Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something DNS-like


  • This topic is locked This topic is locked
7 replies to this topic

#1 superwad

superwad

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:09:53 PM

Posted 28 January 2009 - 12:35 AM

I recently went to a friends house and took some external drives. He told me he had some virus that copied itself to USB drives, so I attached them to another system. As it turns out, the virus had spread a bit further than he imagined, and now I have to deal with it too. So far, it's only on one computer (that I can tell). Half the computers are running Ubuntu, so I don't think this particular infection would cause much trouble on those systems (I hope not).

What's happening is what appears to be a DNS hijack. I cannot resolve any domain names that belong to any antivirus, anti-malware, or general handy websites that help in removing such infections. It doesn't seem to hijack all DNS entries though, as obviously I was able to get here (I'm posting on a Ubuntu computer now, just in case). I can override the hijack by putting entries in my hosts file, but then AVG thinks the hosts file is being hijacked itself (what an endless loop).

So, I post here in the hopes that the problem can be identified and removed from all points on my system and network. I should mention that I have already run ComboFix, before reading the warnings not to. I can provide a log from that run if requested.

DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 21:29:37.34 on 27/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.659 [GMT -8:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\IP Monitor\IPMonSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\PROGRA~1\IPMONI~1\IPMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [WinVNC] "c:\program files\tightvnc\WinVNC.exe" -servicehelper
mRun: [FileZilla Server Interface] "c:\program files\filezilla server\FileZilla Server Interface.exe"
mRun: [IP Monitor] c:\progra~1\ipmoni~1\IPMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
TCP: {CE477984-9800-4EFD-8392-DC96B8A667FD} = 76.10.191.198,76.10.191.199
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\kgqrndw6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-1-25 12936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-25 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-25 26824]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-25 90632]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]
R4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-25 231704]
R4 IP Monitor;IP Monitor Network Address Monitor;c:\program files\ip monitor\IPMonSvc.exe [2008-6-12 164352]
S3 HWACCESS;HWACCESS;c:\windows\system32\HWACCESS.SYS [2008-8-7 6808]
S3 xihvlte;xihvlte;\??\c:\windows\system32\02.tmp --> c:\windows\system32\02.tmp [?]
S4 fcfymnph;Config Security;c:\windows\system32\svchost.exe -k netsvcs [2003-6-20 14336]
S4 mlswhguw;oalzz;c:\windows\system32\svchost.exe -k netsvcs [2003-6-20 14336]

=============== Created Last 30 ================

2009-01-27 20:25 <DIR> a-dshr-- C:\cmdcons
2009-01-27 18:50 161,792 a------- c:\windows\SWREG.exe
2009-01-27 18:50 98,816 a------- c:\windows\sed.exe
2009-01-25 10:35 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-01-25 10:28 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-01-25 10:28 12,936 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-01-25 10:28 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2009-01-25 10:28 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2009-01-25 10:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-01-25 10:27 <DIR> --d----- c:\program files\AVG
2009-01-25 10:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-01-11 19:12 <DIR> --d----- c:\program files\Mozilla Firefox 2
2009-01-10 20:04 <DIR> --d----- c:\program files\ApexDC++

