Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.BHO Virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 James0

James0

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 23 December 2008 - 02:08 PM

This virus keeps getting picked up by Malwarebytes' Anti-Malware and says on a restart it will be deleted but when i do the restart and run the program it still comes up. I have attached 3 logs...Malwarebytes, combofix and hijackthis. Thanks for your help.

Malwarebytes' Anti-Malware 1.31
Database version: 1537
Windows 5.1.2600 Service Pack 2

12/23/2008 11:03:26 AM
mbam-log-2008-12-23 (11-03-23).txt

Scan type: Quick Scan
Objects scanned: 50616
Time elapsed: 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 08-12-21.04 - ******* 2008-12-23 10:30:13.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3071.2610 [GMT -8:00]
Running from: c:\documents and settings\User1\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-23 to 2008-12-23 )))))))))))))))))))))))))))))))
.

2008-12-23 10:05 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-23 10:05 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-22 16:09 . 2008-12-22 16:09 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-22 16:04 . 2008-12-22 16:04 <DIR> d-------- c:\windows\EHome
2008-12-22 16:02 . 2008-12-22 16:09 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-22 14:24 . 2008-12-22 14:25 <DIR> d--h-c--- c:\windows\ie8
2008-12-22 13:01 . 2008-12-22 13:01 <DIR> d-------- c:\windows\ERUNT
2008-12-22 12:57 . 2008-12-22 13:47 <DIR> d-------- C:\SDFix
2008-12-22 12:56 . 2008-12-22 12:56 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-19 17:44 . 2008-12-19 17:44 754 --a------ c:\windows\WORDPAD.INI
2008-12-18 03:00 . 2008-12-22 14:21 <DIR> d-------- c:\windows\ie8updates
2008-12-17 19:02 . 2008-12-17 19:02 <DIR> d-------- c:\documents and settings\User1\Application Data\OpenOffice.org
2008-12-17 19:00 . 2008-12-17 19:00 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-12-17 19:00 . 2008-12-17 19:00 <DIR> d-------- c:\program files\JRE
2008-12-16 20:40 . 2008-12-16 20:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-16 20:39 . 2008-12-16 20:39 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-16 20:39 . 2008-12-16 20:39 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-16 20:39 . 2008-12-16 20:39 <DIR> d-------- c:\documents and settings\User1\Application Data\SUPERAntiSpyware.com
2008-12-16 19:30 . 2008-12-16 19:30 <DIR> d-------- c:\program files\GiPo@Utilities
2008-12-16 19:30 . 2008-12-16 19:30 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-12-16 19:29 . 2008-12-18 11:34 <DIR> d-------- c:\windows\Downloaded Installations
2008-12-16 01:00 . 2008-12-16 15:50 193 --a------ c:\windows\wininit.ini
2008-12-15 23:51 . 2008-12-15 23:51 <DIR> d-------- c:\documents and settings\User1\Application Data\Malwarebytes
2008-12-15 22:37 . 2008-12-15 22:37 552 --a------ c:\windows\system32\d3d8caps.dat
2008-12-15 21:55 . 2008-12-15 21:55 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2008-12-15 21:47 . 2008-12-15 21:47 70,144 --a------ c:\windows\system32\rqRkiHWq.dll
2008-12-15 21:46 . 2008-12-16 01:37 <DIR> d-------- c:\documents and settings\Administrator
2008-12-15 19:56 . 2008-12-23 10:05 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-15 19:56 . 2008-12-23 10:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 19:44 . 2008-12-15 19:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-15 19:44 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-15 19:44 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-15 18:27 . 2008-12-15 21:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-15 17:16 . 2008-12-15 17:16 70,144 --a------ c:\windows\system32\xXPffGYR.dll
2008-12-15 11:46 . 2008-12-15 11:47 <DIR> d-------- c:\program files\iTunes
2008-12-15 11:46 . 2008-12-15 11:46 <DIR> d-------- c:\program files\iPod
2008-12-15 11:46 . 2008-12-15 11:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-10 12:32 . 2008-12-16 01:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-09 10:15 . 2008-12-09 10:15 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-09 10:15 . 2008-12-09 10:15 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-08 12:25 . 2008-12-08 12:25 <DIR> d-------- c:\program files\TechSmith
2008-12-08 12:25 . 2008-12-08 12:25 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-12-02 20:33 . 2008-12-02 20:33 <DIR> d-------- c:\program files\LG Electronics
2008-12-02 20:18 . 2008-12-02 20:18 <DIR> d-------- c:\windows\system32\NtmsData
2008-11-28 11:59 . 2007-06-18 15:18 23,680 --a------ c:\windows\system32\drivers\motport.sys
2008-11-28 11:59 . 2007-06-18 15:18 23,680 --a------ c:\windows\system32\drivers\motmodem.sys
2008-11-28 11:59 . 2008-08-21 18:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys
2008-11-28 11:59 . 2008-08-21 18:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys
2008-11-28 11:59 . 2007-11-02 15:51 6,400 --a------ c:\windows\system32\drivers\motswch.sys
2008-11-28 11:59 . 2008-11-28 11:59 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-11-28 11:59 . 2008-11-28 11:59 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-11-28 11:59 . 2008-11-28 11:59 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-11-28 11:59 . 2008-11-28 11:59 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-11-28 11:58 . 2008-11-28 11:58 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2008-11-28 11:54 . 2008-11-28 11:54 <DIR> d-------- c:\windows\Application Data
