBEM;F:\Program Files\Common Files\Nero\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=F:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\Mine\LOCALS~1\Temp
TMP=F:\DOCUME~1\Mine\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=NIGHTSPEAR
USERNAME=Mine
USERPROFILE=F:\Documents and Settings\Mine
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mine (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
µTorrent --> "F:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat 8.1.2 Security Update 1 (KB403742) -->
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
AnyDVD --> "F:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="F:\Program Files\SlySoft\AnyDVD"
ATI Display Driver --> rundll32 F:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.0 --> F:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Avira UnErase Personal --> F:\Program Files\Avira\UnErase\uninstall.exe
CCleaner (remove only) --> "F:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "F:\Program Files\CDisplay\unins000.exe"
GIMP 2.4.6 --> "F:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware --> "F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.16) --> F:\Program Files\Mozilla Firefox\uninstall\helper.exe
SpywareBlaster 4.1 --> "F:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "F:\Program Files\SpywareGuard\unins000.exe"
Winamp --> "F:\Program Files\Winamp\UninstWA.exe"
ZoneAlarm --> F:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-08-11 19:41:40 ------------

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:07 AM

Posted 15 August 2008 - 07:04 AM

Hello.

Sorry it has been so long. SNOW has run into some problems, so I will be taking over this log.

It appears you have run ComboFix perviously. That was a DANGEROUS thing to do. Please post the contents of the following files:
C:\qoobox\combofix1.txt
C:\qoobox\combofix2.txt
C:\qoobox\combofix3.txt
C:\qoobox\combofix4.txt
C:\qoobox\combofix5.txt
C:\combofix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Necrotic Freak

Necrotic Freak
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 15 August 2008 - 10:42 AM

Billy,

Glad to hear from you. It has gotten to the point that I can no longer run my pc. Fire wall is blocking 500 outgoing attempts in less than an hour. Yes I ran combofix . however i did so understanding the risk. I could not find all the logs you requested. Here are the ones I did find. I am posting all the logs I found in Qoobox.

Add remove programs
µTorrent --> "F:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AnyDVD --> "F:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="F:\Program Files\SlySoft\AnyDVD"
Avira UnErase Personal --> F:\Program Files\Avira\UnErase\uninstall.exe
CCleaner (remove only) --> "F:\Program Files\CCleaner\uninst.exe"
CDisplay 1.8 --> "F:\Program Files\CDisplay\unins000.exe"
GIMP 2.4.6 --> "F:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2 --> "F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Mozilla Firefox (2.0.0.16) --> F:\Program Files\Mozilla Firefox\uninstall\helper.exe
SpywareBlaster 4.1 --> "F:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "F:\Program Files\SpywareGuard\unins000.exe"
Winamp --> "F:\Program Files\Winamp\UninstWA.exe"
ZoneAlarm --> F:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

ComboFix-quarantined-files
2008-08-08 12:25 54 --a------ F:\Qoobox\Quarantine\catchme.log
2008-08-08 12:26 0 --a------ F:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-08-08 12:26 0 --a------ F:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-08-08 12:26 0 --a------ F:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat

Combofix2
ComboFix 08-07-20.A0 - Mine 2008-07-30 21:27:44.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.346 [GMT -4:00]
Running from: F:\Documents and Settings\Mine\Desktop\Combo-Fix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 18:13 . 2008-07-23 20:09 38,472 --a------ F:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 18:01 . 2008-07-23 18:51 <DIR> d-------- F:\Documents and Settings\Mine\Application Data\gtk-2.0
2008-07-22 18:17 . 2008-07-22 18:17 <DIR> d-------- F:\Program Files\Avira
2008-07-16 17:01 . 2008-07-16 17:01 24,392 --a------ F:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-16 10:34 . 2008-07-16 10:34 28 --a------ F:\WINDOWS\system32\kifile
2008-07-16 10:34 . 2008-07-16 10:34 19 --a------ F:\WINDOWS\system32\nifile
2008-07-16 10:33 . 2008-07-16 10:33 <DIR> d--hs---- F:\WINDOWS\ftpcache
2008-07-16 09:45 . 2008-07-16 09:45 99,648 --a------ F:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-14 16:53 . 2008-07-14 16:53 <DIR> d-------- F:\Program Files\CDisplay
2008-07-14 16:45 . 2008-07-23 18:52 <DIR> d-------- F:\Documents and Settings\Mine\.gimp-2.4
2008-07-14 12:58 . 2008-07-14 12:58 <DIR> d-a------ F:\Program Files\ZoneAlarmSB
2008-07-14 12:54 . 2008-07-30 21:00 352,918 --a------ F:\WINDOWS\system32\vsconfig.xml
2008-07-14 12:26 . 2008-07-09 09:05 75,248 --a------ F:\WINDOWS\zllsputility.exe
2008-07-14 12:25 . 2008-07-09 09:05 1,086,952 --a------ F:\WINDOWS\system32\zpeng24.dll
2008-07-12 14:45 . 2008-07-12 14:45 <DIR> d-------- F:\Documents and Settings\Mine\.thumbnails
2008-07-11 20:14 . 2008-07-11 20:22 <DIR> d-------- F:\Program Files\digestIT 2004
2008-07-11 19:01 . 2004-08-04 00:56 116,224 --a--c--- F:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-07-11 19:01 . 2001-08-17 22:37 99,865 --a--c--- F:\WINDOWS\system32\dllcache\xlog.exe
2008-07-11 19:01 . 2001-08-17 22:37 27,648 --a--c--- F:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-07-11 19:01 . 2001-08-17 22:36 23,040 --a--c--- F:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-07-11 19:01 . 2004-08-03 22:29 19,455 --a--c--- F:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-07-11 19:01 . 2004-08-03 23:10 19,328 --a--c--- F:\WINDOWS\system32\dllcache\wstcodec.sys
2008-07-11 19:01 . 2001-08-17 22:36 17,408 --a--c--- F:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-07-11 19:01 . 2001-08-17 12:11 16,970 --a--c--- F:\WINDOWS\system32\dllcache\xem336n5.sys
2008-07-11 19:01 . 2001-08-17 22:37 4,608 --a--c--- F:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-07-11 19:00 . 2004-08-03 22:31 154,624 --a--c--- F:\WINDOWS\system32\dllcache\wlluc48.sys
2008-07-11 19:00 . 2001-08-17 12:12 34,890 --a--c--- F:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-07-11 19:00 . 2004-08-03 22:29 12,063 --a--c--- F:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-07-11 19:00 . 2004-08-03 23:07 8,832 --a--c--- F:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-07-11 19:00 . 2004-08-04 00:56 8,192 --a--c--- F:\WINDOWS\system32\dllcache\wshirda.dll
2008-07-11 18:58 . 2001-08-17 13:28 604,253 --a--c--- F:\WINDOWS\system32\dllcache\vmodem.sys
2008-07-11 18:58 . 2001-08-17 13:28 397,502 --a--c--- F:\WINDOWS\system32\dllcache\vpctcom.sys
2008-07-11 18:58 . 2001-08-17 12:14 249,402 --a--c--- F:\WINDOWS\system32\dllcache\vinwm.sys
2008-07-11 18:58 . 2001-08-17 13:28 64,605 --a--c--- F:\WINDOWS\system32\dllcache\vvoice.sys
2008-07-11 18:58 . 2004-08-04 00:56 28,672 --a--c--- F:\WINDOWS\system32\dllcache\vidcap.ax
2008-07-11 18:58 . 2001-08-17 13:49 24,576 --a--c--- F:\WINDOWS\system32\dllcache\viairda.sys
2008-07-11 18:58 . 2001-08-17 12:13 19,528 --a--c--- F:\WINDOWS\system32\dllcache\w840nd.sys
2008-07-11 18:58 . 2001-08-17 12:13 19,016 --a--c--- F:\WINDOWS\system32\dllcache\w926nd.sys
2008-07-11 18:58 . 2001-08-17 12:13 16,925 --a--c--- F:\WINDOWS\system32\dllcache\w940nd.sys
2008-07-11 18:56 . 2001-08-17 22:36 94,720 --a--c--- F:\WINDOWS\system32\dllcache\umaxud32.dll
2008-07-11 18:56 . 2001-08-17 22:36 69,632 --a--c--- F:\WINDOWS\system32\dllcache\umaxu12.dll
2008-07-11 18:56 . 2004-08-03 23:07 59,264 --a--c--- F:\WINDOWS\system32\dllcache\usbaudio.sys
2008-07-11 18:56 . 2001-08-17 22:36 50,688 --a--c--- F:\WINDOWS\system32\dllcache\umaxscan.dll
2008-07-11 18:56 . 2001-08-17 22:36 50,176 --a--c--- F:\WINDOWS\system32\dllcache\umaxp60.dll
2008-07-11 18:56 . 2001-08-17 22:36 47,616 --a--c--- F:\WINDOWS\system32\dllcache\umaxcam.dll
2008-07-11 18:56 . 2004-08-03 22:31 32,384 --a--c--- F:\WINDOWS\system32\dllcache\usb101et.sys
2008-07-11 18:56 . 2001-08-17 22:36 28,160 --a--c--- F:\WINDOWS\system32\dllcache\umaxu40.dll
2008-07-11 18:56 . 2001-08-17 22:36 26,624 --a--c--- F:\WINDOWS\system32\dllcache\umaxu22.dll
2008-07-11 18:56 . 2001-08-17 13:58 22,912 --a--c--- F:\WINDOWS\system32\dllcache\umaxpcls.sys
2008-07-11 18:56 . 2004-08-03 23:04 12,672 --a--c--- F:\WINDOWS\system32\dllcache\usb8023x.sys
2008-07-11 18:55 . 2001-08-17 22:36 525,568 --a--c--- F:\WINDOWS\system32\dllcache\tridxp.dll
2008-07-11 18:55 . 2001-08-17 14:56 440,576 --a--c--- F:\WINDOWS\system32\dllcache\tridkb.dll
2008-07-11 18:55 . 2001-08-17 12:51 222,336 --a--c--- F:\WINDOWS\system32\dllcache\trid3dm.sys
2008-07-11 18:55 . 2001-08-17 22:36 216,064 --a--c--- F:\WINDOWS\system32\dllcache\um34scan.dll