==================== Find3M ====================

2008-12-18 00:34 102,912 a------- c:\windows\system32\qjjxgmvs.dll
2008-12-18 00:34 102,912 a------- c:\windows\system32\ihexfi.dll
2008-12-17 00:35 103,424 a------- c:\windows\system32\wylqrgfp.dll
2008-12-17 00:35 103,424 a------- c:\windows\system32\uahqto.dll
2008-12-16 00:29 103,936 a------- c:\windows\system32\yyrwbv.dll
2008-12-16 00:29 103,936 a------- c:\windows\system32\uybvhxyc.dll
2008-12-15 00:29 103,424 a------- c:\windows\system32\wmcadsic.dll
2008-12-15 00:29 103,424 a------- c:\windows\system32\ajugdl.dll
2008-12-14 00:29 67,584 a------- c:\windows\system32\brlxyfsg.dll
2008-12-14 00:29 102,912 a------- c:\windows\system32\ndlopz.dll
2008-12-14 00:29 102,912 a------- c:\windows\system32\ahkwyqmy.dll
2008-12-13 00:29 104,448 a------- c:\windows\system32\eqgmwbte.dll
2008-12-13 00:29 104,448 a------- c:\windows\system32\bdzgqk.dll
2008-12-12 00:32 103,936 a------- c:\windows\system32\ldwfdg.dll
2008-12-12 00:32 103,936 a------- c:\windows\system32\cemjqmwf.dll
2008-12-11 00:27 105,984 a------- c:\windows\system32\nwlied.dll
2008-12-11 00:27 105,984 a------- c:\windows\system32\bmhfbgeb.dll
2008-12-09 00:30 107,008 a------- c:\windows\system32\snsqxibh.dll
2008-12-09 00:30 107,008 a------- c:\windows\system32\lljhfj.dll
2008-12-08 00:25 107,008 a------- c:\windows\system32\rdhqdxpc.dll
2008-12-08 00:25 107,008 a------- c:\windows\system32\ghwvjo.dll
2008-12-07 00:28 107,520 a------- c:\windows\system32\speewfgd.dll
2008-12-07 00:28 107,520 a------- c:\windows\system32\pnxcpr.dll
2008-12-06 00:26 107,008 a------- c:\windows\system32\jwpuffqv.dll
2008-12-06 00:26 107,008 a------- c:\windows\system32\idcqyr.dll
2008-12-05 00:23 106,496 a------- c:\windows\system32\iykbtmjd.dll
2008-12-05 00:23 106,496 a------- c:\windows\system32\dpiyhm.dll
2008-12-04 00:24 106,496 a------- c:\windows\system32\tguing.dll
2008-12-04 00:24 106,496 a------- c:\windows\system32\prcwlcui.dll
2008-12-03 00:22 105,984 a------- c:\windows\system32\llspdijb.dll
2008-12-03 00:22 105,984 a------- c:\windows\system32\aotprm.dll
2008-12-02 00:24 106,496 a------- c:\windows\system32\wrcyzd.dll
2008-12-02 00:24 106,496 a------- c:\windows\system32\mbkltlew.dll
2008-12-01 00:20 106,496 a------- c:\windows\system32\losdpusa.dll
2008-12-01 00:20 106,496 a------- c:\windows\system32\kxjrfp.dll
2008-11-30 00:18 105,984 a------- c:\windows\system32\tgqfyjti.dll
2008-11-30 00:18 105,984 a------- c:\windows\system32\aeodes.dll
2008-11-30 00:18 70,656 a------- c:\windows\system32\aefleqkr.dll
2008-11-29 00:18 107,008 a------- c:\windows\system32\uemsvaiq.dll
2008-11-29 00:18 107,008 a------- c:\windows\system32\qixpbp.dll
2008-11-28 00:18 106,496 a------- c:\windows\system32\ingjtoej.dll
2008-11-28 00:18 106,496 a------- c:\windows\system32\fpekom.dll
2008-11-27 00:16 103,936 a------- c:\windows\system32\xcxggikd.dll
2008-11-27 00:16 103,936 a------- c:\windows\system32\shvyeq.dll
2008-11-26 00:16 103,936 a------- c:\windows\system32\hkiuqagn.dll
2008-11-26 00:16 103,936 a------- c:\windows\system32\beixux.dll
2008-11-25 00:14 103,936 a------- c:\windows\system32\wnbndqrp.dll
2008-11-25 00:14 103,936 a------- c:\windows\system32\wctonj.dll
2008-11-24 00:14 103,936 a------- c:\windows\system32\wupokjck.dll
2008-11-24 00:14 103,936 a------- c:\windows\system32\lquzah.dll
2008-11-23 00:15 103,936 a------- c:\windows\system32\oppxki.dll
2008-11-23 00:15 103,936 a------- c:\windows\system32\digbtecq.dll
2008-11-22 00:14 104,448 a------- c:\windows\system32\vyhpkg.dll
2008-11-22 00:14 104,448 a------- c:\windows\system32\vuwhyfqf.dll
2008-11-21 00:13 103,936 a------- c:\windows\system32\ewidfh.dll
2008-11-21 00:13 103,936 a------- c:\windows\system32\aoslnrqn.dll
2008-11-20 00:11 104,448 a------- c:\windows\system32\xaoqfz.dll
2008-11-20 00:11 104,448 a------- c:\windows\system32\bbovnvie.dll
2008-11-19 00:14 103,424 a------- c:\windows\system32\tycaqbep.dll
2008-11-19 00:14 103,424 a------- c:\windows\system32\bqoajb.dll
2008-11-18 00:10 103,936 a------- c:\windows\system32\hlgcfn.dll
2008-11-18 00:10 103,936 a------- c:\windows\system32\gsipnqxk.dll
2008-11-17 00:08 104,448 a------- c:\windows\system32\vnhqxmsr.dll
2008-11-17 00:08 104,448 a------- c:\windows\system32\gweuis.dll
2008-11-16 00:07 104,448 a------- c:\windows\system32\yavdjqvi.dll
2008-11-16 00:07 104,448 a------- c:\windows\system32\knjvje.dll
2008-11-14 14:50 70,656 a------- c:\windows\system32\lryoctuj.dll
2008-11-13 14:50 104,448 a------- c:\windows\system32\faojgb.dll
2008-11-13 14:50 104,448 a------- c:\windows\system32\buftspmo.dll
2008-11-13 14:50 71,168 a------- c:\windows\system32\oaulrewu.dll
2008-11-12 14:48 103,936 a------- c:\windows\system32\qjrhxpxa.dll
2008-11-12 14:48 103,936 a------- c:\windows\system32\cqhpzn.dll
2008-11-11 14:48 104,448 a------- c:\windows\system32\lcictl.dll
2008-11-11 14:48 104,448 a------- c:\windows\system32\ehgjlmux.dll
2008-11-10 14:46 104,448 a------- c:\windows\system32\qfxckk.dll
2008-11-10 14:46 104,448 a------- c:\windows\system32\dgrbucca.dll
2008-11-09 14:46 103,424 a------- c:\windows\system32\unjtvnka.dll
2008-11-09 14:46 103,424 a------- c:\windows\system32\rjqudg.dll
2008-11-08 14:46 103,936 a------- c:\windows\system32\sdnqnpfy.dll
2008-11-08 14:46 103,936 a------- c:\windows\system32\hdqbec.dll
2008-11-07 14:44 103,424 a------- c:\windows\system32\wvxiqa.dll
2008-11-07 14:44 103,424 a------- c:\windows\system32\nhnaxixr.dll
2008-11-06 14:45 103,936 a------- c:\windows\system32\vddoeiko.dll
2008-11-06 14:45 103,936 a------- c:\windows\system32\lrxqnn.dll
2008-11-05 14:45 102,912 a------- c:\windows\system32\nmvjkuxl.dll
2008-11-05 14:45 102,912 a------- c:\windows\system32\hmhrtp.dll
2007-04-16 07:52 168,509 a--shr-- c:\windows\system32\derxfq.dll

