Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware - cciatho.dll, ntjywhp.dll


  • This topic is locked This topic is locked
26 replies to this topic

#1 sk8rdad

sk8rdad

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 14 December 2008 - 10:47 AM

About 6 months ago the internet provider this system is connected to advised that spam was being sent out from this one computer in the office. I managed to resolve the problem, but can't remember the details. Things have been running smoothly until about 2 months ago.
Within a few minutes of launching Outlook 2003 SP3 on this Windows XP SP3 computer, an error pops up on the screen - something to do with c:\windows\system32\cciatho.dll is not a valid image file - it then references any number of valid processes that are running, including the McAfee antivirus processes.

From event viewer: Application popup: SHSTAT.EXE - Bad Image : The application or DLL c:\windows\system32\cciatho.dll is not a valid Windows image. Please check this against your installation diskette.

Once this happens, the system starts to behave strangely, and one of many services starts to take up 100% of CPU resources - it could be explorer.exe, winlogon.exe, or svchost. The actual file varies.

Looking at the file cciatho.dll a few days ago showed it was related to the Internet Connection Wizard - so my thinking at that time was that I had some sort of worm on the system that was trying to connect. Yesterday, I brought in a BartsPE CD and deleted the cciatho.dll file from system32. On reboot, it had returned, only this time the same file showed it was related to Quicktime. I deleted it a second time, and on reboot it's back again showing it's related to Media Player. Something isn't right. It's the same file size and date stamp as another unusual file - ntjywhp.dll - which says it's connected to SMCorp.
I can find no mention of either of these files doing google searches.

I've disabled system restore in policy since disabling system restore any other way just resulted in it getting turned back on again, another indication that there's some sort of malware on the system.

I have run scans from Kaspersky, BitDefender, Spybot Search and Destroy 1.6, and McAfee 8.7's own scan but found nothing. I've run KillBox to remove the file - but it tells me it can't. I tried removing it on reboot, and renaming it on reboot - but neither worked. I've run autoruns and the offending dll's don't show up as loaded, even when the error is on the screen. I'm just about at wits end here.

Below are the log files generated by RSIT:

Logfile of random's system information tool 1.04 (written by random/random)
Run by XXXXX at 2008-12-14 10:19:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (48%) free of 30 GB
Total RAM: 2040 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:46 AM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\patches\malware scan tools\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Don Blair.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1985ECA8-B8E9-49A0-85D4-92480FB453DF} - c:\windows\system32\ntjywhp.dll
O2 - BHO: (no name) - {3A2F9569-F38D-4FF5-8364-88E38DFA67B0} - C:\DOCUME~1\Maureen\LOCALS~1\Temp\InfoWindows.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer...SWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1096404955953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227984586265
O16 - DPF: {8B6193F1-837F-11D4-89E6-0050DA666184} (Sol2axctl Class) - http://download.solitaire.com/download/solitaire.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/...tupv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{667932BC-E951-4A28-8AD5-776F0CC9471D}: NameServer = 24.226.10.193,24.226.10.93,24.226.10.194
O20 - Winlogon Notify: mxtvnsad - C:\WINDOWS\SYSTEM32\ntjywhp.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6710 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Defrag All Hard Drives.job
C:\WINDOWS\tasks\MoniqueBackup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1985ECA8-B8E9-49A0-85D4-92480FB453DF}]
c:\windows\system32\ntjywhp.dll [2003-03-31 105472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2F9569-F38D-4FF5-8364-88E38DFA67B0}]
C:\DOCUME~1\Maureen\LOCALS~1\Temp\InfoWindows.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2008-09-29 61200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RoxioDragToDisc"=C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [2003-09-24 868352]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2008-03-14 136512]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2008-09-29 124240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2002-10-15 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-01-07 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2002-10-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2003-12-09 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe [2003-05-01 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2002-09-10 46592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-07-05 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk]
C:\PROGRA~1\APC\APCPOW~1\Display.exe [2002-10-15 209016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe [2003-10-25 724992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-10-15 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mxtvnsad]
C:\WINDOWS\system32\ntjywhp.dll [2003-03-31 105472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-14 10:19:20 ----D---- C:\rsit
2008-12-14 09:25:12 ----D---- C:\Program Files\Trend Micro
2008-12-14 09:23:45 ----D---- C:\QUARANTINE
2008-12-14 08:18:06 ----D---- C:\!KillBox
2008-12-14 07:57:34 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-13 14:34:57 ----D---- C:\WINDOWS\BDOSCAN8
2008-12-11 14:04:37 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 14:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-11 14:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 14:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 14:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-06 10:57:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-06 10:57:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-06 10:57:31 ----A---- C:\WINDOWS\system32\java.exe
2008-11-30 09:22:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-11-30 09:22:50 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-11-29 15:50:51 ----A---- C:\WINDOWS\unins001.exe
2008-11-29 14:34:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-29 14:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB902344$
2008-11-29 14:33:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-29 14:23:00 ----D---- C:\WINDOWS\Prefetch
2008-11-29 14:21:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-29 14:21:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-29 14:21:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-29 14:21:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-29 14:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-29 14:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-29 14:20:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-29 14:20:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-29 14:20:13 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-29 14:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-29 14:19:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-29 14:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-29 14:19:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-29 14:19:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-29 14:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-11-29 14:19:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-29 14:19:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-29 14:18:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-29 14:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-29 14:18:37 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-29 14:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-29 14:13:44 ----D---- C:\WINDOWS\system32\scripting
2008-11-29 14:13:43 ----D---- C:\WINDOWS\system32\en
2008-11-29 14:13:43 ----D---- C:\WINDOWS\l2schemas
2008-11-29 14:11:09 ----D---- C:\WINDOWS\network diagnostic
2008-11-29 14:03:35 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-29 14:03:34 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-29 14:03:28 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-29 14:03:26 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-29 14:03:26 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-29 14:03:26 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-29 14:03:24 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-29 14:03:24 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-29 14:03:24 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-29 14:03:24 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-29 14:03:24 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-29 14:03:24 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-29 14:03:24 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-29 14:03:21 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-29 14:03:19 ----A---- C:\WINDOWS\006281_.tmp
2008-11-29 14:03:08 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-11-29 14:03:08 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-11-29 14:02:59 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-29 14:02:59 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-29 14:02:59 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-29 14:02:59 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-29 14:02:58 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-29 14:02:57 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-29 14:02:47 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-29 14:02:47 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-29 14:02:47 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-29 14:02:47 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-29 14:02:33 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-29 14:02:33 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-29 14:02:31 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-29 14:02:31 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-11-29 14:02:30 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-29 14:02:30 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-29 14:02:30 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-29 14:02:21 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-29 14:02:19 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-29 14:02:17 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-29 14:02:17 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-29 14:02:16 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-29 14:02:15 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-29 14:02:15 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-29 14:02:11 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-29 14:01:59 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-29 14:01:54 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-29 14:01:54 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-29 14:01:52 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-29 14:01:50 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-29 14:01:49 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-29 11:31:06 ----D---- C:\WINDOWS\SDOLD
2008-11-29 10:09:55 ----D---- C:\Program Files\Panda Security
2008-11-24 16:55:58 ----A---- C:\WINDOWS\system32\mfevtps.exe
2008-11-24 16:54:59 ----D---- C:\Program Files\Common Files\Cisco Systems
2008-11-24 16:54:55 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-24 16:54:50 ----D---- C:\Program Files\McAfee
2008-11-24 16:54:50 ----D---- C:\Program Files\Common Files\McAfee
2008-11-24 16:48:36 ----D---- C:\Documents and Settings\USER3\Application Data\Mozilla
2008-11-24 16:32:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-24 16:07:59 ----A---- C:\WINDOWS\ntbtlog.txt

