Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 GoingALittleCrazy

GoingALittleCrazy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 02 April 2010 - 08:11 AM

I have the google redirect virus and also get a warning from comodo re TrojWare.Win32.TrojanDownloader.Agent.BOW3@82741118. I ran Malaware bytes, which corrected one issue, but still left with google re-direct.

The following are the GMER, DDS and COMBOFIX logs.

thanks in advance for any help.





**************************************************************
* GMER LOG
**************************************************************
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-01 22:19:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\dcameron\LOCALS~1\Temp\pwdoakow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB6E64BDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB6E641B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB6E64840]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB6E6535A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB6E6409A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB6E6606A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB6E66302]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB6E63C60]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB6E64FC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB6E65174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB6E63A92]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB6E65CEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB6E6443C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB6E64A1C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB6E637C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB6E646CC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB6E6393A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB6E65720]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB6E66648]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB6E65A88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB6E64DC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB6E65E9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB6E65520]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB6E643D6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB6E645C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB6E63F64]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB6E63E32]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \FileSystem\Fastfat \Fat B1323D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x1A 0x35 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x83 0x1A 0x35 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0D 0xEB 0xFA 0xEC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0xAC 0x93 0x04 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x4E 0xF6 0x15 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}\InProcServer32@jaeijflmndakojhmkpda 0x6A 0x61 0x64 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}\InProcServer32@iaeidpbcedpjikmnfj 0x6A 0x61 0x64 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}\InProcServer32@iaeifgnkghgliceddb 0x65 0x62 0x66 0x69 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}\InProcServer32@iaeifgnkghmkgcmfhn 0x64 0x62 0x67 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}\InProcServer32@jaidcaeihbciidpobjmk 0x69 0x61 0x6F 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}\InProcServer32@iaidiabpaclkclicol 0x69 0x61 0x6F 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}\InProcServer32@jadeinbphflbkbockiil 0x6A 0x61 0x6E 0x65 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}\InProcServer32@iadecneniphbkjaonk 0x6A 0x61 0x6E 0x65 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}\InProcServer32@iadeeoielofkjppijk 0x65 0x62 0x65 0x65 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}\InProcServer32@iadeeoielohkladebf 0x64 0x62 0x6E 0x65 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}@iacikaomlohnflalmk 0x6A 0x61 0x64 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}@haiidpdghjfhpghb 0x69 0x61 0x64 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}@haglankejkmlmaco 0x65 0x62 0x66 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}@haglankelioleeap 0x64 0x62 0x67 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}@hakegkepbghbfiel 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}@hakegkeplffolmkh 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}@iaoddaiaeflcbomena 0x69 0x61 0x6F 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}@haecfblldaeehjok 0x69 0x61 0x6F 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{518622E2-E252-598E-2A04-41D1AD2F28C9}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{518622E2-E252-598E-2A04-41D1AD2F28C9}@iadkhlmnmdlikppbkh 0x6B 0x61 0x68 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{518622E2-E252-598E-2A04-41D1AD2F28C9}@hajknklmffmbakih 0x6B 0x61 0x68 0x6E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}@iajdbndfpadmeadcbd 0x6A 0x61 0x6E 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}@hahehpbfoienoelj 0x6A 0x61 0x6E 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}@hanafgdbbkdmbabf 0x65 0x62 0x65 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}@hanafgdbpoefnlcd 0x64 0x62 0x6E 0x65 ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cnxmwrosae.tmp 360448 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\cnxmwrosae.tmp.info 196 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\ecarnswxom.tmp.info 246 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe 1536 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\hidec.exe.info 128 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\plw32.exe 921600 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\plw32.exe.info 216 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\seaxcornmw.tmp.info 228 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\svchost.exe 128000 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\svchost.exe.info 166 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\SVCLauncher.exe 225280 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\SVCLauncher.exe.info 188 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\vuzesetup.exe.info 116 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\waerxmnsoc.tmp 101376 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\waerxmnsoc.tmp.info 196 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\warmoexnsc.tmp.info 204 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\xonrsmawce.tmp.info 228 bytes