============= FINISH: 21:30:11.62 ===============

The network drives described in Attach.txt are mounted from one of the Ubuntu machines, so they might also contain copies, although the same infection has not bothered any Linux computers (yay!).

Thanks in advance for any assistance offered :thumbup2:

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 05 February 2009 - 11:18 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 superwad

superwad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:09:53 PM

Posted 08 February 2009 - 04:37 PM

OK, here is what I have. I could not update the Malwarebytes program, but the database version I used was 1/14/2009.

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

08/02/2009 1:33:43 PM
mbam-log-2009-02-08 (13-33-43).txt

Scan type: Quick Scan
Objects scanned: 46462
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 61

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\idcqyr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\unjtvnka.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aefleqkr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aeodes.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahkwyqmy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ajugdl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aotprm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ghwvjo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hkiuqagn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hmhrtp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lljhfj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\llspdijb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jwpuffqv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mbkltlew.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nwlied.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rjqudg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tgqfyjti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tguing.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vnhqxmsr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wctonj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmcadsic.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vddoeiko.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wrcyzd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\knjvje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prcwlcui.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rdhqdxpc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shvyeq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wnbndqrp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wupokjck.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvxiqa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wylqrgfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bbovnvie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\beixux.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bmhfbgeb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qfxckk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qixpbp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjjxgmvs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qjrhxpxa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nhnaxixr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nmvjkuxl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\losdpusa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lquzah.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lrxqnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lryoctuj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xaoqfz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndlopz.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gweuis.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ihexfi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgrbucca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuwhyfqf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vyhpkg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tycaqbep.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uahqto.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uemsvaiq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bqoajb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\brlxyfsg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kxjrfp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cqhpzn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yavdjqvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xcxggikd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\snsqxibh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