2008-07-11 18:55 . 2001-08-17 22:36 211,968 --a--c--- F:\WINDOWS\system32\dllcache\um54scan.dll
2008-07-11 18:55 . 2001-08-17 12:51 166,784 --a--c--- F:\WINDOWS\system32\dllcache\tridxpm.sys
2008-07-11 18:55 . 2001-08-17 12:51 159,232 --a--c--- F:\WINDOWS\system32\dllcache\tridkbm.sys
2008-07-11 18:55 . 2004-08-03 23:07 44,672 --a--c--- F:\WINDOWS\system32\dllcache\uagp35.sys
2008-07-11 18:55 . 2001-08-17 13:52 36,736 --a--c--- F:\WINDOWS\system32\dllcache\ultra.sys
2008-07-11 18:55 . 2001-08-17 13:48 11,520 --a--c--- F:\WINDOWS\system32\dllcache\twotrack.sys
2008-07-11 18:54 . 2001-08-17 14:56 315,520 --a--c--- F:\WINDOWS\system32\dllcache\trid3d.dll
2008-07-11 18:54 . 2001-08-17 14:01 241,664 --a--c--- F:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-07-11 18:54 . 2001-08-17 14:02 230,912 --a--c--- F:\WINDOWS\system32\dllcache\tosdvd03.sys
2008-07-11 18:54 . 2001-08-17 12:14 123,995 --a--c--- F:\WINDOWS\system32\dllcache\tjisdn.sys
2008-07-11 18:54 . 2004-08-04 00:56 82,432 --a--c--- F:\WINDOWS\system32\dllcache\tp4mon.exe
2008-07-11 18:54 . 2001-08-17 22:35 42,496 --a--c--- F:\WINDOWS\system32\dllcache\tp4res.dll
2008-07-11 18:54 . 2001-08-17 12:12 34,375 --a--c--- F:\WINDOWS\system32\dllcache\tpro4.sys
2008-07-11 18:54 . 2001-08-17 22:36 31,744 --a--c--- F:\WINDOWS\system32\dllcache\tp4.dll
2008-07-11 18:54 . 2001-08-17 12:10 28,232 --a--c--- F:\WINDOWS\system32\dllcache\tos4mo.sys
2008-07-11 18:54 . 2001-08-17 13:51 4,992 --a--c--- F:\WINDOWS\system32\dllcache\toside.sys
2008-07-11 18:53 . 2001-08-17 14:56 172,768 --a--c--- F:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-07-11 18:53 . 2004-08-03 23:00 149,376 --a--c--- F:\WINDOWS\system32\dllcache\tffsport.sys
2008-07-11 18:53 . 2001-08-17 12:51 138,528 --a--c--- F:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-07-11 18:53 . 2001-08-17 14:56 81,408 --a--c--- F:\WINDOWS\system32\dllcache\tgiul50.dll
2008-07-11 18:53 . 2001-08-17 12:13 37,961 --a--c--- F:\WINDOWS\system32\dllcache\tdk100b.sys
2008-07-11 18:53 . 2001-08-17 12:50 36,640 --a--c--- F:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-07-11 18:53 . 2001-08-17 13:49 30,464 --a--c--- F:\WINDOWS\system32\dllcache\tbatm155.sys
2008-07-11 18:53 . 2001-08-17 12:13 17,129 --a--c--- F:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-07-11 18:53 . 2001-08-17 13:52 7,040 --a--c--- F:\WINDOWS\system32\dllcache\tandqic.sys
2008-07-11 18:51 . 2001-08-17 12:18 285,760 --a--c--- F:\WINDOWS\system32\dllcache\stlnata.sys
2008-07-11 18:51 . 2001-08-17 22:36 155,648 --a--c--- F:\WINDOWS\system32\dllcache\stlnprop.dll
2008-07-11 18:51 . 2001-08-17 22:36 106,584 --a--c--- F:\WINDOWS\system32\dllcache\spdports.dll
2008-07-11 18:51 . 2001-08-17 22:36 99,328 --a--c--- F:\WINDOWS\system32\dllcache\srusd.dll
2008-07-11 18:51 . 2001-08-17 13:51 61,824 --a--c--- F:\WINDOWS\system32\dllcache\speed.sys
2008-07-11 18:51 . 2001-08-17 22:36 53,248 --a--c--- F:\WINDOWS\system32\dllcache\stlncoin.dll
2008-07-11 18:51 . 2001-08-17 12:11 48,736 --a--c--- F:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-07-11 18:51 . 2001-08-17 22:36 24,660 --a--c--- F:\WINDOWS\system32\dllcache\spxupchk.dll
2008-07-11 18:51 . 2001-08-17 13:51 16,896 --a--c--- F:\WINDOWS\system32\dllcache\stcusb.sys
2008-07-11 18:50 . 2001-08-17 22:36 114,688 --a--c--- F:\WINDOWS\system32\dllcache\sonypi.dll
2008-07-11 18:50 . 2001-08-17 12:51 58,368 --a--c--- F:\WINDOWS\system32\dllcache\smiminib.sys
2008-07-11 18:50 . 2001-08-17 12:51 37,040 --a--c--- F:\WINDOWS\system32\dllcache\sonypi.sys
2008-07-11 18:50 . 2001-08-17 12:51 20,752 --a--c--- F:\WINDOWS\system32\dllcache\sonync.sys
2008-07-11 18:50 . 2001-08-17 14:07 19,072 --a--c--- F:\WINDOWS\system32\dllcache\sparrow.sys
2008-07-11 18:50 . 2001-08-17 13:53 9,600 --a--c--- F:\WINDOWS\system32\dllcache\sonymc.sys
2008-07-11 18:50 . 2001-08-17 13:56 7,552 --a--c--- F:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-07-11 18:50 . 2004-08-03 23:00 7,552 --a--c--- F:\WINDOWS\system32\dllcache\sonyait.sys
2008-07-11 18:50 . 2001-08-17 13:53 7,040 --a--c--- F:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-07-11 18:48 . 2004-08-03 22:41 404,990 --a--c--- F:\WINDOWS\system32\dllcache\slntamr.sys
2008-07-11 18:47 . 2001-08-17 22:36 386,560 --a--c--- F:\WINDOWS\system32\dllcache\sgiul50.dll
2008-07-11 18:47 . 2001-08-17 14:56 252,032 --a--c--- F:\WINDOWS\system32\dllcache\sis300iv.dll
2008-07-11 18:47 . 2001-07-21 14:29 161,568 --a--c--- F:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-07-11 18:47 . 2001-08-17 12:50 101,760 --a--c--- F:\WINDOWS\system32\dllcache\sis300ip.sys
2008-07-11 18:47 . 2001-08-17 12:51 98,080 --a--c--- F:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-07-11 18:47 . 2001-08-17 12:50 68,608 --a--c--- F:\WINDOWS\system32\dllcache\sis6306p.sys
2008-07-11 18:47 . 2001-08-17 12:19 36,480 --a--c--- F:\WINDOWS\system32\dllcache\sfmanm.sys
2008-07-11 18:47 . 2001-07-21 14:29 18,400 --a--c--- F:\WINDOWS\system32\dllcache\sgsmld.sys
2008-07-11 18:47 . 2001-08-17 13:53 6,784 --a--c--- F:\WINDOWS\system32\dllcache\serscan.sys
2008-07-11 18:47 . 2004-08-04 00:56 3,901 --a--c--- F:\WINDOWS\system32\dllcache\siint5.dll
2008-07-11 18:46 . 2004-08-03 22:59 43,136 --a--c--- F:\WINDOWS\system32\dllcache\sbp2port.sys
