Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Windows Protection/Windows Police Pro/porn links


  • This topic is locked This topic is locked
4 replies to this topic

#1 mitchmri

mitchmri

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 08 September 2009 - 06:21 PM

Please help. I'm MODERATELY familiar with removing malware but nothing I try is working on this new curse I've picked up. My MBAM will not start when I try... Taskmanager comes up in some limited capacity (one that does not include the "Processes" tab or any tab across the top of the window), I will suddenly start streaming some "Entertainment Tonight"-like audio feed and I don't have a clue where that's coming from. I get "Windows Protection" scans popping up along with "Windows Police Pro" scans and vulgar porn link icons on my desktop. Any assistance will be greatly appreciated.

Here is my DDS txt file.


DDS (Ver_09-07-30.01) - NTFSx86
Run by Mitchell Sapp at 18:43:25.01 on Tue 09/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1251 [GMT -4:00]

AV: Protection System *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\wscsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mitchell Sapp\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://hometab.bellsouth.net/
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn4\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn4\yt.dll
BHO: ICQSys (IE PlugIn): {76dc0b63-1533-4ba9-8be8-d59eb676fa02} - c:\windows\system32\dddesot.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn4\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\neroph~1\data\xtras\mssysmgr.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Protection System] "c:\program files\protection system\psystem.exe" -noscan
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [LyraHD2TrayApp] "c:\program files\thomson\lyra jukebox\lyrahdtrayapp\LYRAHD2TrayApp.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [USBToolTip] "c:\program files\pinnacle\shared files\\programs\usbtip\USBTip.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton antivirus\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [AntiSpyware Service] c:\windows\temp\u01r0huh.exe
dRun: [Windows System Recover!] c:\windows\temp\install.exe
StartupFolder: c:\docume~1\mitche~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exe
StartupFolder: c:\docume~1\mitche~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 2.4\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.3.1/jinstall-131_02-win.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mitche~1\applic~1\mozilla\firefox\profiles\dte422hb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 53248]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-7-24 109616]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-9-28 200192]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080724.024\NAVENG.SYS [2008-7-24 89936]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080724.024\NAVEX15.SYS [2008-7-24 856336]
S2 AntipPro2009_100;AntipyProex;c:\windows\svchasts.exe [2009-9-7 163840]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [2005-12-18 15104]
S2 EraserSvc10732;Symantec Eraser Service;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
S2 EvenSystems;EvenSystems;c:\recycler\svchost.exe --> c:\recycler\svchost.exe [?]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-2 24652]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-3-7 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-3-7 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-3-7 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-3-7 59520]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-25 1251720]

=============== Created Last 30 ================

2009-09-08 05:57 135,680 a------- c:\windows\system32\taxmag.exe
2009-09-07 23:48 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 23:48 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-07 23:48 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 12:09 31,232 a------- c:\windows\system32\wingenocx.dll
2009-09-07 11:57 <DIR> --d----- c:\program files\Protection System
2009-09-07 09:26 1,382 a------- c:\windows\system32\onhelp.htm
2009-09-07 09:11 4 a------- c:\windows\system32\bincd32.dat
2009-09-07 08:55 36 a------- c:\windows\system32\sysnet.dat
2009-09-07 08:55 495,616 a------- c:\windows\system32\dddesot.dll
2009-09-07 08:55 440,320 a------- c:\windows\system32\desote.exe
2009-09-07 08:55 163,840 a------- c:\windows\svchasts.exe
2009-09-07 08:55 96 a------- c:\windows\system32\sonhelp.htm
2009-09-07 08:55 58 a------- c:\windows\ppp4.dat
2009-09-07 08:55 9 a------- c:\windows\system32\bennuar.old
2009-09-07 08:55 3 a------- c:\windows\ppp3.dat
2009-09-07 08:55 <DIR> --d----- c:\program files\Windows Police Pro
2009-09-07 08:50 1,010,176 a------- c:\windows\system32\wscsvc32.exe
2009-09-02 09:14 17,755 a------- c:\docume~1\mitche~1\applic~1\fygumixe.com
2009-09-02 09:14 17,175 a------- c:\program files\common files\jaxetelify.dat
2009-09-02 09:14 16,155 a------- c:\program files\common files\kidaweheb.sys
2009-09-02 09:14 15,409 a------- c:\docume~1\alluse~1\applic~1\xypizuxyj.bat
2009-09-02 09:14 15,035 a------- c:\program files\common files\ofaravi.exe
2009-09-02 09:14 12,299 a------- c:\docume~1\alluse~1\applic~1\esetij.reg
2009-09-02 09:14 11,227 a------- c:\program files\common files\ufaguj.exe
2009-08-31 14:43 <DIR> --d----- c:\windows\Profiles
2009-08-21 19:34 <DIR> a-d----- c:\windows\system32\images
2009-08-20 16:23 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-20 06:48 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-20 06:47 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 06:47 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-20 06:47 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-20 06:47 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-20 06:47 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-20 06:47 <DIR> --d----- C:\87e7fd82e126a002d995f6af02009b7d
2009-08-20 06:47 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-20 06:47 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-20 06:47 <DIR> --d----- c:\windows\SxsCaPendDel
2009-08-19 22:19 <DIR> --d----- c:\program files\Microsoft
2009-08-14 23:29 <DIR> --d----- c:\program files\Audible
2009-08-13 00:35 <DIR> --d----- c:\program files\MSXML 6.0
2009-08-13 00:33 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-12 05:24 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 05:23 655,872 -------- c:\windows\system32\dllcache\mstscax.dll