======List of files/folders modified in the last 1 months======

2008-12-14 10:14:57 ----SHD---- C:\System Volume Information
2008-12-14 10:14:57 ----D---- C:\WINDOWS\system32\Restore
2008-12-14 09:52:28 ----D---- C:\WINDOWS\Temp
2008-12-14 09:51:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 09:51:31 ----SHD---- C:\WINDOWS\CSC
2008-12-14 09:25:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 09:25:12 ----RD---- C:\Program Files
2008-12-14 09:17:03 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-14 09:16:31 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 08:06:41 ----D---- C:\Documents and Settings
2008-12-14 07:57:34 ----D---- C:\WINDOWS
2008-12-14 03:57:12 ----D---- C:\WINDOWS\system32
2008-12-13 14:35:00 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-13 14:34:57 ----HD---- C:\WINDOWS\inf
2008-12-13 14:17:30 ----SHD---- C:\WINDOWS\Installer
2008-12-13 13:15:55 ----D---- C:\WINDOWS\security
2008-12-13 11:04:48 ----D---- C:\WINDOWS\system32\wbem
2008-12-13 11:04:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-13 10:33:56 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-13 06:50:59 ----SHD---- C:\RECYCLER
2008-12-11 14:04:42 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 14:04:11 ----N---- C:\WINDOWS\win.ini
2008-12-11 14:03:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 14:02:49 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-06 14:48:07 ----D---- C:\WINDOWS\system32\drivers
2008-12-06 13:05:38 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-06 11:27:26 ----RASH---- C:\boot.ini
2008-12-06 11:27:26 ----N---- C:\WINDOWS\system.ini
2008-12-06 11:19:21 ----D---- C:\WINDOWS\pss
2008-12-06 10:57:29 ----D---- C:\Program Files\Java
2008-12-06 10:56:14 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-30 09:22:50 ----HD---- C:\Program Files\WindowsUpdate
2008-11-29 16:44:32 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 16:23:55 ----D---- C:\PDSChurch
2008-11-29 15:51:07 ----RSD---- C:\WINDOWS\Fonts
2008-11-29 14:23:06 ----A---- C:\WINDOWS\setuplog.txt
2008-11-29 14:22:40 ----D---- C:\WINDOWS\system32\Setup
2008-11-29 14:22:40 ----D---- C:\WINDOWS\AppPatch
2008-11-29 14:22:40 ----D---- C:\Program Files\Internet Explorer
2008-11-29 14:21:29 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-29 14:18:38 ----D---- C:\Program Files\Messenger
2008-11-29 14:14:10 ----D---- C:\WINDOWS\WinSxS
2008-11-29 14:14:07 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-29 14:14:06 ----D---- C:\Program Files\Windows Media Player
2008-11-29 14:14:05 ----D---- C:\WINDOWS\Help
2008-11-29 14:13:54 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-29 14:13:54 ----D---- C:\WINDOWS\ime
2008-11-29 14:13:45 ----D---- C:\WINDOWS\system32\usmt
2008-11-29 14:13:45 ----D---- C:\WINDOWS\system32\en-us
2008-11-29 14:13:42 ----D---- C:\WINDOWS\system32\bits
2008-11-29 14:13:42 ----D---- C:\WINDOWS\peernet
2008-11-29 14:13:42 ----D---- C:\Program Files\Movie Maker
2008-11-29 14:11:56 ----D---- C:\WINDOWS\system32\npp
2008-11-29 14:11:56 ----D---- C:\WINDOWS\mui
2008-11-29 14:11:56 ----D---- C:\WINDOWS\msagent
2008-11-29 14:11:55 ----D---- C:\WINDOWS\srchasst
2008-11-29 14:11:55 ----D---- C:\Program Files\NetMeeting
2008-11-29 14:11:54 ----D---- C:\WINDOWS\system32\Com
2008-11-29 14:11:53 ----D---- C:\Program Files\Windows NT
2008-11-29 14:11:53 ----D---- C:\Program Files\Outlook Express
2008-11-29 14:11:52 ----D---- C:\Program Files\Common Files\System
2008-11-29 14:11:43 ----D---- C:\WINDOWS\system32\oobe
2008-11-29 14:11:42 ----D---- C:\WINDOWS\system
2008-11-29 14:09:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-29 14:07:35 ----D---- C:\WINDOWS\EHome
2008-11-29 12:24:34 ----D---- C:\testshare
2008-11-24 21:57:01 ----D---- C:\Program Files\WinRAR
2008-11-24 19:46:13 ----SD---- C:\Documents and Settings\USER3\Application Data\Microsoft
2008-11-24 19:21:41 ----A---- C:\WINDOWS\ODBC.INI
2008-11-24 16:54:59 ----D---- C:\Program Files\Common Files
2008-11-24 16:53:08 ----D---- C:\Program Files\Symantec
2008-11-24 16:53:07 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-24 16:46:12 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-24 16:46:06 ----D---- C:\Program Files\Adobe
2008-11-24 16:16:00 ----D---- C:\Documents and Settings\USER3\Application Data\OfficeUpdate12