2008-07-11 18:46 . 2001-08-17 13:51 23,936 --a--c--- F:\WINDOWS\system32\dllcache\sccmusbm.sys
2008-07-11 18:46 . 2001-08-17 13:51 23,936 --a--c--- F:\WINDOWS\system32\dllcache\sccmn50m.sys
2008-07-11 18:46 . 2001-08-17 13:48 17,664 --a--c--- F:\WINDOWS\system32\dllcache\sermouse.sys
2008-07-11 18:46 . 2001-08-17 13:51 17,280 --a--c--- F:\WINDOWS\system32\dllcache\scr111.sys
2008-07-11 18:46 . 2001-08-17 13:51 16,640 --a--c--- F:\WINDOWS\system32\dllcache\scmstcs.sys
2008-07-11 18:46 . 2001-08-17 13:52 11,648 --a--c--- F:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-07-11 18:46 . 2001-08-17 13:53 10,880 --a--c--- F:\WINDOWS\system32\dllcache\scsiscan.sys
2008-07-11 18:46 . 2001-08-17 13:53 6,912 --a--c--- F:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-07-11 18:44 . 2004-08-04 00:56 397,056 --a--c--- F:\WINDOWS\system32\dllcache\s3gnb.dll
2008-07-11 18:43 . 2001-08-17 13:28 899,146 --a--c--- F:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-11 18:43 . 2001-08-17 13:28 714,762 --a--c--- F:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2008-07-11 18:43 . 2001-08-17 22:36 86,097 --a--c--- F:\WINDOWS\system32\dllcache\reslog32.dll
2008-07-11 18:43 . 2004-08-03 23:10 59,648 --a--c--- F:\WINDOWS\system32\dllcache\rfcomm.sys
2008-07-11 18:43 . 2001-08-17 22:36 41,472 --a--c--- F:\WINDOWS\system32\dllcache\qvusd.dll
2008-07-11 18:43 . 2001-08-17 12:12 37,563 --a--c--- F:\WINDOWS\system32\dllcache\rlnet5.sys
2008-07-11 18:43 . 2004-08-03 23:04 30,080 --a--c--- F:\WINDOWS\system32\dllcache\rndismpx.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 01:10 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 01:08 --------- d-----w F:\Program Files\Malwarebytes' Anti-Malware
2008-07-31 01:06 --------- d-----w F:\Program Files\Lavasoft
2008-07-31 00:58 22,652,960 --sha-w F:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 00:58 116,144 --sha-w F:\WINDOWS\system32\drivers\fidbox.idx
2008-07-30 22:23 1,487,872 ----a-w F:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-30 22:10 --------- d-----w F:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-30 19:58 --------- d-----w F:\Documents and Settings\Mine\Application Data\uTorrent
2008-07-24 00:09 17,144 ----a-w F:\WINDOWS\system32\drivers\mbam.sys
2008-07-21 22:46 --------- d---a-w F:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 22:45 --------- d-----w F:\Program Files\SpywareBlaster
2008-07-18 21:17 --------- d-----w F:\Program Files\Winamp
2008-07-18 21:15 --------- d-----w F:\Documents and Settings\Mine\Application Data\Winamp
2008-07-14 22:19 --------- d-----w F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 16:05 --------- d-----w F:\Documents and Settings\Mine\Application Data\CoreFTP
2008-07-09 22:36 --------- d-----w F:\Program Files\Trojan Killer
2008-07-09 22:25 --------- d-----w F:\Program Files\SUPERAntiSpyware
2008-07-09 22:25 --------- d-----w F:\Documents and Settings\Mine\Application Data\SUPERAntiSpyware.com
2008-07-06 16:02 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-07-06 02:28 96,520 ----a-w F:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-06 02:28 10,520 ----a-w F:\WINDOWS\system32\avgrsstx.dll
2008-06-20 17:41 245,248 ----a-w F:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w F:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w F:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w F:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-09 22:22 --------- d-----w F:\Program Files\TrojanHunter 5.0
2008-06-08 00:29 --------- d-----w F:\Program Files\CoreFTP
2008-06-04 22:01 --------- d-----w F:\Program Files\Common Files\InstallShield
2008-05-29 21:58 --------- d-----w F:\Documents and Settings\Mine\Application Data\MechCAD
2008-05-07 05:18 1,287,680 ----a-w F:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w F:\WINDOWS\system32\wininet.dll
2008-04-08 00:29 25,992 ----a-w F:\WINDOWS\system32\pgdfgsvc.exe
2008-04-07 21:19 18,000 ----a-w F:\Documents and Settings\Mine\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-07-18_20.09.03.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 16:02:28 163,328 ----a-w F:\WINDOWS\ERDNT\AutoBackup\7-20-2008\ERDNT.EXE
+ 2008-07-20 16:27:22 4,493,312 ----a-w F:\WINDOWS\ERDNT\AutoBackup\7-20-2008\Users\00000001\NTUSER.DAT
+ 2008-07-20 16:27:22 155,648 ----a-w F:\WINDOWS\ERDNT\AutoBackup\7-20-2008\Users\00000002\UsrClass.dat
+ 2005-10-20 16:02:28 163,328 ----a-w F:\WINDOWS\ERDNT\AutoBackup\7-30-2008\ERDNT.EXE
+ 2008-07-30 20:16:09 4,579,328 ----a-w F:\WINDOWS\ERDNT\AutoBackup\7-30-2008\Users\00000001\NTUSER.DAT
+ 2008-07-30 20:16:10 155,648 ----a-w F:\WINDOWS\ERDNT\AutoBackup\7-30-2008\Users\00000002\UsrClass.dat
- 2008-03-14 22:24:12 93,128 ----a-w F:\WINDOWS\system32\ElbyCDIO.dll
+ 2008-06-26 11:06:39 93,128 ----a-w F:\WINDOWS\system32\ElbyCDIO.dll
+ 2008-07-31 00:58:54 146,376 ----a-w F:\WINDOWS\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 08:15 344064]
"IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 02:50 204800]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 22:29 1232152]
"NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"ZoneAlarm Client"="F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]