==================== Find3M ====================

2009-09-02 09:14 18,912 a------- c:\windows\axenosy.bin
2009-09-02 09:14 18,623 a------- c:\windows\system32\cagyhop.pif
2009-09-02 09:14 17,456 a------- c:\windows\zypumuwa.reg
2009-09-02 09:14 17,110 a------- c:\windows\system32\ixubow.com
2009-09-02 09:14 16,675 a------- c:\windows\bigazesado.com
2009-09-02 09:14 16,592 a------- c:\windows\enaduji.bin
2009-09-02 09:14 15,525 a------- c:\windows\cadex.dat
2009-09-02 09:14 15,438 a------- c:\windows\system32\kuwyxyno.reg
2009-09-02 09:14 13,160 a------- c:\windows\deramyruq.vbs
2009-09-02 09:14 12,827 a------- c:\windows\system32\okonohyzir.pif
2009-09-02 09:14 12,630 a------- c:\windows\system32\sutemy.vbs
2009-09-02 09:14 12,580 a------- c:\windows\qidesobe.exe
2009-08-05 05:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 05:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-18 12:20 3,062,272 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-18 12:20 1,506,304 -------- c:\windows\system32\dllcache\shdocvw.dll
2009-07-17 14:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 14:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 09:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 14:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 04:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 04:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 04:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 04:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 07:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 07:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 07:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 07:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 07:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 07:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 07:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 07:38 18,432 -------- c:\windows\system32\dllcache\iedw.exe
2009-06-22 07:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:55 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:55 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 07:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 07:50 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 07:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 07:50 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2008-01-15 23:24 87,608 a------- c:\docume~1\mitche~1\applic~1\inst.exe
2008-01-15 23:24 47,360 a------- c:\docume~1\mitche~1\applic~1\pcouffin.sys
2006-12-28 21:51 1,274 a------- c:\docume~1\mitche~1\applic~1\wklnhst.dat
2002-07-26 17:02 153,088 a------- c:\program files\UNWISE.EXE
2001-06-20 17:19 40,960 a------- c:\program files\ACMonitor_X83.exe

============= FINISH: 18:45:18.78 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 10 September 2009 - 12:35 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 mitchmri

mitchmri
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:18 AM

Posted 10 September 2009 - 06:06 PM

Thank you so much for your reply. It looks like this really, REALLY helped.. But I'm not going to do anything else until I hear back from you. You don't know how much I appreciate this. You are incredible!!!! Here is the log from ComboFix:

ComboFix 09-09-10.01 - Mitchell Sapp 09/10/2009 18:24.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1918.1324 [GMT -4:00]
Running from: c:\documents and settings\Mitchell Sapp\Desktop\Combo-fix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\esetij.reg
c:\documents and settings\All Users\Application Data\kule._dl
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\tozosyko.inf
c:\documents and settings\All Users\Application Data\xypizuxyj.bat
c:\documents and settings\All Users\Desktop\nudetube.com.lnk
c:\documents and settings\All Users\Desktop\pornotube.com.lnk
c:\documents and settings\All Users\Desktop\youporn.com.lnk
c:\documents and settings\All Users\Documents\otiditupux.inf
c:\documents and settings\All Users\Documents\uzawymace.vbs
c:\documents and settings\Mitchell Sapp\Application Data\fygumixe.com
c:\documents and settings\Mitchell Sapp\Application Data\inst.exe
c:\documents and settings\Mitchell Sapp\Application Data\neketone._dl
c:\documents and settings\Mitchell Sapp\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\program files\Common Files\kidaweheb.sys
c:\program files\Common Files\ofaravi.exe
c:\program files\Common Files\ufaguj.exe
c:\program files\Protection System
c:\program files\Protection System\blacklist.cga
c:\program files\Protection System\core.cga
c:\program files\Protection System\coreext.dll
c:\program files\Protection System\firewall.dll
c:\program files\Protection System\help.ico
c:\program files\Protection System\psystem.exe
c:\program files\Protection System\uninstall.exe
c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
c:\recycler\S-1-5-21-3403113249-1826735100-932201801-500
c:\windows\axenosy.bin
c:\windows\deramyruq.vbs
c:\windows\enaduji.bin
c:\windows\Installer\602eec.msi
c:\windows\Installer\b0b74.msi
c:\windows\Installer\e41979.msi
c:\windows\jestertb.dll
c:\windows\ModemLog_PANTECH USB Modem .txt
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\qidesobe.exe
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\cagyhop.pif
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\windows\system32\desote.exe
c:\windows\system32\drivers\hjgruikvrtctap.sys
c:\windows\system32\drivers\UACcjarpwurhs.sys
c:\windows\system32\hjgruihnfwvyse.dll
c:\windows\system32\hjgruimykjbmur.dll
c:\windows\system32\hjgruiovdhabww.dat
c:\windows\system32\hjgruithlrrsou.dat
c:\windows\system32\hjgruiwrxgyyak.dll
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kuwyxyno.reg
c:\windows\system32\okonohyzir.pif
c:\windows\system32\onhelp.htm
c:\windows\system32\sonhelp.htm
c:\windows\system32\sutemy.vbs
c:\windows\system32\sysnet.dat
c:\windows\system32\UAChlwyaaotxq.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACljucxkjeho.dll
c:\windows\system32\UAClykokxuflm.dll
c:\windows\system32\UACnojlgkciip.dll
c:\windows\system32\UACxpdyrohysi.dll
c:\windows\system32\wingenocx.dll
c:\windows\zypumuwa.reg

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruilrqnoltn
-------\Legacy_hjgruilrqnoltn
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_ANTIPPRO2009_100
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-08-10 to 2009-09-10 )))))))))))))))))))))))))))))))
.