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-10-25 91774]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2003-09-24 67024]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2003-09-24 24698]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2003-09-24 260224]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2008-09-29 62704]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2003-09-24 118409]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2003-09-24 213120]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-08-14 17005]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-10-25 71514]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-09-16 941516]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2003-09-24 21993]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-10-25 80283]
R3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2008-09-29 74648]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-09-29 90360]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-09-29 42424]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4ufd;HP Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\hppaufd0.sys [2004-12-24 16800]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\System32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2008-09-29 64432]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2003-09-24 22777]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-03-14 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2008-09-29 143088]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-09-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2008-09-29 67904]
R2 okfdmuba;Volume Manager Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2001-05-01 53248]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S4 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2002-10-15 155770]
S4 GhostStartService;GhostStartService; C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE [2002-08-14 200704]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-14 10:19:49

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Installshield Installation Information\{08082022-2a50-4196-8196-a6f86d6e8f12}\QBReplace.exe {08082022-2a50-4196-8196-a6f86d6e8f12}#{01288593-26bb-4b3a-a04e-0a4ed28cc937}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Avance AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Avery Assistant for the Personal Label Printer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A759C116-F7BD-4998-84CC-C35FEE3CDDB2}\setup.exe" -uninst
Avery DesignPro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\Setup.exe" -l0x9 -uninst
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Easy CD & DVD Creator 6-->MsiExec.exe /I{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}
easypix Photo Viewer-->C:\Program Files\easypix\easypix Photo Viewer\uninstall.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homestead SiteBuilder LPX-->C:\Program Files\Homestead\Homestead SiteBuilder\hkuninst.exe -path C:\Program Files\Homestead\Homestead SiteBuilder
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Color LaserJet 3600-->"C:\Program Files\Hewlett-Packard\Install Engines\HP Color LaserJet 3600\setup.exe" /x
HP Color LaserJet 3600-->msiexec /x{EED52BB5-3A22-42F2-9B76-BB743F6739B7}
HP Software Update-->MsiExec.exe /X{90B5E602-1867-449D-86FD-FC9DEA4434BF}
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® Extreme Graphics Driver Software-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_01-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142010}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LAN-Fax Utilities-->Rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IfxUninst.dll,UnInstall LAN-Fax Utilities
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
McAfee Agent-->MsiExec.exe /X{A638557B-1F13-40A0-9627-C892FBCA6960}
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}
Medi@Show-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\MediaShow\Uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero BurnRights (Ahead Software)-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Norton Ghost-->MsiExec.exe /I{6975E810-C92F-45F0-0BFD-187B312F10E8}
PDS Church Office Management-->"C:\WINDOWS\unins000.exe"
PDS Church Office-->"C:\WINDOWS\unins001.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickBooks Pro Edition 2004-->C:\Program Files\Installshield Installation Information\{2b02f822-a9b9-458c-80e5-3ea8c0de8471}\QBReplace.exe {2b02f822-a9b9-458c-80e5-3ea8c0de8471}#{2B02F82E-A9B9-458C-80E5-3EA8C0DE8471}
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Common Files\Roxio Shared\DLLShared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PS5ROOT"=C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\
"FP_NO_HOST_CHECK"=NO
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 21 December 2008 - 03:25 PM

Hello sk8rdad,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 31 December 2008 - 02:46 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 02 January 2009 - 07:43 PM

Topic reopened. :thumbsup:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 sk8rdad

sk8rdad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 03 January 2009 - 11:39 AM

Thanks for the quick response. I'll try to get over to the affected system either today or tomorrow and post the results requested.

#6 sk8rdad

sk8rdad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 03 January 2009 - 01:55 PM

As requested, here are the two log files - attached to this reply.
Please advise on results ASAP.

Thanks,

Attached Files



#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 04 January 2009 - 05:23 PM

Hello,

Thanks for those. :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {1985ECA8-B8E9-49A0-85D4-92480FB453DF} - c:\windows\system32\ntjywhp.dll
O2 - BHO: (no name) - {3A2F9569-F38D-4FF5-8364-88E38DFA67B0} - C:\DOCUME~1\Maureen\LOCALS~1\Temp\InfoWindows.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

* Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the quote box below into notepad:

KILLALL::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1985ECA8-B8E9-49A0-85D4-92480FB453DF}]

File::
c:\windows\system32\ntjywhp.dll


Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

Posted Image

This will start ComboFix again.