F:\Documents and Settings\Mine\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - F:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= F:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 PQV2i;PQV2i;F:\WINDOWS\system32\drivers\PQV2i.sys [2003-06-03 15:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;F:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 22:28]
R1 PQIMount;PQIMount;F:\WINDOWS\system32\drivers\PQIMount.sys [2003-06-03 15:52]
R2 avg8wd;AVG8 WatchDog;F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 22:29]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;F:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-26 21:47:39 F:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1206567840.job"
- F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Append to existing PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert link target to Adobe PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - F:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: E&xport to Microsoft Excel - F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O18 -: Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - F:\Program Files\CoreFTP\pftpns.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 21:31:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-30 21:33:03
ComboFix-quarantined-files.txt 2008-07-31 01:32:53
ComboFix2.txt 2008-07-19 00:10:24

Pre-Run: 103,954,075,648 bytes free
Post-Run: 103,935,176,704 bytes free

267 --- E O F --- 2008-07-09 21:43:30

Combofix
ComboFix 08-08-08.02 - Mine 2008-08-08 12:21:53.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.421 [GMT -4:00]
Running from: F:\Documents and Settings\Mine\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-07-08 to 2008-08-08 )))))))))))))))))))))))))))))))
.

2008-08-07 13:04 . 2008-08-07 13:08 <DIR> d-------- F:\Program Files\SpywareGuard
2008-08-06 20:32 . 2008-08-06 20:32 <DIR> d-------- F:\Combo-Fix
2008-08-01 21:58 . 2008-08-01 21:59 686,630 --a------ F:\dss.exe
2008-07-23 18:01 . 2008-07-23 18:51 <DIR> d-------- F:\Documents and Settings\Mine\Application Data\gtk-2.0
2008-07-22 18:17 . 2008-07-22 18:17 <DIR> d-------- F:\Program Files\Avira
2008-07-16 17:01 . 2008-07-16 17:01 24,392 --a------ F:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-16 10:34 . 2008-07-16 10:34 28 --a------ F:\WINDOWS\system32\kifile
2008-07-16 10:34 . 2008-07-16 10:34 19 --a------ F:\WINDOWS\system32\nifile
2008-07-16 10:33 . 2008-07-16 10:33 <DIR> d--hs---- F:\WINDOWS\ftpcache
2008-07-16 09:45 . 2008-07-16 09:45 99,648 --a------ F:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-14 16:53 . 2008-07-14 16:53 <DIR> d-------- F:\Program Files\CDisplay
2008-07-14 16:45 . 2008-07-23 18:52 <DIR> d-------- F:\Documents and Settings\Mine\.gimp-2.4
2008-07-14 12:58 . 2008-07-14 12:58 <DIR> d-a------ F:\Program Files\ZoneAlarmSB
2008-07-14 12:54 . 2008-08-08 11:01 352,918 --a------ F:\WINDOWS\system32\vsconfig.xml
2008-07-14 12:26 . 2008-07-09 09:05 75,248 --a------ F:\WINDOWS\zllsputility.exe
2008-07-14 12:25 . 2008-07-09 09:05 1,086,952 --a------ F:\WINDOWS\system32\zpeng24.dll
2008-07-12 14:45 . 2008-07-12 14:45 <DIR> d-------- F:\Documents and Settings\Mine\.thumbnails
2008-07-11 20:14 . 2008-07-11 20:22 <DIR> d-------- F:\Program Files\digestIT 2004
2008-07-11 19:01 . 2004-08-04 00:56 116,224 --a--c--- F:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-07-11 19:01 . 2001-08-17 22:37 99,865 --a--c--- F:\WINDOWS\system32\dllcache\xlog.exe
2008-07-11 19:01 . 2001-08-17 22:37 27,648 --a--c--- F:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-07-11 19:01 . 2001-08-17 22:36 23,040 --a--c--- F:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-07-11 19:01 . 2004-08-03 22:29 19,455 --a--c--- F:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-07-11 19:01 . 2004-08-03 23:10 19,328 --a--c--- F:\WINDOWS\system32\dllcache\wstcodec.sys
2008-07-11 19:01 . 2001-08-17 22:36 17,408 --a--c--- F:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-07-11 19:01 . 2001-08-17 12:11 16,970 --a--c--- F:\WINDOWS\system32\dllcache\xem336n5.sys
2008-07-11 19:01 . 2001-08-17 22:37 4,608 --a--c--- F:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-07-11 19:00 . 2004-08-03 22:31 154,624 --a--c--- F:\WINDOWS\system32\dllcache\wlluc48.sys
2008-07-11 19:00 . 2001-08-17 12:12 34,890 --a--c--- F:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-07-11 19:00 . 2004-08-03 22:29 12,063 --a--c--- F:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-07-11 19:00 . 2004-08-03 23:07 8,832 --a--c--- F:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-07-11 19:00 . 2004-08-04 00:56 8,192 --a--c--- F:\WINDOWS\system32\dllcache\wshirda.dll
2008-07-11 18:58 . 2001-08-17 13:28 604,253 --a--c--- F:\WINDOWS\system32\dllcache\vmodem.sys
2008-07-11 18:58 . 2001-08-17 13:28 397,502 --a--c--- F:\WINDOWS\system32\dllcache\vpctcom.sys
2008-07-11 18:58 . 2001-08-17 12:14 249,402 --a--c--- F:\WINDOWS\system32\dllcache\vinwm.sys
2008-07-11 18:58 . 2001-08-17 13:28 64,605 --a--c--- F:\WINDOWS\system32\dllcache\vvoice.sys
2008-07-11 18:58 . 2004-08-04 00:56 28,672 --a--c--- F:\WINDOWS\system32\dllcache\vidcap.ax
2008-07-11 18:58 . 2001-08-17 13:49 24,576 --a--c--- F:\WINDOWS\system32\dllcache\viairda.sys
2008-07-11 18:58 . 2001-08-17 12:13 19,528 --a--c--- F:\WINDOWS\system32\dllcache\w840nd.sys
2008-07-11 18:58 . 2001-08-17 12:13 19,016 --a--c--- F:\WINDOWS\system32\dllcache\w926nd.sys
2008-07-11 18:58 . 2001-08-17 12:13 16,925 --a--c--- F:\WINDOWS\system32\dllcache\w940nd.sys
2008-07-11 18:56 . 2001-08-17 22:36 94,720 --a--c--- F:\WINDOWS\system32\dllcache\umaxud32.dll