2008-11-24 12:31 . 2008-12-16 20:20 <DIR> d-------- C:\Poker
2008-11-23 12:49 . 2008-11-23 12:49 <DIR> d-------- c:\program files\MySQL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-23 18:29 --------- d-----w c:\documents and settings\User1\Application Data\Skype
2008-12-23 18:27 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2008-12-23 18:04 --------- d-----w c:\documents and settings\User1\Application Data\skypePM
2008-12-22 20:55 --------- d-----w c:\program files\Java
2008-12-22 20:02 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-22 19:15 --------- d-----w c:\documents and settings\User1\Application Data\.purple
2008-12-22 02:54 --------- d-----w c:\program files\PokerStars
2008-12-22 02:47 --------- d-----w c:\documents and settings\User1\Application Data\FileZilla
2008-12-20 01:12 --------- d-----w c:\program files\Aced.com
2008-12-19 22:14 --------- d-----w c:\program files\Common Files\Logishrd
2008-12-19 20:32 --------- d-----w c:\program files\Full Tilt Poker
2008-12-19 05:46 --------- d-----w c:\program files\Absolute Poker
2008-12-18 02:51 --------- d-----w c:\program files\OpenOffice.org 2.4
2008-12-18 00:34 --------- d-----w c:\documents and settings\User1\Application Data\OpenOffice.org2
2008-12-17 18:52 --------- d-----w c:\documents and settings\User1\Application Data\gtk-2.0
2008-12-17 18:19 --------- d-----w c:\program files\Rushmore Casino
2008-12-16 23:50 --------- d-----w c:\program files\Everest Poker.net
2008-12-16 23:50 --------- d-----w c:\program files\CasinoOnNet
2008-12-16 09:37 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-15 19:46 --------- d-----w c:\program files\Common Files\Apple
2008-12-15 19:44 --------- d-----w c:\program files\QuickTime
2008-12-09 18:15 --------- d-----w c:\program files\Skype
2008-12-08 20:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 21:35 --------- d-----w c:\program files\UltimateBet
2008-11-25 21:31 --------- d-----w c:\program files\_uninstallation_info
2008-11-20 04:18 --------- d-----w c:\program files\PeerGuardian2
2008-11-18 08:37 --------- d-----w c:\documents and settings\User1\Application Data\Azureus
2008-11-18 07:41 --------- d-----w c:\program files\Pidgin
2008-11-18 07:40 --------- d-----w c:\program files\Common Files\GTK
2008-11-17 07:07 --------- d-----w c:\program files\Azureus
2008-11-14 21:55 --------- d-----w c:\documents and settings\User1\Application Data\VTExtra
2008-11-10 00:22 --------- d-----w c:\program files\CardSpike Poker
2008-11-08 22:20 --------- d-----w c:\documents and settings\User1\Application Data\Leadertech
2008-11-08 22:18 --------- d-----w c:\program files\Logitech
2008-11-08 22:18 --------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2008-11-08 22:18 --------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2008-10-25 07:46 --------- d-----w c:\documents and settings\User1\Application Data\vlc
2008-10-25 05:41 --------- d-----w c:\program files\VideoLAN
2008-10-24 23:06 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 05:41 --------- d-----w c:\program files\OpenCase
2008-10-23 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\ExtendMedia
2008-10-23 04:06 --------- d-----w c:\program files\PokerStars.TEST
2008-10-16 22:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 22:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 22:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 22:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 22:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 22:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 22:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 22:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 22:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-01 02:35 65,536 ----a-w c:\windows\system32\camcodec.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-26 19:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-22_15.22.19.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-29 00:25:00 453,512 ----a-w c:\windows\Downloaded Program Files\wlscBase.dll
+ 2008-03-21 02:06:36 1,480,232 ------w c:\windows\system32\LegitCheckControl.dll
+ 2008-04-14 13:42:38 7,680 ----a-w c:\windows\system32\spdwnwxp.exe
+ 2008-12-23 18:27:23 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_100.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Update"="c:\documents and settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-10-16 133104]
"mount.exe"="c:\program files\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-04-24 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-11-14 185632]
"SansaDispatch"="c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe" [2007-10-22 75584]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WinVNC"="c:\program files\TightVNC\WinVNC.exe" [BU]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [BU]
"spywareguard"="c:\program files\Spyware Guard 2008\spywareguard.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-16 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-09-17 c:\windows\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= c:\windows\system32\pazepehi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Ruckus Player\\Ruckus.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\OpenCase\\OpenCASE Media Agent\\PandoBinaries\\NBCPandoREST.exe"=
"c:\\Program Files\\Aced.com\\client.exe"=
"c:\\Documents and Settings\\User1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\User1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56569:TCP"= 56569:TCP:PandoRest Listening Port