After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log. Please also let me know how it's running now. :)

Also, in the ComboFix log I see bits and pieces of many AntiVirus programs. Which one is your active one? The others need to go so they don't conflict and/or slow the computer.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 sk8rdad

sk8rdad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 05 January 2009 - 01:43 PM

As requested. However, it doesn't appear to have removed the offending file according to the logs (attached). On the plus side, the client is reporting the machine is running much better, and no annoying errors popping up when she launches Outlook now.

All of the antivirus software bits in the log files are actually part of the version of McAfee I'm running - I don't see any fragments from other AV software. Which ones are you indicating are fragements of other products?

Attached Files


Edited by sk8rdad, 05 January 2009 - 05:20 PM.


#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 06 January 2009 - 03:37 PM

Please try the script again in Safe mode. :thumbsup:

I figured the McAfee was the main AV, but I had to ask to be sure. There are entries for Panda, Norton (Ghost only??) BitDefender (Online scan?) in the ComboFix report. You'd be surprised at how many people don't even know they have all those sometimes. Best to ask. :)

I see you have Killbox.....did you use it on the offending file?

I see lots of old Java. Not only are these space hogs, but those old versions are vulnerable to exploit (Vundo loves to jump aboard this way) and need to go. You'll free up over half a gig this way.

Updating Java
  • Download the latest version of Java Runtime Environment (JRE) 6_u_11.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Of course, let me know how you come out, and how the system is running. :)

Thanks,

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 sk8rdad

sk8rdad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 10 January 2009 - 01:17 PM

Tea - ran the complete process under safe mode - on reboot (in safe mode) ComboFix reports an Access Denied message trying to delete the offending ntjywhp.dll file. Net result - it's still there. :thumbsup:

I cleaned up the java installs, and the remnants of the Panda and BitDefender (which was run via online scan only). !Killbox was used to try to delete the cciatho.dll file before opening this forum entry, based on the forum sticky for things to try before opening a request for help.

Attached are the two files requested - both generated in safe mode.

Client is still reporting the machine is running great - no problems with Outlook or CPU taking up 100% anymore. I think we've fixed the immediate symptoms, but not the underlying problem yet.

Attached Files



#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 10 January 2009 - 08:29 PM

Hi there,

Well let's just take the sucker then! :thumbsup: Take ownership and delete the stubborn thing : http://support.microsoft.com/?kbid=308421

Works 99% of the time. :)

Let me know,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 sk8rdad

sk8rdad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 11 January 2009 - 10:31 AM

No go.
Although the effective permissions for all members of the Administrators group shows they have full permission, including "Take Ownership", when you try to take ownership you get access denied.
The file is currently owned by the primary user on the computer (we'll call the account "L").
However, even after adding L to the local admins group, L doesn't have permission to modify anything on the file either, nor delete it, nor change ownership.

A random check of other files in System32 show this to be the only file with this problem.

This one's fully entrenched and isn't going to give up without a fight!

I tried these using regular mode, safe mode, and safe mode command prompt, with antivirus completely disabled.

Any other ideas? This is infuriating.

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 11 January 2009 - 07:26 PM

Well, make that 98% then. :)

Nope, not out of ideas. :thumbsup:

Download and install EMCO MoveOnBoot : http://www.emco.is/moveonboot/features.html
Start the program, then drag that file onto the lower right corner of MoveOnBoot and drop it where it says Drag/Drop File(s) or Folder(s) here. A window will pop up. Select 'Delete File(s)' and click OK. Close MoveOnBoot and restart the computer.

Fingers crossed, and let me know. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 sk8rdad

sk8rdad
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 13 January 2009 - 08:56 PM

Right. I'll give it a shot this week - hopefully Wednesday, and let you know how it goes.

#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:42 PM

Posted 15 January 2009 - 05:03 PM

Quick question....have you tried Unlocker on it? If not give that a go too. Hope you're hasn't been as ghastly as the other one was. :) :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users