---- EOF - GMER 1.0.15 ----



**************************************************************
* DDS LOG
**************************************************************


DDS (Ver_10-03-17.01) - NTFSx86
Run by dcameron at 16:00:09.81 on 2010-04-01
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2047.1301 [GMT -7:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Genie-Soft\GBMHome8\GBMAgent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Sticky Password\stpass.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Copernic Desktop Search - Home: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand300000081.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [GBMHome8Agent] "c:\program files\genie-soft\gbmhome8\GBMAgent.exe"
uRun: [StickyPassword] c:\program files\sticky password\stpass.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [GBMHome8Agent] "c:\program files\genie-soft\gbmhome8\GBMAgent.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
IE: &Download FLV by WinAVI... - c:\program files\winavi flv converter\flv_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71}
Trusted Zone: line6.net
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1}
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dcameron\applic~1\mozilla\firefox\profiles\epoja46s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\documents and settings\dcameron\application data\lamantine\sticky password\spautofill\components\spAutofill.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-4 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-4 25160]
R2 adc200;Pico Technology ADC-200 Driver;c:\windows\system32\drivers\adc200.sys [2006-10-9 59776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-1-4 723632]
R2 pico;Pico Technology Parallel Port Device Driver;c:\windows\system32\drivers\pico.sys [2006-6-15 9344]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-2-28 87936]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [2007-5-9 107648]
S1 KPSYSDRV;KPSYSDRV;c:\windows\system32\drivers\Kpsysdrv.sys [2008-1-17 17016]
S1 OADevice;OADriver;\??\c:\windows\system32\drivers\oadriver.sys --> c:\windows\system32\drivers\OADriver.sys [?]
S1 OAmon;OAmon;\??\c:\windows\system32\drivers\oamon.sys --> c:\windows\system32\drivers\OAmon.sys [?]
S1 OAnet;OAnet;\??\c:\windows\system32\drivers\oanet.sys --> c:\windows\system32\drivers\OAnet.sys [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 OAcat;Online Armor Helper Service;"c:\program files\tall emu\online armor\oacat.exe" --> c:\program files\tall emu\online armor\OAcat.exe [?]
S2 PICOPP;Pico Technology Ltd USB Driver (picopp.sys);c:\windows\system32\drivers\picopp.sys [2006-6-16 76800]
S2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe --> c:\program files\tall emu\online armor\oasrv.exe [?]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2010-1-9 532992]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2005-12-20 14976]
S3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys --> c:\windows\system32\drivers\l6dp.sys [?]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2006-11-22 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2006-11-22 24576]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-04-01 22:14:26 0 d-----w- c:\temp\AV
2010-04-01 21:39:21 77312 ----a-w- c:\windows\MBR.exe
2010-04-01 21:39:21 261632 ----a-w- c:\windows\PEV.exe
2010-03-31 18:07:31 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-31 13:51:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 13:51:23 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 13:51:23 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-10 14:36:59 3251 ----a-w- c:\windows\system32\wbem\Outlook_01cac05f23fd715e.mof
2010-03-10 06:20:58 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 01:42:53 0 d-----w- c:\program files\PhotoME
2010-03-10 01:42:53 0 d-----w- c:\docume~1\alluse~1\applic~1\PhotoME
2010-03-09 21:05:32 0 d-----w- C:\temp

==================== Find3M ====================

2010-03-09 02:06:40 124931 ----a-w- c:\windows\system32\nvModes.dat
2010-02-25 18:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-04 21:10:10 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-04 18:01:54 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-04 18:01:51 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-04 18:01:50 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-09-08 12:59:45 604 ---ha-w- c:\program files\WSTLL Notifier
2009-05-11 00:47:31 34 ----a-w- c:\program files\ViewPicture.cmd
2006-03-09 23:02:16 0 ----a-w- c:\program files\gditst
2007-03-09 07:12:32 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2007-06-12 00:30:54 88 --sh--r- c:\windows\system32\C3B74DA8B9.sys
2007-06-12 02:12:46 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 16:00:39.64 ===============





***********************************************************************************
* COMBOFIX LOG
***********************************************************************************
ComboFix 10-03-29.04 - dcameron 2010-04-01 14:46:39.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2047.1594 [GMT -7:00]
Running from: c:\downloads\Combo-Fix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Thumbs.db
c:\windows\desktop
c:\windows\desktop\copycat.exe
c:\windows\Fonts\Toneliner.ttf
c:\windows\system32\reboot.txt

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-01 to 2010-04-01 )))))))))))))))))))))))))))))))
.