#4 superwad

superwad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:09:53 PM

Posted 08 February 2009 - 04:40 PM

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-08 13:36:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (29%) free of 38 GB
Total RAM: 1022 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:43 PM, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\IP Monitor\IPMonSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\FileZilla Server\FileZilla Server Interface.exe
C:\PROGRA~1\IPMONI~1\IPMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\My Documents\downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [IP Monitor] C:\PROGRA~1\IPMONI~1\IPMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\WINDOWS\is-BQE9K.exe" /REG
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE477984-9800-4EFD-8392-DC96B8A667FD}: NameServer = 76.10.191.198,76.10.191.199
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: IP Monitor Network Address Monitor (IP Monitor) - Barefoot Productions, Inc. - C:\Program Files\IP Monitor\IPMonSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 6478 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1207871805.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-152049171-682003330-500.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-01-25 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-31 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-02-10 118784]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-03-26 36352]
"WinVNC"=C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
"FileZilla Server Interface"=C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [2007-12-25 937984]
"IP Monitor"=C:\PROGRA~1\IPMONI~1\IPMonitor.exe [2005-05-11 580608]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-01-25 1235736]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-31 136600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"InnoSetupRegFile.0000000001"=C:\WINDOWS\is-BQE9K.exe [2009-02-07 685056]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-13 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2004-02-10 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe [2003-04-09 323646]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"idsvc"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10 339968]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\ApexDC++\ApexDC.exe"="C:\Program Files\ApexDC++\ApexDC.exe:*:Enabled:ApexDC++ - Pinnacle of File Sharing"
"C:\Program Files\AVG\AVG8\avgam.exe"="C:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5efa7338-fe33-11dc-9917-e384ac8ac99c}]
shell\AutoRun\command - G:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c181868-5472-11dd-8953-0007e96a4e83}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a980d76b-9496-11dd-8963-0007e96a4e83}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe99e802-6fdd-11dd-895d-0007e96a4e83}]
shell\AutoRun\command - H:\setup.exe