2009-09-10 00:58 . 2009-09-10 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-10 00:58 . 2009-09-10 00:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-09 10:37 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-09 10:37 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-09 10:37 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-09 10:37 . 2009-09-09 10:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-09 10:37 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-09 10:37 . 2009-09-09 10:58 -------- d-----w- c:\program files\Spyware Doctor
2009-09-09 10:37 . 2009-09-09 10:37 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\PC Tools
2009-09-09 10:37 . 2009-09-09 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-08 22:36 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 09:57 . 2004-08-04 08:00 135680 ----a-w- c:\windows\system32\taxmag.exe
2009-09-08 03:48 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 03:48 . 2009-09-08 04:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 03:48 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 12:55 . 2009-09-07 12:55 163840 ----a-w- c:\windows\svchasts.exe
2009-09-02 13:20 . 2009-09-02 13:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-02 13:14 . 2009-09-02 13:14 17175 ----a-w- c:\program files\Common Files\jaxetelify.dat
2009-09-02 13:14 . 2009-09-02 13:14 17110 ----a-w- c:\windows\system32\ixubow.com
2009-09-02 13:14 . 2009-09-02 13:14 16675 ----a-w- c:\windows\bigazesado.com
2009-09-02 13:14 . 2009-09-02 13:14 15525 ----a-w- c:\windows\cadex.dat
2009-08-31 18:43 . 2009-08-31 18:43 -------- d-----w- c:\windows\Profiles
2009-08-31 18:43 . 2009-08-31 18:43 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\InterTrust
2009-08-20 10:48 . 2009-08-20 10:48 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-20 10:48 . 2009-08-20 10:48 -------- d-----w- c:\program files\MSBuild
2009-08-20 10:48 . 2009-08-20 10:48 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 10:47 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-20 10:47 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-20 10:47 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-20 10:47 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-20 10:47 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 10:47 . 2009-08-20 10:48 -------- d-----w- C:\87e7fd82e126a002d995f6af02009b7d
2009-08-20 10:47 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-20 10:47 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-20 10:47 . 2009-08-20 20:15 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-20 02:19 . 2009-08-20 02:19 -------- d-----w- c:\program files\Microsoft
2009-08-13 04:35 . 2009-08-13 04:35 -------- d-----w- c:\program files\MSXML 6.0
2009-08-13 04:33 . 2009-08-13 04:33 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 09:23 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 22:48 . 2007-08-16 17:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-10 22:47 . 2008-08-28 13:06 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\OpenOffice.org2
2009-09-10 21:28 . 2006-08-16 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-09 10:07 . 2009-04-23 11:46 -------- d-----w- c:\program files\RealArcade
2009-09-09 10:06 . 2006-09-06 21:48 -------- d-----w- c:\program files\DivX
2009-09-09 01:22 . 2009-08-02 00:17 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 01:22 . 2005-04-29 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-07 15:52 . 2005-04-29 09:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-07 11:49 . 2008-07-15 14:20 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\uTorrent
2009-09-06 00:41 . 2009-08-09 12:26 256 ----a-w- c:\windows\system32\pool.bin
2009-09-04 03:49 . 2005-04-29 08:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-27 02:19 . 2007-08-17 16:22 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\U3
2009-08-23 17:13 . 2005-04-29 08:52 -------- d-----w- c:\program files\Java
2009-08-21 02:54 . 2005-09-27 22:31 130784 ----a-w- c:\documents and settings\Mitchell Sapp\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-14 23:21 . 2005-11-03 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-08-09 12:57 . 2009-08-09 12:57 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\Blackberry Desktop
2009-08-09 12:52 . 2009-08-09 12:52 -------- d-----w- c:\documents and settings\LocalService\Application Data\Roxio
2009-08-09 12:52 . 2007-07-05 23:08 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\Roxio
2009-08-09 12:26 . 2009-08-09 12:26 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\Research In Motion
2009-08-09 12:05 . 2007-07-05 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-09 12:05 . 2009-08-09 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-08-09 12:04 . 2009-08-09 12:02 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-08-09 12:03 . 2007-07-05 22:37 -------- d-----w- c:\program files\Roxio
2009-08-09 12:02 . 2005-04-29 08:37 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-09 11:53 . 2009-08-09 11:52 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-08-09 11:52 . 2009-08-09 11:52 -------- d-----w- c:\program files\Research In Motion
2009-08-05 09:11 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 04:02 . 2009-08-03 04:01 -------- d-----w- c:\program files\Windows Live
2009-08-03 04:01 . 2009-08-03 04:01 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-03 03:32 . 2009-08-03 03:32 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-03 03:23 . 2009-08-02 04:17 -------- d-----w- c:\program files\Common Files\AOL
2009-08-02 04:18 . 2009-08-02 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-02 04:18 . 2009-08-02 04:18 -------- d-----w- c:\program files\Viewpoint
2009-08-02 04:17 . 2009-08-02 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-08-02 04:17 . 2009-08-02 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 19:58 . 2007-12-27 02:05 -------- d-----w- c:\documents and settings\Mitchell Sapp\Application Data\LimeWire
2009-07-25 19:51 . 2007-12-02 23:51 -------- d-----w- c:\program files\LimeWire
2009-07-25 09:23 . 2009-06-09 17:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 18:55 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 08:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:18 . 2004-08-04 08:00 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 21:11 . 2009-06-25 21:11 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-25 18:36 . 2004-08-04 08:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-04 08:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-04 08:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-04 08:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-04 08:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-04 08:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-04 08:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-04 08:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-04 08:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-04 08:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-04 08:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-04 08:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-04 08:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-04 08:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-04 08:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-04 08:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-04 08:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-04 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-04 08:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-04 08:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-04 08:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-04 08:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-04 08:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:55 . 2004-08-04 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2002-07-26 21:02 . 2006-08-06 21:46 153088 ----a-w- c:\program files\UNWISE.EXE
2001-06-20 21:19 . 2001-06-19 21:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-12-07 1884160]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"LyraHD2TrayApp"="c:\program files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2003-11-18 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 196608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-17 180269]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]