2010-04-01 08:26 . 2010-04-01 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000458\maindata.sys
2010-03-31 18:07 . 2010-04-01 13:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-31 14:07 . 2010-03-31 14:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-31 13:51 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 13:51 . 2010-03-31 13:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 13:51 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 08:15 . 2010-03-31 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000457\maindata.sys
2010-03-31 01:10 . 2010-03-31 01:10 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2010-03-30 08:23 . 2010-03-30 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000456\maindata.sys
2010-03-29 08:06 . 2010-03-29 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000455\maindata.sys
2010-03-27 08:14 . 2010-03-27 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000454\maindata.sys
2010-03-26 08:08 . 2010-03-26 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000453\maindata.sys
2010-03-25 08:06 . 2010-03-25 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000452\maindata.sys
2010-03-24 08:22 . 2010-03-24 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000451\maindata.sys
2010-03-20 08:23 . 2010-03-20 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000450\maindata.sys
2010-03-19 08:06 . 2010-03-19 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000449\maindata.sys
2010-03-18 08:14 . 2010-03-18 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000448\maindata.sys
2010-03-17 08:06 . 2010-03-17 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000447\maindata.sys
2010-03-16 08:06 . 2010-03-16 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000446\maindata.sys
2010-03-15 08:06 . 2010-03-15 08:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000445\maindata.sys
2010-03-13 09:06 . 2010-03-13 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000444\maindata.sys
2010-03-12 09:06 . 2010-03-12 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000443\maindata.sys
2010-03-11 09:23 . 2010-03-11 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000442\maindata.sys
2010-03-10 09:06 . 2010-03-10 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000441\maindata.sys
2010-03-10 06:20 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 01:42 . 2010-03-10 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoME
2010-03-10 01:42 . 2010-03-10 01:42 -------- d-----w- c:\program files\PhotoME
2010-03-09 21:05 . 2010-03-30 01:05 -------- d-----w- C:\temp
2010-03-09 09:22 . 2010-03-09 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000440\maindata.sys
2010-03-05 09:06 . 2010-03-05 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000439\maindata.sys
2010-03-04 09:06 . 2010-03-04 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000438\maindata.sys
2010-03-03 09:06 . 2010-03-03 09:01 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000437\maindata.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 09:01 . 2008-05-25 18:04 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Full Backup\00000001\maindata.sys
2010-03-11 14:40 . 2006-03-10 12:29 -------- d-----w- c:\documents and settings\dcameron\Application Data\AdobeUM
2010-03-10 19:04 . 2010-02-02 15:09 -------- d-----w- c:\program files\Sticky Password
2010-03-09 02:06 . 2006-02-28 14:23 124931 ----a-w- c:\windows\system32\nvModes.dat
2010-03-03 17:35 . 2006-03-09 22:43 -------- d-----w- c:\program files\SimplyAccounting
2010-03-02 09:01 . 2010-03-02 09:07 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000436\maindata.sys
2010-03-01 09:01 . 2010-03-01 09:06 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000435\maindata.sys
2010-02-27 09:01 . 2010-02-27 09:06 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000434\maindata.sys
2010-02-26 09:01 . 2010-02-26 09:22 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000433\maindata.sys
2010-02-25 09:01 . 2010-02-25 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000432\maindata.sys
2010-02-25 06:24 . 2004-08-11 23:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 14:35 . 2006-03-09 22:10 -------- d-----w- c:\documents and settings\dcameron\Application Data\SolidWorks
2010-02-24 09:01 . 2010-02-24 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000431\maindata.sys
2010-02-23 09:01 . 2010-02-23 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000430\maindata.sys
2010-02-22 09:01 . 2010-02-22 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000429\maindata.sys
2010-02-20 14:55 . 2010-02-20 14:55 -------- d-----w- c:\program files\NCH Software
2010-02-20 14:54 . 2010-02-20 14:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-20 14:54 . 2010-02-20 14:54 -------- d-----w- c:\program files\NCH Swift Sound
2010-02-20 14:54 . 2010-02-20 14:54 -------- d-----w- c:\documents and settings\dcameron\Application Data\NCH Swift Sound
2010-02-20 09:01 . 2010-02-20 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000428\maindata.sys
2010-02-19 09:01 . 2010-02-19 09:09 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000427\maindata.sys
2010-02-18 09:01 . 2010-02-18 09:13 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000426\maindata.sys
2010-02-17 09:01 . 2010-02-17 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000425\maindata.sys
2010-02-16 09:01 . 2010-02-16 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000424\maindata.sys
2010-02-15 09:01 . 2010-02-15 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000423\maindata.sys
2010-02-13 09:01 . 2010-02-13 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000422\maindata.sys
2010-02-12 09:01 . 2010-02-12 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000421\maindata.sys
2010-02-12 02:36 . 2010-02-12 02:36 -------- d-----w- c:\documents and settings\dcameron\Application Data\Apple Computer