======List of files/folders created in the last 3 months======

2009-02-08 13:36:31 ----D---- C:\Program Files\trend micro
2009-02-08 13:36:30 ----D---- C:\rsit
2009-02-08 12:10:44 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-02-08 12:10:37 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-08 12:10:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-07 18:43:21 ----A---- C:\WINDOWS\is-BQE9K.exe
2009-01-31 23:18:39 ----D---- C:\Program Files\Sun
2009-01-31 23:14:55 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-31 23:14:55 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-31 23:14:55 ----A---- C:\WINDOWS\system32\java.exe
2009-01-31 18:02:15 ----D---- C:\Documents and Settings\All Users\Application Data\Azureus
2009-01-31 18:00:31 ----D---- C:\Program Files\Azureus4
2009-01-27 21:29:31 ----SHD---- C:\RECYCLER
2009-01-27 20:38:31 ----A---- C:\ComboFix.txt
2009-01-27 20:26:02 ----A---- C:\Boot.bak
2009-01-27 20:25:54 ----RASHD---- C:\cmdcons
2009-01-27 18:50:13 ----A---- C:\WINDOWS\zip.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\VFIND.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\SWSC.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\SWREG.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\sed.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\grep.exe
2009-01-27 18:50:13 ----A---- C:\WINDOWS\fdsv.exe
2009-01-27 18:44:38 ----D---- C:\WINDOWS\ERDNT
2009-01-27 18:44:38 ----D---- C:\Qoobox
2009-01-25 10:48:05 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-25 10:35:42 ----HD---- C:\$AVG8.VAULT$
2009-01-25 10:28:11 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-25 10:27:37 ----D---- C:\Program Files\AVG
2009-01-25 10:27:36 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-11 19:12:20 ----D---- C:\Program Files\Mozilla Firefox 2
2009-01-10 20:04:42 ----D---- C:\Program Files\ApexDC++
2008-12-28 13:10:43 ----D---- C:\Program Files\RAR Password Cracker
2008-12-16 00:29:55 ----A---- C:\WINDOWS\system32\yyrwbv.dll
2008-12-16 00:29:54 ----A---- C:\WINDOWS\system32\uybvhxyc.dll
2008-12-14 17:40:09 ----D---- C:\Program Files\PeerGuardian2
2008-12-13 00:29:28 ----A---- C:\WINDOWS\system32\bdzgqk.dll
2008-12-13 00:29:27 ----A---- C:\WINDOWS\system32\eqgmwbte.dll
2008-12-12 00:32:23 ----A---- C:\WINDOWS\system32\ldwfdg.dll
2008-12-12 00:32:20 ----A---- C:\WINDOWS\system32\cemjqmwf.dll
2008-12-11 19:57:36 ----D---- C:\Program Files\megui
2008-12-11 19:27:11 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-11 18:39:39 ----D---- C:\Program Files\WinAVI MP4 Converter
2008-12-11 17:16:23 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-11 17:15:07 ----D---- C:\Program Files\iPod
2008-12-11 17:15:03 ----D---- C:\Program Files\iTunes
2008-12-11 17:15:03 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-11 17:13:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-07 00:28:58 ----A---- C:\WINDOWS\system32\pnxcpr.dll
2008-12-07 00:28:55 ----A---- C:\WINDOWS\system32\speewfgd.dll
2008-12-05 00:23:41 ----A---- C:\WINDOWS\system32\dpiyhm.dll
2008-12-05 00:23:38 ----A---- C:\WINDOWS\system32\iykbtmjd.dll
2008-11-28 00:18:42 ----A---- C:\WINDOWS\system32\fpekom.dll
2008-11-28 00:18:39 ----A---- C:\WINDOWS\system32\ingjtoej.dll
2008-11-23 00:15:03 ----A---- C:\WINDOWS\system32\oppxki.dll
2008-11-23 00:15:01 ----A---- C:\WINDOWS\system32\digbtecq.dll
2008-11-21 00:13:36 ----A---- C:\WINDOWS\system32\ewidfh.dll
2008-11-21 00:13:33 ----A---- C:\WINDOWS\system32\aoslnrqn.dll
2008-11-18 00:10:27 ----A---- C:\WINDOWS\system32\hlgcfn.dll
2008-11-18 00:10:26 ----A---- C:\WINDOWS\system32\gsipnqxk.dll
2008-11-17 19:49:39 ----D---- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-11-17 19:34:24 ----D---- C:\Program Files\Common Files\Apple
2008-11-17 19:34:00 ----D---- C:\Program Files\QuickTime
2008-11-17 19:33:57 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-17 19:31:08 ----D---- C:\Program Files\Apple Software Update
2008-11-17 19:31:00 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-11-13 14:50:39 ----A---- C:\WINDOWS\system32\faojgb.dll
2008-11-13 14:50:37 ----A---- C:\WINDOWS\system32\buftspmo.dll
2008-11-13 14:50:25 ----A---- C:\WINDOWS\system32\oaulrewu.dll
2008-11-11 14:48:02 ----A---- C:\WINDOWS\system32\lcictl.dll
2008-11-11 14:48:01 ----A---- C:\WINDOWS\system32\ehgjlmux.dll