2008-07-11 18:56 . 2001-08-17 22:36 69,632 --a--c--- F:\WINDOWS\system32\dllcache\umaxu12.dll
2008-07-11 18:56 . 2004-08-03 23:07 59,264 --a--c--- F:\WINDOWS\system32\dllcache\usbaudio.sys
2008-07-11 18:56 . 2001-08-17 22:36 50,688 --a--c--- F:\WINDOWS\system32\dllcache\umaxscan.dll
2008-07-11 18:56 . 2001-08-17 22:36 50,176 --a--c--- F:\WINDOWS\system32\dllcache\umaxp60.dll
2008-07-11 18:56 . 2001-08-17 22:36 47,616 --a--c--- F:\WINDOWS\system32\dllcache\umaxcam.dll
2008-07-11 18:56 . 2004-08-03 22:31 32,384 --a--c--- F:\WINDOWS\system32\dllcache\usb101et.sys
2008-07-11 18:56 . 2001-08-17 22:36 28,160 --a--c--- F:\WINDOWS\system32\dllcache\umaxu40.dll
2008-07-11 18:56 . 2001-08-17 22:36 26,624 --a--c--- F:\WINDOWS\system32\dllcache\umaxu22.dll
2008-07-11 18:56 . 2001-08-17 13:58 22,912 --a--c--- F:\WINDOWS\system32\dllcache\umaxpcls.sys
2008-07-11 18:56 . 2004-08-03 23:04 12,672 --a--c--- F:\WINDOWS\system32\dllcache\usb8023x.sys
2008-07-11 18:55 . 2001-08-17 22:36 525,568 --a--c--- F:\WINDOWS\system32\dllcache\tridxp.dll
2008-07-11 18:55 . 2001-08-17 14:56 440,576 --a--c--- F:\WINDOWS\system32\dllcache\tridkb.dll
2008-07-11 18:55 . 2001-08-17 12:51 222,336 --a--c--- F:\WINDOWS\system32\dllcache\trid3dm.sys
2008-07-11 18:55 . 2001-08-17 22:36 216,064 --a--c--- F:\WINDOWS\system32\dllcache\um34scan.dll
2008-07-11 18:55 . 2001-08-17 22:36 211,968 --a--c--- F:\WINDOWS\system32\dllcache\um54scan.dll
2008-07-11 18:55 . 2001-08-17 12:51 166,784 --a--c--- F:\WINDOWS\system32\dllcache\tridxpm.sys
2008-07-11 18:55 . 2001-08-17 12:51 159,232 --a--c--- F:\WINDOWS\system32\dllcache\tridkbm.sys
2008-07-11 18:55 . 2004-08-03 23:07 44,672 --a--c--- F:\WINDOWS\system32\dllcache\uagp35.sys
2008-07-11 18:55 . 2001-08-17 13:52 36,736 --a--c--- F:\WINDOWS\system32\dllcache\ultra.sys
2008-07-11 18:55 . 2001-08-17 13:48 11,520 --a--c--- F:\WINDOWS\system32\dllcache\twotrack.sys
2008-07-11 18:54 . 2001-08-17 14:56 315,520 --a--c--- F:\WINDOWS\system32\dllcache\trid3d.dll
2008-07-11 18:54 . 2001-08-17 14:01 241,664 --a--c--- F:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-07-11 18:54 . 2001-08-17 14:02 230,912 --a--c--- F:\WINDOWS\system32\dllcache\tosdvd03.sys
2008-07-11 18:54 . 2001-08-17 12:14 123,995 --a--c--- F:\WINDOWS\system32\dllcache\tjisdn.sys
2008-07-11 18:54 . 2004-08-04 00:56 82,432 --a--c--- F:\WINDOWS\system32\dllcache\tp4mon.exe
2008-07-11 18:54 . 2001-08-17 22:35 42,496 --a--c--- F:\WINDOWS\system32\dllcache\tp4res.dll
2008-07-11 18:54 . 2001-08-17 12:12 34,375 --a--c--- F:\WINDOWS\system32\dllcache\tpro4.sys
2008-07-11 18:54 . 2001-08-17 22:36 31,744 --a--c--- F:\WINDOWS\system32\dllcache\tp4.dll
2008-07-11 18:54 . 2001-08-17 12:10 28,232 --a--c--- F:\WINDOWS\system32\dllcache\tos4mo.sys
2008-07-11 18:54 . 2001-08-17 13:51 4,992 --a--c--- F:\WINDOWS\system32\dllcache\toside.sys
2008-07-11 18:53 . 2001-08-17 14:56 172,768 --a--c--- F:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-07-11 18:53 . 2004-08-03 23:00 149,376 --a--c--- F:\WINDOWS\system32\dllcache\tffsport.sys
2008-07-11 18:53 . 2001-08-17 12:51 138,528 --a--c--- F:\WINDOWS\system32\dllcache\tgiulnt5.sys
2008-07-11 18:53 . 2001-08-17 14:56 81,408 --a--c--- F:\WINDOWS\system32\dllcache\tgiul50.dll
2008-07-11 18:53 . 2001-08-17 12:13 37,961 --a--c--- F:\WINDOWS\system32\dllcache\tdk100b.sys
2008-07-11 18:53 . 2001-08-17 12:50 36,640 --a--c--- F:\WINDOWS\system32\dllcache\t2r4mini.sys
2008-07-11 18:53 . 2001-08-17 13:49 30,464 --a--c--- F:\WINDOWS\system32\dllcache\tbatm155.sys
2008-07-11 18:53 . 2001-08-17 12:13 17,129 --a--c--- F:\WINDOWS\system32\dllcache\tdkcd31.sys
2008-07-11 18:53 . 2001-08-17 13:52 7,040 --a--c--- F:\WINDOWS\system32\dllcache\tandqic.sys
2008-07-11 18:51 . 2001-08-17 12:18 285,760 --a--c--- F:\WINDOWS\system32\dllcache\stlnata.sys
2008-07-11 18:51 . 2001-08-17 22:36 155,648 --a--c--- F:\WINDOWS\system32\dllcache\stlnprop.dll
2008-07-11 18:51 . 2001-08-17 22:36 106,584 --a--c--- F:\WINDOWS\system32\dllcache\spdports.dll
2008-07-11 18:51 . 2001-08-17 22:36 99,328 --a--c--- F:\WINDOWS\system32\dllcache\srusd.dll
2008-07-11 18:51 . 2001-08-17 13:51 61,824 --a--c--- F:\WINDOWS\system32\dllcache\speed.sys
2008-07-11 18:51 . 2001-08-17 22:36 53,248 --a--c--- F:\WINDOWS\system32\dllcache\stlncoin.dll
2008-07-11 18:51 . 2001-08-17 12:11 48,736 --a--c--- F:\WINDOWS\system32\dllcache\srwlnd5.sys
2008-07-11 18:51 . 2001-08-17 22:36 24,660 --a--c--- F:\WINDOWS\system32\dllcache\spxupchk.dll
2008-07-11 18:51 . 2001-08-17 13:51 16,896 --a--c--- F:\WINDOWS\system32\dllcache\stcusb.sys
2008-07-11 18:50 . 2001-08-17 22:36 114,688 --a--c--- F:\WINDOWS\system32\dllcache\sonypi.dll
2008-07-11 18:50 . 2001-08-17 12:51 58,368 --a--c--- F:\WINDOWS\system32\dllcache\smiminib.sys
2008-07-11 18:50 . 2001-08-17 12:51 37,040 --a--c--- F:\WINDOWS\system32\dllcache\sonypi.sys
2008-07-11 18:50 . 2001-08-17 12:51 20,752 --a--c--- F:\WINDOWS\system32\dllcache\sonync.sys
2008-07-11 18:50 . 2001-08-17 14:07 19,072 --a--c--- F:\WINDOWS\system32\dllcache\sparrow.sys
2008-07-11 18:50 . 2001-08-17 13:53 9,600 --a--c--- F:\WINDOWS\system32\dllcache\sonymc.sys
2008-07-11 18:50 . 2001-08-17 13:56 7,552 --a--c--- F:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-07-11 18:50 . 2004-08-03 23:00 7,552 --a--c--- F:\WINDOWS\system32\dllcache\sonyait.sys
2008-07-11 18:50 . 2001-08-17 13:53 7,040 --a--c--- F:\WINDOWS\system32\dllcache\snyaitmc.sys
2008-07-11 18:48 . 2004-08-03 22:41 404,990 --a--c--- F:\WINDOWS\system32\dllcache\slntamr.sys
2008-07-11 18:47 . 2001-08-17 22:36 386,560 --a--c--- F:\WINDOWS\system32\dllcache\sgiul50.dll
2008-07-11 18:47 . 2001-08-17 14:56 252,032 --a--c--- F:\WINDOWS\system32\dllcache\sis300iv.dll
2008-07-11 18:47 . 2001-07-21 14:29 161,568 --a--c--- F:\WINDOWS\system32\dllcache\sgsmusb.sys