R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2008-08-23 54896]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2008-08-23 41616]
R2 OpenCASE Media Agent;OpenCASE Media Agent;"c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe" [2008-08-29 835208]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 Asushwio;Asushwio;\??\c:\windows\system32\drivers\Asushwio.sys [2007-10-30 5824]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-11-28 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-11-28 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2008-11-28 23680]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys []
.
Contents of the 'Scheduled Tasks' folder

2008-12-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-23 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-16 16:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\User1\Start Menu\Programs\UltimateBet\UltimateBet.lnk
IE: {{10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\User1\Start Menu\Programs\UltimateBet\UltimateBet.lnk -
FF - ProfilePath - c:\documents and settings\User1\Application Data\Mozilla\Firefox\Profiles\ezd3x9uu.default\
FF - prefs.js: browser.search.selectedEngine - Pink Search
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - plugin: c:\documents and settings\User1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30401.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 10:33:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(868)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Completion time: 2008-12-23 10:35:02
ComboFix-quarantined-files.txt 2008-12-23 18:33:45
ComboFix2.txt 2008-12-22 23:36:59

Pre-Run: 430,210,228,224 bytes free
Post-Run: 430,200,799,232 bytes free

257 --- E O F --- 2008-12-22 22:32:24

------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:27 AM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Documents and Settings\User1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2008\spywareguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\User1\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\User1\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User1\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User1\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aced.com - {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Documents and Settings\User1\Start Menu\Programs\Aced.com\Aced.com.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229989635125
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://allslots.microgaming.com/allslots/FlashAX2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\pazepehi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--
End of file - 9041 bytes

-------------------------------------------------------------------------------------------------

Edited by teacup61, 08 January 2009 - 09:53 PM.
edited out personal info


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 30 December 2008 - 05:02 PM

Hello James0,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 James0

James0
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 December 2008 - 05:10 PM

Thanks, I appreciate the help.

Here is my latest hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:03 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\User1\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\User1\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User1\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\User1\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aced.com - {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Documents and Settings\User1\Start Menu\Programs\Aced.com\Aced.com.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229989635125
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://allslots.microgaming.com/allslots/FlashAX2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--
End of file - 8662 bytes

Edited by James0, 30 December 2008 - 05:10 PM.


#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 30 December 2008 - 05:41 PM

Hi there,

I had another thread with this exact same sticky reg key, so let's try this and see if it works for you too :

Download and scan with the free trial of Sunbelt's Counterspy:
http://www.sunbelt-software.com/CounterSpy.cfm
Save the report when it's finished:
1.Once Counterspy has done scanning,the 'Scan Results' box will appear.
2.Click on 'View Results'.
3.Under (Recommended Action),using the drop down menu arrows at the side of each entry found,set them ALL to 'Remove'.
4.Then click on 'Take Action'.
5.Once everything has been removed,click on 'View Details'.
6.Copy and Paste those details into a Word/Text document,then save it to your desktop.