======List of files/folders modified in the last 3 months======

2009-02-08 13:36:42 ----D---- C:\WINDOWS\Temp
2009-02-08 13:36:31 ----RD---- C:\Program Files
2009-02-08 13:36:13 ----D---- C:\WINDOWS\Prefetch
2009-02-08 13:33:43 ----D---- C:\WINDOWS\system32
2009-02-08 12:13:20 ----D---- C:\Documents and Settings\Administrator\Application Data\Azureus
2009-02-08 12:10:40 ----D---- C:\WINDOWS\system32\drivers
2009-02-07 18:54:53 ----D---- C:\Documents and Settings\Administrator\Application Data\FileZilla
2009-02-07 18:43:21 ----D---- C:\Program Files\WinMerge
2009-02-07 18:43:21 ----AD---- C:\WINDOWS
2009-02-07 00:00:13 ----A---- C:\WINDOWS\maketorrent.ini
2009-02-06 14:51:43 ----SD---- C:\WINDOWS\Tasks
2009-02-06 02:07:18 ----D---- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2009-02-05 07:30:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Hamachi
2009-02-04 19:56:05 ----D---- C:\Program Files\Mozilla Firefox
2009-02-03 22:49:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-02 19:38:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-01 19:04:45 ----D---- C:\WINDOWS\system32\NtmsData
2009-01-31 23:18:54 ----SHD---- C:\WINDOWS\Installer
2009-01-31 23:17:24 ----D---- C:\Program Files\Java
2009-01-31 23:14:40 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-31 17:58:46 ----D---- C:\Program Files\Azureus
2009-01-27 20:35:31 ----A---- C:\WINDOWS\system.ini
2009-01-27 20:31:02 ----D---- C:\WINDOWS\system32\config
2009-01-27 20:28:36 ----D---- C:\WINDOWS\AppPatch
2009-01-27 20:28:36 ----D---- C:\Program Files\Common Files
2009-01-27 20:26:02 ----RASH---- C:\boot.ini
2009-01-27 18:43:21 ----D---- C:\Program Files\ÜDC++
2009-01-27 14:25:54 ----D---- C:\Program Files\StrongDC++
2009-01-26 11:24:50 ----D---- C:\Program Files\AQScript
2009-01-25 11:55:46 ----A---- C:\WINDOWS\win.ini
2009-01-25 11:53:06 ----SHD---- C:\System Volume Information
2009-01-25 11:53:06 ----D---- C:\WINDOWS\system32\Restore
2009-01-25 11:51:33 ----D---- C:\WINDOWS\security
2009-01-25 10:48:16 ----SHD---- C:\WINDOWS\CSC
2009-01-25 10:26:48 ----D---- C:\WINDOWS\WinSxS
2009-01-25 10:25:01 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-01-24 15:42:46 ----A---- C:\WINDOWS\system32\3fa8d2c2-.txt
2009-01-12 09:57:00 ----D---- C:\Program Files\Common Files\Adobe
2009-01-12 09:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-12 09:56:28 ----D---- C:\Program Files\Adobe
2009-01-06 07:27:58 ----A---- C:\Documents and Settings\Administrator\Application Data\AutoGK.ini
2008-12-30 05:22:15 ----D---- C:\Program Files\eMule
2008-12-11 19:32:07 ----D---- C:\Program Files\ProjectCentralServer
2008-12-11 19:31:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-11 19:29:39 ----D---- C:\Program Files\Hewlett-Packard
2008-12-11 17:57:23 ----HD---- C:\WINDOWS\inf
2008-11-23 21:20:43 ----D---- C:\Documents and Settings\Administrator\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-25 98440]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-25 26824]
R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-25 90632]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 nltdi;nltdi; \??\C:\WINDOWS\system32\drivers\nltdi.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-08-01 99648]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\System32\DRIVERS\hamachi.sys [2008-06-05 25280]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-06-20 9600]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-02-10 681469]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-06-20 12160]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 HWACCESS;HWACCESS; \??\C:\WINDOWS\SYSTEM32\HWACCESS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 xihvlte;xihvlte; \??\C:\WINDOWS\system32\02.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-25 231704]
R2 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2007-12-25 586240]
R2 IP Monitor;IP Monitor Network Address Monitor; C:\Program Files\IP Monitor\IPMonSvc.exe [2005-05-11 164352]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-31 152984]
R2 nlsvc;NetLimiter; C:\Program Files\NetLimiter 2 Pro\nlsvc.exe [2007-03-21 516096]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 NetSvc;Intel NCS NetService; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [2002-09-27 139264]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


Edited by superwad, 08 February 2009 - 05:11 PM.