2010-02-11 09:01 . 2010-02-11 09:15 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000420\maindata.sys
2010-02-10 09:01 . 2010-02-10 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000419\maindata.sys
2010-02-09 09:01 . 2010-02-09 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000418\maindata.sys
2010-02-08 09:01 . 2010-02-08 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000417\maindata.sys
2010-02-07 17:54 . 2010-02-07 17:53 -------- d-----w- c:\program files\QuickTime
2010-02-07 17:53 . 2010-02-07 17:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-07 17:53 . 2010-02-07 17:53 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 17:52 . 2010-02-07 17:52 -------- d-----w- c:\program files\Apple Software Update
2010-02-07 17:52 . 2010-02-07 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-02-06 09:01 . 2010-02-06 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000416\maindata.sys
2010-02-05 09:01 . 2010-02-05 09:15 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000415\maindata.sys
2010-02-05 03:28 . 2006-03-09 23:00 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-02-04 21:25 . 2009-08-23 00:23 -------- d-----w- c:\program files\CrossLoop
2010-02-04 21:10 . 2010-01-04 23:49 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-02-04 18:01 . 2010-01-04 23:40 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-04 18:01 . 2010-01-04 23:40 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-04 18:01 . 2010-01-04 23:40 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-04 18:01 . 2010-01-04 23:40 134344 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-04 09:01 . 2010-02-04 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000414\maindata.sys
2010-02-03 09:01 . 2010-02-03 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000413\maindata.sys
2010-02-02 15:11 . 2010-02-02 15:11 -------- d-----w- c:\documents and settings\dcameron\Application Data\Lamantine
2010-02-02 09:01 . 2010-02-02 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000412\maindata.sys
2010-02-01 09:01 . 2010-02-01 09:15 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000411\maindata.sys
2010-01-30 09:01 . 2010-01-30 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000410\maindata.sys
2010-01-29 09:00 . 2010-01-29 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000409\maindata.sys
2010-01-28 09:01 . 2010-01-28 09:05 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000408\maindata.sys
2010-01-27 09:01 . 2010-01-27 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000407\maindata.sys
2010-01-26 09:01 . 2010-01-26 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000406\maindata.sys
2010-01-25 09:01 . 2010-01-25 09:13 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000405\maindata.sys
2010-01-23 09:01 . 2010-01-23 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000404\maindata.sys
2010-01-22 09:01 . 2010-01-22 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000403\maindata.sys
2010-01-21 09:01 . 2010-01-21 09:13 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000402\maindata.sys
2010-01-20 09:01 . 2010-01-20 09:09 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000401\maindata.sys
2010-01-19 09:01 . 2010-01-19 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000400\maindata.sys
2010-01-18 09:01 . 2010-01-18 09:13 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000399\maindata.sys
2010-01-16 09:01 . 2010-01-16 09:09 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000398\maindata.sys
2010-01-15 09:01 . 2010-01-15 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000397\maindata.sys
2010-01-14 09:01 . 2010-01-14 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000396\maindata.sys
2010-01-13 09:01 . 2010-01-13 09:09 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000395\maindata.sys
2010-01-12 09:00 . 2010-01-12 09:09 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000394\maindata.sys
2010-01-11 09:01 . 2010-01-11 09:14 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000393\maindata.sys
2010-01-09 09:01 . 2010-01-09 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000392\maindata.sys
2010-01-08 16:02 . 2006-03-09 21:31 83632 ----a-w- c:\documents and settings\dcameron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-08 09:01 . 2010-01-08 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000391\maindata.sys
2010-01-07 09:01 . 2010-01-07 09:09 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000390\maindata.sys
2010-01-06 09:00 . 2010-01-06 09:08 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000389\maindata.sys
2010-01-05 09:00 . 2010-01-05 09:13 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000388\maindata.sys
2010-01-04 09:01 . 2010-01-04 09:10 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000387\maindata.sys
2010-01-02 09:01 . 2010-01-02 09:13 1109 ----a-w- c:\documents and settings\dcameron\Application Data\Genie-soft\GBMHome8\Jobs\Incremental Backup\00000386\maindata.sys
2009-09-08 12:59 . 2009-09-08 12:59 604 ---ha-w- c:\program files\WSTLL Notifier
2009-05-11 00:47 . 2009-05-11 00:46 34 ----a-w- c:\program files\ViewPicture.cmd
2006-03-09 23:02 . 2006-03-09 23:02 0 ----a-w- c:\program files\gditst
2007-03-09 07:12 . 2007-03-09 07:12 27648 --sha-w- c:\windows\system32\AVSredirect.dll
2007-06-12 00:30 . 2007-05-26 13:25 88 --sh--r- c:\windows\system32\C3B74DA8B9.sys
2007-06-12 02:12 . 2007-05-26 05:32 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"StickyPassword"="c:\program files\Sticky Password\stpass.exe" [2009-12-15 2776920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-07 7118848]
"GBMHome8Agent"="c:\program files\Genie-Soft\GBMHome8\GBMAgent.exe" [2008-09-11 189056]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-04 1800464]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=KORGUMDD.DRV