Let me know if that takes it out. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 James0

James0
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 December 2008 - 07:12 PM

I actually tried to use this program last night and it did remove a couple things (I don't have that log anymore). I then ran Anti-Malware's and the Trojan.BHO still shows up. I just installed and ran the quick scan and nothing came up...(I uninstalled it after I ran it last night).

Here is the details of the scan:

<SBCSThreatEngineResults version="3.1.2416" ><summary scanGUID="{00EE3148-4095-46CB-904D-F9872A2A004B}" scanDescription="0 - Quick, 0 - Manual" threatDefinitionVersion="2486" ><scannerResults><numThreats found="0" ignored="0"/><numTracesScanned cookies="0" registry="27456" files="2647" folders="707" processes="45" total="37467"/><numTracesFound cookies="0" registry="0" files="0" folders="0" processes="0" total="0"/><dateTimeStampUTC start="2008-12-31T00:07:46" end="2008-12-31T00:09:04"/><errors><error action="14" item="0" code="87" time="2008-12-31T00:07:48"/><error action="13" item="4" code="299" time="2008-12-31T00:07:48"/><error action="1" item="C:\DOCUMENTS AND SETTINGS\User1\ntuser.dat.LOG" code="32" time="2008-12-31T00:08:17"/><error action="1" item="C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT" code="32" time="2008-12-31T00:08:17"/><error action="1" item="C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\ntuser.dat.LOG" code="32" time="2008-12-31T00:08:17"/><error action="1" item="C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT" code="32" time="2008-12-31T00:08:17"/><error action="1" item="C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\ntuser.dat.LOG" code="32" time="2008-12-31T00:08:17"/><error action="1" item="C:\DOCUMENTS AND SETTINGS\XXXXXXXXXX\LOCAL SETTINGS\TEMP\etilqs_94mVqWfTssoceSzA0ycM" code="32" time="2008-12-31T00:08:20"/></errors></scannerResults><cleanerResults><numThreats deleted="0" quarantined="0" ignored="0" reportonly="0" total="0"/><dateTimeStampUTC start="" end=""/><errors></errors></cleanerResults></summary><scannerOptions scanAllLocalDrives="false" scanCookies="false" scanProcesses="false" scanRegistry="false" scanProcessesDeep="false" suspendActiveThreats="false" scanAllUsers="false" useFileNameAndChecksum="false" dontCalcChecksum="false" scanCommonTactics="false" scanArchives="false" scanKnownFileTypes="false" recursiveFileScan="false" findLowRiskThreats="false" keepScanRecord="false" maxCheckFileLen="0" minCheckFileLen="0" scanVipreSuspicious="false" scanDerivatives="false"><userIncludedPaths></userIncludedPaths><userExcludedPaths></userExcludedPaths><ignoredThreats>
</ignoredThreats></scannerOptions><cleanerOptions></cleanerOptions><threats></threats></SBCSThreatEngineResults>

Edited by teacup61, 19 October 2009 - 03:16 AM.
edited out OP's real name


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 30 December 2008 - 07:16 PM

I just installed and ran the quick scan and nothing came up

This was CounterSpy? Try it again, but this time do a full scan. Apparently it's a well hidden trace, so a quick scan might not show it.

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 James0

James0
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 December 2008 - 07:22 PM

Yea, sorry, it was Counter Spy. Right now I am currently running the Counter Spy Deep Scan and will let you know the results when they finish.

Thanks

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 30 December 2008 - 07:27 PM

Okie dokie. :thumbsup:

Do you use all the poker programs I see in that log?

If CounterSpy removes anything else, and hopefully that sticky key too (!!!!), please post a new HijackThis log so we can take care of the other stuff in it next post. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 James0

James0
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 December 2008 - 07:37 PM

I work as a poker affiliate (I promote online poker rooms) so my job is to review them and keep up to date on what is happening...so I have a lot of them installed :thumbsup:

Hopefully this scan works, I will make sure to show you the details of the scan as well as a new hijack log once it has finished.