#5 superwad

superwad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:09:53 PM

Posted 08 February 2009 - 05:11 PM

info.txt logfile of random's system information tool 1.05 2009-02-08 13:36:48

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivePerl 5.8.8 Build 822-->MsiExec.exe /I{D0E5A0E6-5947-4F21-B8AE-5129D153083B}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
ApexDC++ 1.2.0-->C:\Program Files\ApexDC++\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AQScript LM-2.5-->C:\Program Files\AQScript\uninst.exe
Auto Gordian Knot 2.27-->C:\Program Files\AutoGK\uninst.exe
AVG 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Civilization III v1.29f-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}\Setup.exe"
Civilization III-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\setup.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Exact Audio Copy v0.9 beta 4-->"C:\Program Files\Exact Audio Copy\unins000.exe"
FileZilla Client 3.0.11-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FileZilla Server (remove only)-->"C:\Program Files\FileZilla Server\uninstall.exe"
foobar2000-->"C:\Program Files\foobar2000\uninstall.exe"
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 2100 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 2100 series-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
Intel® Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{EF4EF65F-4D62-44D7-82C9-1AECCBA74C50}
IP Monitor-->C:\PROGRA~1\IPMONI~1\UNWISE.EXE C:\PROGRA~1\IPMONI~1\INSTALL.LOG
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java DB 10.4.1.3-->MsiExec.exe /X{998D6972-F58E-479D-9248-8F179E55AE38}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Development Kit 6 Update 11-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160110}
MakeTorrent v2.1-->"C:\Program Files\Maketorrent 2\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MeGUI modern media encoder (remove only)-->"C:\Program Files\megui\megui-uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox 2\uninstall\helper.exe
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.40-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MusicIP Mixer 1.9-->"C:\Program Files\MusicIP\MusicIP Mixer\unins000.exe"
NetLimiter 2 Pro (remove only)-->"C:\Program Files\NetLimiter 2 Pro\nl2uninst.exe"
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
OpenOffice.org 2.4-->MsiExec.exe /I{2CD2C0DB-81C3-416B-9FA6-589B9235359B}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RAR Password Cracker 4.12-->C:\Program Files\RAR Password Cracker\uninstall.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
StrongDC++ 1.0 RC10 TBI2-->C:\Program Files\StrongDC++\uninst.exe
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
UltraISO Premium V9.3-->"C:\Program Files\UltraISO\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
VQScript 2.4-->C:\Program Files\VQScript\uninst.exe
Vuze-->C:\Program Files\Azureus4\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinHex-->C:\Program Files\WinHex\WinHex.exe uninst
WinMerge 2.10.4.0-->"C:\Program Files\WinMerge\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"

======Hosts File======

10.0.0.20 mainbox

======Security center information======

AV: AVG Anti-Virus (outdated)

System event log

Computer Name: RIP1
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file \Device\LanmanRedirector. The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 3743
Source Name: MRxSmb
Time Written: 20081029141110.000000-480
Event Type: warning
User:

Computer Name: RIP1
Event Code: 26
Message: Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \[ A ]\Aerosmith\Aerosmith - 2002 - O, Yeah! Ultimate Aerosmith Hits (Disc 2)\02 - Livin' On The Edge.mp3.tmp. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 3742
Source Name: Application Popup
Time Written: 20081029141110.000000-480
Event Type: information
User:

Computer Name: RIP1
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file \Device\LanmanRedirector. The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 3741
Source Name: MRxSmb
Time Written: 20081029141059.000000-480
Event Type: warning
User:

Computer Name: RIP1
Event Code: 26
Message: Application popup: Windows - Delayed Write Failed : Windows was unable to save all the data for the file \[ A ]\Alan Parsons Project, The\The Alan Parsons Project - 1984 - Ammonia Avenue\02 - Let Me Go Home.mp3.tmp. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 3740
Source Name: Application Popup
Time Written: 20081029141059.000000-480
Event Type: information
User:

Computer Name: RIP1
Event Code: 50
Message: {Delayed Write Failed}
Windows was unable to save all the data for the file \Device\LanmanRedirector. The data has been lost.
This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.

Record Number: 3739
Source Name: MRxSmb
Time Written: 20081029141049.000000-480
Event Type: warning
User:

Application event log

Computer Name: RIP1
Event Code: 11707
Message: Product: Microsoft Visual C++ 2005 Redistributable -- Installation completed successfully.

Record Number: 649
Source Name: MsiInstaller
Time Written: 20090125102724.000000-480
Event Type: information
User: RIP1\Administrator

Computer Name: RIP1
Event Code: 0
Message:
Record Number: 648
Source Name: iPod Service
Time Written: 20090121200920.000000-480
Event Type: information
User:

Computer Name: RIP1
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 647
Source Name: SecurityCenter
Time Written: 20090121200902.000000-480
Event Type: information
User:

Computer Name: RIP1
Event Code: 1
Message:
Record Number: 646
Source Name: IP Monitor Service
Time Written: 20090121200831.000000-480
Event Type: information
User:

Computer Name: RIP1
Event Code: 1517
Message: Windows saved user RIP1\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 645
Source Name: Userenv
Time Written: 20090121200145.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0207
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------



#6 superwad

superwad
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver
  • Local time:09:53 PM

Posted 08 February 2009 - 05:13 PM

GMER log.

Thanks for helping :thumbup2:

Attached Files

  • Attached File  gmer.log   16.16KB   3 downloads


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 08 February 2009 - 10:15 PM

Please show hidden files and folders


Please visit this site and upload below file.. At the comment section, just say "fenzodahl512 asked to upload the file"

C:\WINDOWS\system32\derxfq.dll



Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Edited by fenzodahl512, 08 February 2009 - 11:48 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 18 February 2009 - 05:58 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users