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe"
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe"
"COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"nwiz"=nwiz.exe /installquiet
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"=
"c:\\WINDOWS\\system32\\ntbackup.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
"c:\\Program Files\\Genie-Soft\\GBMHome8\\GBM8.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\{FA0F0A01-4631-4161-A6C2-948BF694382E}\\setup\\hpznui01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqcopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpfcCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpofxs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqfxt08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpqgpc01.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3379:TCP"= 3379:TCP:Remote Desktop 3379
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-01-04 4:40 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-01-04 4:40 PM 25160]
R2 adc200;Pico Technology ADC-200 Driver;c:\windows\system32\drivers\adc200.sys [2006-10-09 59776]
R2 pico;Pico Technology Parallel Port Device Driver;c:\windows\system32\drivers\pico.sys [2006-06-15 9344]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-02-28 7:18 AM 87936]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [2007-05-09 6:26 PM 107648]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 KPSYSDRV;KPSYSDRV;c:\windows\system32\drivers\Kpsysdrv.sys [2008-01-17 7:19 AM 17016]
S1 OADevice;OADriver;\??\c:\windows\system32\drivers\OADriver.sys --> c:\windows\system32\drivers\OADriver.sys [?]
S1 OAmon;OAmon;\??\c:\windows\system32\drivers\OAmon.sys --> c:\windows\system32\drivers\OAmon.sys [?]
S1 OAnet;OAnet;\??\c:\windows\system32\drivers\OAnet.sys --> c:\windows\system32\drivers\OAnet.sys [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 9:32 PM 7552]
S2 OAcat;Online Armor Helper Service;"c:\program files\Tall Emu\Online Armor\OAcat.exe" --> c:\program files\Tall Emu\Online Armor\OAcat.exe [?]
S2 PICOPP;Pico Technology Ltd USB Driver (picopp.sys);c:\windows\system32\drivers\picopp.sys [2006-06-16 76800]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe --> c:\program files\Tall Emu\Online Armor\oasrv.exe [?]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [2010-01-09 2:05 PM 532992]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;c:\windows\system32\drivers\KORGUMDS.SYS [2005-12-20 1:07 AM 14976]
S3 L6DP;L6DP;c:\windows\system32\Drivers\l6dp.sys --> c:\windows\system32\Drivers\l6dp.sys [?]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [2006-11-22 7:46 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [2006-11-22 7:46 PM 24576]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 7:01 AM 2799808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\GBM - Full Backup-Full.job
- c:\program files\Genie-Soft\GBMHome8\GBM8.exe [2008-06-27 12:28]