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 30 December 2008 - 07:44 PM

I see.....then you know to be careful of a couple of those. :thumbsup: They've been known to throw a decent (indecent?) amount of adware. :)

Post when you're ready.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 James0

James0
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 December 2008 - 09:05 PM

I just ran Counter Spy and nothing came up :thumbsup:

Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:05:44 PM, on 12/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\XXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\XXXXXXXX\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [mount.exe] C:\Program Files\GiPo@Utilities\FileUtilities.3\mount.exe /z
O9 - Extra button: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\XXXXXXXX\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra 'Tools' menuitem: UltimateBet - {10F055B8-F443-4adf-948A-EC551E9DBCE4} - C:\Documents and Settings\XXXXXXX\Start Menu\Programs\UltimateBet\UltimateBet.lnk
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\XXXXXXX\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\XXXXXXX\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aced.com - {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Documents and Settings\XXXXXXX\Start Menu\Programs\Aced.com\Aced.com.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229989635125
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://allslots.microgaming.com/allslots/FlashAX2.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenCASE Media Agent - ExtendMedia Inc. - C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

--
End of file - 8994 bytes

Edited by teacup61, 19 October 2009 - 03:22 AM.
removed OP's real name


#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 30 December 2008 - 09:25 PM

Have you done a search with Windows for {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}?

* Download reglooks from here and save it to your desktop.
Doubleclick reglooks.exe and wait until a logfile appears.
The log will be called result.txt.
Copy and paste the contents of this log in your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 James0

James0
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 December 2008 - 09:38 PM

Where would I do the search for {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4}...in the windows search ?

Here is the RegLooks File:

REGLOOKS logfile

version 0.977
Tue 12/30/2008 18:36:27.67
running from: "C:\Documents and Settings\User1\Desktop"

--- SSODL regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
only standard or legit regkeys found


--- STS regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
only standard or legit regkeys found


--- USERINIT regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"


--- SHELL regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"Shell"="Explorer.exe"


--- SYSTEM regkey ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
"System"=""


--- APPINIT_DLLS regkey ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"=""


--- NOTIFY regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
"LBTWlgn" "DLLName"="c:\\program files\\common files\\logitech\\bluetooth\\LBTWlgn.dll"
"LBTWlgn" "DLLName"="c:\\program files\\common files\\logitech\\bluetooth\\LBTWlgn.dll"


--- BOOTEXECUTE regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute= autocheck autochk *\0\0


--- PENDINGFILERENAMEOPERATIONS regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Pendingfilerenameoperations= \??\C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll\0\0\??\C:\WINDOWS\TEMP\logishrd\\0\0\0


--- SHELLEXECUTEHOOKS regkey ---

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""


--- HKLM\Run regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"RTHDCPL"="RTHDCPL.EXE"
"JMB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SansaDispatch"="C:\\Program Files\\SanDisk\\Sansa Updater\\SansaDispatch.exe"
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"WinVNC"="\"C:\\Program Files\\TightVNC\\WinVNC.exe\" -servicehelper"
"AppleSyncNotifier"="C:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\LogiShrd\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe\" /hide"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SBAMTray"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBAMTray.exe"
[Run\OptionalComponents]
@=""
[Run\OptionalComponents\IMAIL]
"Installed"="1"
@=""
[Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""
[Run\OptionalComponents\MSFS]
"Installed"="1"
@=""


--- HKLM\RunOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKLM RunOnce keys found


--- HKLM\RunOnceEx regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
no HKLM RunOnceEx keys found


--- HKLM\RunServices regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
no HKLM RunServices keys found


--- HKLM\RunServicesOnce regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
no HKLM RunServicesOnce keys found


--- HKCU\Run regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"Google Update"="\"C:\\Documents and Settings\\User1\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c"
"mount.exe"="C:\\Program Files\\GiPo@Utilities\\FileUtilities.3\\mount.exe /z"


--- HKCU\RunOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
no HKCU RunOnce keys found


--- HKCU\RunOnceEx regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
regkey does not exist


--- HKCU\RunServices regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
no HKCU RunServices keys found


--- HKCU\RunServicesOnce regkeys ---

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
no HKCU RunServicesOnce keys found


--- HKU\.DEFAULT\Run regkeys - Default user ---

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\.DEFAULT\Run keys found


--- HKU\S-1-5-18\Run regkeys - user SYSTEM ---

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
no HKU\S-1-5-18\Run keys found


--- HKU\S-1-5-19\Run regkeys - User Lokale service ---

HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
regkey does not exist


--- HKU\S-1-5-20\Run regkeys - User Netwerkservice ---

HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
regkey does not exist


--- HKLM\Explorer\Run regkeys ---

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
no HKLM Explorer\Run keys found


--- HKCU\Explorer\Run regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
no HKCU Explorer\Run keys found


--- Image File Execution regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
no debuggers found