2008-07-11 18:47 . 2001-08-17 12:50 101,760 --a--c--- F:\WINDOWS\system32\dllcache\sis300ip.sys
2008-07-11 18:47 . 2001-08-17 12:51 98,080 --a--c--- F:\WINDOWS\system32\dllcache\sgiulnt5.sys
2008-07-11 18:47 . 2001-08-17 12:50 68,608 --a--c--- F:\WINDOWS\system32\dllcache\sis6306p.sys
2008-07-11 18:47 . 2001-08-17 12:19 36,480 --a--c--- F:\WINDOWS\system32\dllcache\sfmanm.sys
2008-07-11 18:47 . 2001-07-21 14:29 18,400 --a--c--- F:\WINDOWS\system32\dllcache\sgsmld.sys
2008-07-11 18:47 . 2001-08-17 13:53 6,784 --a--c--- F:\WINDOWS\system32\dllcache\serscan.sys
2008-07-11 18:47 . 2004-08-04 00:56 3,901 --a--c--- F:\WINDOWS\system32\dllcache\siint5.dll
2008-07-11 18:46 . 2004-08-03 22:59 43,136 --a--c--- F:\WINDOWS\system32\dllcache\sbp2port.sys
2008-07-11 18:46 . 2001-08-17 13:51 23,936 --a--c--- F:\WINDOWS\system32\dllcache\sccmusbm.sys
2008-07-11 18:46 . 2001-08-17 13:51 23,936 --a--c--- F:\WINDOWS\system32\dllcache\sccmn50m.sys
2008-07-11 18:46 . 2001-08-17 13:48 17,664 --a--c--- F:\WINDOWS\system32\dllcache\sermouse.sys
2008-07-11 18:46 . 2001-08-17 13:51 17,280 --a--c--- F:\WINDOWS\system32\dllcache\scr111.sys
2008-07-11 18:46 . 2001-08-17 13:51 16,640 --a--c--- F:\WINDOWS\system32\dllcache\scmstcs.sys
2008-07-11 18:46 . 2001-08-17 13:52 11,648 --a--c--- F:\WINDOWS\system32\dllcache\scsiprnt.sys
2008-07-11 18:46 . 2001-08-17 13:53 10,880 --a--c--- F:\WINDOWS\system32\dllcache\scsiscan.sys
2008-07-11 18:46 . 2001-08-17 13:53 6,912 --a--c--- F:\WINDOWS\system32\dllcache\seaddsmc.sys
2008-07-11 18:44 . 2004-08-04 00:56 397,056 --a--c--- F:\WINDOWS\system32\dllcache\s3gnb.dll
2008-07-11 18:43 . 2001-08-17 13:28 899,146 --a--c--- F:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-11 18:43 . 2001-08-17 13:28 714,762 --a--c--- F:\WINDOWS\system32\dllcache\r2mdmkxx.sys
2008-07-11 18:43 . 2001-08-17 22:36 86,097 --a--c--- F:\WINDOWS\system32\dllcache\reslog32.dll
2008-07-11 18:43 . 2004-08-03 23:10 59,648 --a--c--- F:\WINDOWS\system32\dllcache\rfcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 16:20 --------- d-----w F:\Documents and Settings\Mine\Application Data\uTorrent
2008-08-08 15:52 --------- d-----w F:\Program Files\Malwarebytes' Anti-Malware
2008-08-08 14:57 22,652,960 --sha-w F:\WINDOWS\system32\drivers\fidbox.dat
2008-08-08 14:57 193,832 --sha-w F:\WINDOWS\system32\drivers\fidbox.idx
2008-08-08 06:38 958,300 ----a-w F:\WINDOWS\Internet Logs\tvDebug.zip
2008-08-08 06:18 --------- d-----w F:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-07 17:36 --------- d---a-w F:\Documents and Settings\All Users\Application Data\TEMP
2008-08-07 17:34 --------- d-----w F:\Program Files\SpywareBlaster
2008-07-31 01:10 --------- d-----w F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-31 01:06 --------- d-----w F:\Program Files\Lavasoft
2008-07-30 22:23 1,487,872 ----a-w F:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-23 21:59 --------- d-----w F:\Program Files\GIMP-2.0
2008-07-18 21:17 --------- d-----w F:\Program Files\Winamp
2008-07-18 21:15 --------- d-----w F:\Documents and Settings\Mine\Application Data\Winamp
2008-07-14 22:19 --------- d-----w F:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-14 16:05 --------- d-----w F:\Documents and Settings\Mine\Application Data\CoreFTP
2008-07-10 22:01 --------- d-----w F:\Documents and Settings\Mine\Application Data\Sony Corporation
2008-07-10 21:02 --------- d-----w F:\Program Files\Gabest
2008-07-09 22:36 --------- d-----w F:\Program Files\Trojan Killer
2008-07-09 22:25 --------- d-----w F:\Program Files\SUPERAntiSpyware
2008-07-09 22:25 --------- d-----w F:\Documents and Settings\Mine\Application Data\SUPERAntiSpyware.com
2008-07-08 20:05 --------- d-----w F:\Program Files\AviSynth 2.5
2008-07-07 23:10 --------- d-----w F:\Program Files\audiograbber
2008-07-06 16:02 --------- d--h--w F:\Program Files\InstallShield Installation Information
2008-07-06 02:28 96,520 ----a-w F:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-06 02:28 10,520 ----a-w F:\WINDOWS\system32\avgrsstx.dll
2008-07-04 04:34 --------- d-----w F:\Program Files\Common Files\GTK
2008-06-26 11:06 93,128 ----a-w F:\WINDOWS\system32\ElbyCDIO.dll
2008-06-20 17:41 245,248 ----a-w F:\WINDOWS\system32\SET9.tmp
2008-06-20 17:41 245,248 ----a-w F:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w F:\WINDOWS\system32\SETA.tmp
2008-06-20 10:45 360,320 ----a-w F:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w F:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w F:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 17:20 --------- d-----w F:\Documents and Settings\Mine\Application Data\IsolatedStorage
2008-06-14 14:06 43,698 ----a-w F:\WINDOWS\system32\xvid-uninstall.exe
2008-06-14 14:06 --------- d-----w F:\Program Files\AutoGK
2008-06-14 14:04 --------- d-----w F:\Program Files\DVD Decrypter
2008-06-14 01:51 --------- d-----w F:\Program Files\FLV Player
2008-06-13 13:10 272,128 ----a-w F:\WINDOWS\system32\drivers\bthport.sys
2008-06-09 22:22 --------- d-----w F:\Program Files\TrojanHunter 5.0
2008-06-08 00:30 --------- d-----w F:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-06-08 00:29 --------- d-----w F:\Program Files\CoreFTP
2008-04-07 21:19 18,000 ----a-w F:\Documents and Settings\Mine\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 08:15 344064]
"IntelliPoint"="F:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 02:50 204800]
"AVG8_TRAY"="F:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-05 22:29 1232152]
"NeroFilterCheck"="F:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]
"ZoneAlarm Client"="F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]