2010-04-01 c:\windows\Tasks\GBM - Incremental Backup-Full.job
- c:\program files\Genie-Soft\GBMHome8\GBM8.exe [2008-06-27 12:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Connection Wizard,ShellNext = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download FLV by WinAVI... - c:\program files\WinAVI FLV Converter\flv_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: line6.net
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000}
FF - ProfilePath - c:\documents and settings\dcameron\Application Data\Mozilla\Firefox\Profiles\epoja46s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\documents and settings\dcameron\Application Data\Lamantine\Sticky Password\spAutofill\components\spAutofill.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
AddRemove-PreSonus 1394 Audio Driver V1.20.0 (FIREPOD) Setup - c:\program files\PreSonus\1394AudioDriver_FIREPOD\uninst.exe Software\PreSonus\1394AudioDriver_FIREPOD\Setup
AddRemove-_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-01 15:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3581864919-1622298308-2766671287-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iacikaomlohnflalmk"=hex:6a,61,64,70,6e,64,6b,6e,62,6d,68,63,6d,64,66,70,6c,67,
67,6b,00,09
"haiidpdghjfhpghb"=hex:69,61,64,70,67,67,6e,67,67,6f,6e,61,70,6a,66,6b,6e,69,
00,00
"haglankejkmlmaco"=hex:65,62,66,69,62,63,65,62,61,69,64,69,6b,68,62,63,69,63,
6e,66,64,6d,6e,61,63,6c,66,62,6b,67,6d,6d,6c,64,6b,6e,6b,68,69,6e,68,61,00,\
"haglankelioleeap"=hex:64,62,67,70,6b,63,6b,63,66,6f,63,6b,65,66,6a,6a,61,66,
6f,70,67,6c,6a,69,6d,66,66,6f,69,68,63,6f,61,6f,6c,64,63,6f,62,6c,00,61