c:\documents and settings\Mitchell Sapp\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\DropBox\\DropBox\\DropBox.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Mitchell Sapp\\Desktop\\Rarely used programs\\utorrent.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/9/2009 6:37 AM 130936]
R2 EraserSvc10732;Symantec Eraser Service;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [1/10/2007 1:59 AM 108648]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [12/1/2003 3:27 PM 53248]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [9/9/2009 6:37 AM 348752]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/2/2009 12:18 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/24/2008 4:48 PM 109616]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [9/28/2005 5:27 PM 200192]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [12/18/2005 1:05 PM 15104]
S2 EvenSystems;EvenSystems;c:\recycler\svchost.exe --> c:\recycler\svchost.exe [?]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [3/7/2008 12:32 AM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [3/7/2008 12:32 AM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [3/7/2008 12:32 AM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [3/7/2008 12:32 AM 59520]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-01 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Mitchell Sapp.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://hometab.bellsouth.net/
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
FF - ProfilePath - c:\documents and settings\Mitchell Sapp\Application Data\Mozilla\Firefox\Profiles\dte422hb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\RealArcade\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npraclient.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PhotoShow Deluxe Media Manager - c:\progra~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
HKCU-Run-Protection System - c:\program files\Protection System\psystem.exe
HKLM-Run-PrinTray - c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-10 18:48
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3873421522-1558827524-3296122630-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A9C5231-A7F1-F772-6B23-BDD291A072E3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,82,e4,f8,a6,36,
b2,0c,eb,e2,63,26,f1,3f,c8,ff,68,77,78,61,24,d0,d9,b7,ee,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e8,d8,dd,94,a4,
96,b8,76,6a,9c,d6,61,af,45,84,18,f0,61,18,6d,f3,7d,bf,48,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,24,dd,05,14,4f,
7e,82,53,ff,7c,85,e0,43,d4,0e,fe,bb,59,83,09,8b,38,1c,a2,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,a7,96,c3,9e,c9,
64,54,48,86,8c,21,01,be,91,eb,e7,7d,28,0c,ff,a0,4a,8e,d4,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,81,f7,eb,71,91,
cd,6b,62,f5,1d,4d,73,a8,13,5c,05,35,a7,c5,a4,eb,ec,5d,93,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,a8,cc,fc,b3,a0,
b3,61,37,df,20,58,62,78,6b,cf,c8,9c,52,df,a8,e8,88,07,99,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a3,a6,95,1d,70,
5c,fd,5a,fb,a7,78,e6,12,2f,9a,ea,cd,01,c6,56,e9,c5,ab,8e,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,47,71,80,5b,22,
b2,5c,be,01,3a,48,fc,e8,04,4a,f1,02,e8,10,1d,df,6b,e5,7d,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,9b,69,a6,6f,a0,
af,f6,cd,f6,0f,4e,58,98,5b,89,c9,61,fd,8f,0e,9f,1f,ae,78,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,bf,0f,a7,58,02,
eb,86,15,3d,ce,ea,26,2d,45,aa,78,82,3f,65,c5,66,85,20,88,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,65,ee,0a,67,03,
19,74,2d,2a,b7,cc,b5,b9,7f,41,e7,46,9b,ff,07,76,21,f2,d8,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,65,cc,7c,6a,b3,
a1,ce,84,6c,43,2d,1e,aa,22,2f,9c,3c,44,db,fc,f5,a3,d6,9c,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(748)
c:\program files\Spyware Doctor\pctgmhk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Logitech\QuickCam\LU\LULnchr.exe
c:\program files\Logitech\QuickCam\LU\LogitechUpdate.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
.
**************************************************************************
.
Completion time: 2009-09-10 19:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-10 22:59

Pre-Run: 35,682,652,160 bytes free
Post-Run: 35,727,921,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

462 --- E O F --- 2009-09-09 01:10

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 10 September 2009 - 11:51 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
EvenSystems

File::
c:\windows\svchasts.exe
c:\program files\Common Files\jaxetelify.dat
c:\windows\system32\ixubow.com
c:\windows\bigazesado.com
c:\windows\cadex.dat
c:\recycler\svchost.exe

RegLock::
[HKEY_USERS\S-1-5-21-3873421522-1558827524-3296122630-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0A9C5231-A7F1-F772-6B23-BDD291A072E3}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:18 PM

Posted 15 September 2009 - 12:07 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users