--- BROWSER HELPER OBJECTS regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" FILE ="C:\\Program Files\\Java\\jre6\\bin\\ssv.dll"
"{DBC80044-A445-435b-BC74-9C25C1C588A9}" FILE ="C:\\Program Files\\Java\\jre6\\bin\\jp2ssv.dll"
"{E7E6F031-17CE-4C07-BC86-EABFE594F69C}" FILE ="C:\\Program Files\\Java\\jre6\\lib\\deploy\\jqs\\ie\\jqs_plugin.dll"


--- TOOLBAR regkeys ---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
"{A057A204-BACC-4D26-9990-79A187E2698E}" regkey not found


--- URLSEARCHHOOKS regkeys ---

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
only standard regkeys found


--- CONTEXTMENUHANDLERS regkeys ---

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
"FileEraserShellExt" CLSID ={D29FEC44-36A2-4865-AE5E-175C61587F1D} FILE ="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBFE.DLL"
"FileUtilities_MainContextMenu Class" CLSID ={BB773C31-BB7F-491D-8266-E85B2068FA96} FILE ="C:\\Program Files\\GiPo
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"Open With" CLSID ={09799AFB-AD67-11d1-ABCD-00C04FC30936} FILE =%SystemRoot%\system32\SHELL32.dll
"Open With EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"SBAMScanShellExt" CLSID ={D47F1671-0EAA-4c02-8AC9-960BB08DB951} FILE ="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBAMScanShellExt.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}" Start Menu Pin FILE =%SystemRoot%\system32\SHELL32.dll

HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
"EncryptionMenu" CLSID ={A470F8CF-A1E8-4f65-8335-227475AA5C46} FILE =%SystemRoot%\system32\SHELL32.dll
"FileEraserShellExt" CLSID ={D29FEC44-36A2-4865-AE5E-175C61587F1D} FILE ="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBFE.DLL"
"FileUtilities_MainContextMenu Class" CLSID ={BB773C31-BB7F-491D-8266-E85B2068FA96} FILE ="C:\\Program Files\\GiPo
"Offline Files" CLSID ={750fdf0e-2a26-11d1-a3ea-080036587f03} FILE =%SystemRoot%\System32\cscui.dll
"SBAMScanShellExt" CLSID ={D47F1671-0EAA-4c02-8AC9-960BB08DB951} FILE ="C:\\Program Files\\Sunbelt Software\\CounterSpy\\SBAMScanShellExt.dll"
"Sharing" CLSID ={f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} FILE ="ntshrui.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"

HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
"FileUtilities_MainContextMenu Class" CLSID ={BB773C31-BB7F-491D-8266-E85B2068FA96} FILE ="C:\\Program Files\\GiPo
"MBAMShlExt" CLSID ={57CE581A-0CB6-4266-9CA0-19364C90A0B3} FILE ="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbamext.dll"
"WinRAR" CLSID ={B41DB860-8EE4-11D2-9906-E49FADC173CA} FILE ="C:\\Program Files\\WinRAR\\rarext.dll"


--- ALTERNATESHELL regkey ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
"AlternateShell"="cmd.exe"


--- SAFEBOOT MINIMAL SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal
SBAMSvc
WdfLoadGroup
Winre33.sys


--- SAFEBOOT NETWORK SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network
SBAMSvc
WdfLoadGroup
Winre33.sys