F:\Documents and Settings\Mine\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - F:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08 38912]
SpywareGuard.lnk - F:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.ffds"= F:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=F:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=F:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 F:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 F:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"F:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 PQV2i;PQV2i;F:\WINDOWS\system32\drivers\PQV2i.sys [2003-06-03 15:52]
R1 AvgLdx86;AVG AVI Loader Driver x86;F:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 22:28]
R1 PQIMount;PQIMount;F:\WINDOWS\system32\drivers\PQIMount.sys [2003-06-03 15:52]
R2 avg8wd;AVG8 WatchDog;F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 22:29]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;F:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 18:31]
.
Contents of the 'Scheduled Tasks' folder

2008-06-26 F:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1206567840.job
- F:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 17:56]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - F:\Documents and Settings\Mine\Application Data\Mozilla\Firefox\Profiles\uqwlrpl2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-08 12:25:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-08 12:27:08
ComboFix-quarantined-files.txt 2008-08-08 16:26:57
ComboFix2.txt 2008-07-31 01:33:05

Pre-Run: 104,505,462,784 bytes free
Post-Run: 104,542,556,160 bytes free

257 --- E O F --- 2008-07-09 21:43:30

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:07 AM

Posted 15 August 2008 - 11:10 PM

Hello, Necrotic Freak.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Please let me know of any problems you may have encountered.

In your next reply, please include the following:
  • ESET OnlineScan's Log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Necrotic Freak

Necrotic Freak
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 16 August 2008 - 12:10 PM

I updated the java and had a hard time rebooting. it took about ten attempts to actually get it to boot up. It would go to just after the selection of booting to the recovery councle or into windows, before repeating. i got it to boot but i admit my hesitation to attempting to reboot again, in fear of having to reformat.

ESET log

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3360 (20080815)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=6aeaf862f1582646921cad1cb55af84e
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-16 08:08:16
# local_time=2008-08-16 04:08:16 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=205087
# found=0
# scan_time=5002

EDIT: Service Pack 3 installed still udating windows.

Edited by Necrotic Freak, 17 August 2008 - 10:10 AM.


#8 Necrotic Freak

Necrotic Freak
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 17 August 2008 - 12:14 PM

Billy,

I can not get theses update to install.

Security Update for Windows XP with Windows Media Format Runtime 9.5 and 11 (KB941569)
Update for Windows XP (KB951978)
Update for Windows Media Player 11 for Windows XP (KB939683)
Security Update for Windows Media Player 11 for Windows XP (KB936782)
Update for Windows Media Format 11 SDK for Windows XP (KB929399)

EDIT: As a bundle or individually.

Edited by Necrotic Freak, 17 August 2008 - 12:41 PM.


#9 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:07 AM

Posted 17 August 2008 - 12:45 PM

Hello, Necrotic Freak.
Alright.. those updates are all related to Windows Media Player. You should be fine without them for now :)

You may wish to start a topic in the WinXP forum located here:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/

People more experienced with Windows Update can assist there.

You now appear to be clean. Congratulations!

We need to remove ComboFix
  • Click START then RUN
  • Now type or copy Combofix /u in the runbox and click OK.
    Note the space between the X and the U, it needs to be there.
    Posted Image
We need to clean up our tools.
  • Please download OTMoveIt2 by OldTimer and save it to your desktop.
  • Click the Clean Up button.
    Posted Image
  • Accept any prompts.
  • This will remove any tools we used, including OTMoveIt, and will require a reboot.
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. Just find your country room and register your complaint.
The infections you had were "None :wink:"

Below are some steps to follow in order to dramatically lower the chances of reinfection.
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.
  • Set a New Restore Point to prevent possible reinfection from an old one.
    Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.
    You can view a video of the following instructions.
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then go to Start > Run and type: Cleanmgr
    • Click "OK".
    • Click the "More Options" Tab.
    • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
    Note: You should only do this once!
    :thumbsup:
  • Make sure you install all the security updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
    Go here to check for & install updates to Microsoft applications.
    Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.
    :)
  • Keep your non-Microsoft applications updated as well
    Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    :)
  • Make Internet Explorer more secure
    • Click Start -> Run
    • Type "Inetcpl.cpl" (without quotes) & click OK.
    • Click on the Security tab.
    • Click "Reset all zones to default level"
    • Make sure the Internet Zone is selected & click "Custom level"
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls") to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Click OK, then Apply, then OK to exit the Internet Properties page.
    :)
  • Install SpywareBlaster & make sure to update it regularly
    SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing themselves on your computer.
    If you don't know what ActiveX controls are, see here
    You can download SpywareBlaster from here.
    :spacer:
  • Install and use Spybot Search & Destroy
    Instructions are located here
    Make sure you update, reimmunize & scan regularly.
    :spacer:
  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of Microsoft Windows includes a hosts file. A hosts file is a bit like a phone book: it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites.
    Spybot Search & Destroy has a good HOSTS file built in. To enable it,
    • Run Spybot Search & Destroy
    • Click the Mode button on the toolbar, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on "Tools", and then on Hosts File.
    • Click on "Add Spybot-S&D hosts list"
    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
    • Click Start -> Run.
    • Type "services.msc" (without quotes) & click OK.
    • In the list, find the service called "DNS Client" & double click on it.
    • On the dropdown box, change the setting from "Automatic" to "Manual".
    • Click OK.
    • Exit/close the Services window
    For a more detailed explanation of the HOSTS file, click here.
    :spacer:
  • Install a-squared Free & update and scan with it regularly
    a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
    Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers
    :spacer:
  • Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date!
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#10 Necrotic Freak

Necrotic Freak
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 17 August 2008 - 01:02 PM

Great to hear. Thanks a million. I am D/L OTMoveIt2 as we speak. If I was clean and just out of date why would I get 500+ outgoing attemps blocked by Zone alarm in less than an hour all to different IP addys? (I actually looked at them all) I guess it was java or at least java based, because once java was updated it stopped. Well thats my theory. Would you need anything to be certain?


EDIT: I would like to learn more about becoming a HJT team member Any info would be greatly appreciated.

Edited by Necrotic Freak, 17 August 2008 - 01:16 PM.


#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:07 AM

Posted 17 August 2008 - 02:30 PM

I'm not exactly sure.. but if your're using a peer to peer program that may cause such messages from ZA.

If you get any more issues, feel free to send me a PM. :thumbsup:

Have a nice day,
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 Necrotic Freak

Necrotic Freak
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:03:07 AM

Posted 17 August 2008 - 04:28 PM

Cool, thanks again Billy

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:07 AM

Posted 18 August 2008 - 10:23 AM

Hello, Necrotic Freak.
Since this issue appears resolved, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users