--- SERVICES ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Asushwio
"DisplayName"="Asushwio"
\??\C:\WINDOWS\system32\drivers\Asushwio.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JavaQuickStarterService
"DisplayName"="Java Quick Starter"
"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JGOGO
"DisplayName"="JMicron Hot-Plug Driver"
system32\DRIVERS\JGOGO.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\JRAID
system32\DRIVERS\jraid.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LBTServ
"DisplayName"="Logitech Bluetooth Service"
C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidFilt
"DisplayName"="Logitech SetPoint KMDF HID Filter Driver"
system32\DRIVERS\LHidFilt.Sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidKe
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LMouFilt
"DisplayName"="Logitech SetPoint KMDF Mouse Filter Driver"
system32\DRIVERS\LMouFilt.Sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LUsbFilt
"DisplayName"="Logitech SetPoint KMDF USB Filter"
System32\Drivers\LUsbFilt.Sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVPr2Mon
"DisplayName"="Logitech LVPr2Mon Driver"
system32\DRIVERS\LVPr2Mon.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LVUVC
"DisplayName"="Logitech QuickCam Fusion(UVC)"
system32\DRIVERS\lvuvc.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\motccgp
"DisplayName"="Motorola USB Composite Device Driver"
system32\DRIVERS\motccgp.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\motccgpfl
"DisplayName"="MotCcgpFlService"
system32\DRIVERS\motccgpfl.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\motmodem
"DisplayName"="Motorola USB CDC ACM Driver"
system32\DRIVERS\motmodem.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\motport
"DisplayName"="Motorola USB Diagnostic Port"
system32\DRIVERS\motport.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpenCASE Media Agent
"DisplayName"="OpenCASE Media Agent"
"C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Profos
"DisplayName"="Profos"
\??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QBFCService
"DisplayName"="Intuit QuickBooks FCS"
"C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBAMSvc
"DisplayName"="CounterSpy Antispyware"
"C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbaphd
"DisplayName"="sbaphd"
system32\drivers\sbaphd.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbapifs
"DisplayName"="sbapifs"
system32\drivers\sbapifs.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBRE
\??\C:\WINDOWS\system32\drivers\SBREdrv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Trufos
"DisplayName"="Trufos"
\??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxDrv
"DisplayName"="VirtualBox Service"
system32\DRIVERS\VBoxDrv.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VBoxUSBMon
"DisplayName"="VirtualBox USB Monitor Driver"
system32\DRIVERS\VBoxUSBMon.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winvnc
"DisplayName"="VNC Server"
"C:\Program Files\TightVNC\WinVNC.exe" -service

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\yukonwxp
"DisplayName"="NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller"
system32\DRIVERS\yk51x86.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{327E87D4-A4C1-4340-9BC1-1B23B132E52C}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{44A6D0CC-D250-4FC8-B085-44BA5835E0D6}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{5377D752-CA24-4301-BE25-4626163D33BC}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{8339709E-8F9C-4573-8EA7-F55F40CF1F37}
no imagepath value found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{F9BA680F-AD16-4080-8262-E6C6774F8187}
no imagepath value found


--- SECURITYPROVIDERS regkey ---

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


--- SVCHOST regkey ---

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost
HTTPFilter: HTTPFilter\0\0
LocalService: Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService: DnsCache\0\0
netsvcs: 6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0wscsvc\0xmlprov\0BITS\0wuauserv\0ShellHWDetection\0helpsvc\0WmdmPmSN\0\0
DcomLaunch: DcomLaunch\0TermService\0\0
rpcss: RpcSs\0\0
imgsvc: StiSvc\0\0
termsvcs: TermService\0\0
WudfServiceGroup: WUDFSvc\0\0


--- WOW-CMDLINE regkeys ---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW
"cmdline" = %SystemRoot%\system32\ntvdm.exe
"wowcmdline" = %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386


--- DNS SERVER regkeys ---

no "NameServer" values found


--- STARTUP FOLDERS ---

C:\Documents and Settings\User1\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini


--- TASK SCHEDULER JOBS ---

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1960408961-725345543-1004.job


--- File associations ---

.BAT files: ("%1" %*)
.COM files: ("%1" %*)
.EXE files: ("%1" %*)
.HLP files: (%SystemRoot%\System32\winhlp32.exe %1)
.INF files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.INI files: (%SystemRoot%\System32\NOTEPAD.EXE %1)
.JS files: (%SystemRoot%\System32\WScript.exe "%1" %*)
.PIF files: ("%1" %*)
.REG files: (regedit.exe "%1")
.SCR files: ("%1" /S)
.TXT files: (%SystemRoot%\system32\NOTEPAD.EXE %1)
.VBS files: (%SystemRoot%\System32\WScript.exe "%1" %*)


FINISHED

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:59 PM

Posted 30 December 2008 - 10:08 PM

Hi,

Doesn't matter since it didn't show up in that scan..........I guess more relevent would be, have you tried to delete it manually?
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 James0

James0
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 30 December 2008 - 10:18 PM

No I haven't...I saw these instructions: http://www.411-spyware.com/remove-trojan-bho-ab , so I followed the instructions below and have found the file.

1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
3. To find a registry key, such as any Trojan.BHO.ab registry keys, select “Edit,” then select “Find,” and in the search bar type any of Trojan.BHO.ab’s registry keys.
4. As soon as Trojan.BHO.ab registry key appears, you can delete the Trojan.BHO.ab registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”



but when I am try to delete the file I get "Unable to delete all specified values."

Edited by James0, 30 December 2008 - 10:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users