[HKEY_USERS\S-1-5-21-3581864919-1622298308-2766671287-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hakegkepbghbfiel"=hex:61,61,00,00
"hakegkeplffolmkh"=hex:61,61,00,00
"iaoddaiaeflcbomena"=hex:69,61,6f,61,63,6c,6f,70,62,69,66,6c,69,6f,69,70,6f,63,
00,00
"haecfblldaeehjok"=hex:69,61,6f,61,63,6c,6f,70,62,69,66,6c,69,6f,69,70,6f,63,
00,00

[HKEY_USERS\S-1-5-21-3581864919-1622298308-2766671287-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{518622E2-E252-598E-2A04-41D1AD2F28C9}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iadkhlmnmdlikppbkh"=hex:6b,61,68,6e,6c,6f,66,6a,6e,6c,64,62,64,6c,6d,63,66,6a,
68,65,67,61,00,00
"hajknklmffmbakih"=hex:6b,61,68,6e,6c,6f,66,6a,6e,6c,64,62,64,6c,6d,63,66,6a,
68,65,67,61,00,00

[HKEY_USERS\S-1-5-21-3581864919-1622298308-2766671287-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajdbndfpadmeadcbd"=hex:6a,61,6e,65,69,68,6c,6e,70,64,6c,70,6a,67,66,70,6f,65,
6f,6f,00,0c
"hahehpbfoienoelj"=hex:6a,61,6e,65,6b,68,66,6f,65,62,6b,66,6c,66,65,70,6b,68,
62,66,00,00
"hanafgdbbkdmbabf"=hex:65,62,65,65,6d,6f,6f,63,62,62,69,6f,63,68,63,6b,6a,6c,
64,6f,63,68,66,63,67,6f,68,67,6c,61,6d,6f,6a,6f,69,66,6a,6b,62,70,62,67,00,\
"hanafgdbpoefnlcd"=hex:64,62,6e,65,6d,69,6e,69,70,6a,6a,62,64,6a,64,66,6f,66,
69,70,6b,6c,65,69,6a,6e,61,6c,69,6f,6c,63,67,70,6b,61,67,63,6d,69,00,67

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{3FEF1413-3316-6AD0-9A57-C2C421C51AC8}\InProcServer32*]
"jaeijflmndakojhmkpda"=hex:6a,61,64,70,6e,64,6b,6e,62,6d,68,63,6d,64,66,70,6c,
67,67,6b,00,09
"iaeidpbcedpjikmnfj"=hex:6a,61,64,70,6f,64,70,67,69,6b,6a,6c,6d,66,63,69,62,61,
69,68,00,81
"iaeifgnkghgliceddb"=hex:65,62,66,69,62,63,65,62,61,69,64,69,6b,68,62,63,69,63,
6e,66,64,6d,6e,61,63,6c,66,62,6b,67,6d,6d,6c,64,6b,6e,6b,68,69,6e,68,61,00,\
"iaeifgnkghmkgcmfhn"=hex:64,62,67,70,6b,63,6b,63,66,6f,63,6b,65,66,6a,6a,61,66,
6f,70,67,6c,6a,69,6d,66,66,6f,69,68,63,6f,61,6f,6c,64,63,6f,62,6c,00,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4970B2A3-1DDA-A3CF-C136-B061C4125D1D}\InProcServer32*]
"jaidcaeihbciidpobjmk"=hex:69,61,6f,61,63,6c,6f,70,62,69,66,6c,69,6f,69,70,6f,
63,00,00
"iaidiabpaclkclicol"=hex:69,61,6f,61,63,6c,6f,70,62,69,66,6c,69,6f,69,70,6f,63,
00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{9363222F-FF0F-C0AA-581F-FFBAA4A2E0D0}\InProcServer32*]
"jadeinbphflbkbockiil"=hex:6a,61,6e,65,69,68,6c,6e,70,64,6c,70,6a,67,66,70,6f,
65,6f,6f,00,0c
"iadecneniphbkjaonk"=hex:6a,61,6e,65,6b,68,66,6f,65,62,6b,66,6c,66,65,70,6b,68,
62,66,00,00
"iadeeoielofkjppijk"=hex:65,62,65,65,6d,6f,6f,63,62,62,69,6f,63,68,63,6b,6a,6c,
64,6f,63,68,66,63,67,6f,68,67,6c,61,6d,6f,6a,6f,69,66,6a,6b,62,70,62,67,00,\
"iadeeoielohkladebf"=hex:64,62,6e,65,6d,69,6e,69,70,6a,6a,62,64,6a,64,66,6f,66,
69,70,6b,6c,65,69,6a,6e,61,6c,69,6f,6c,63,67,70,6b,61,67,63,6d,69,00,67

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\ **]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(588)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3088)
c:\windows\system32\WININET.dll
c:\program files\Sticky Password\spCapBtn.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\basfipm.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Apoint\HidFind.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-04-01 15:07:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-01 22:07
ComboFix2.txt 2009-04-21 00:39

Pre-Run: 9,027,481,600 bytes free
Post-Run: 10,240,385,024 bytes free

- - End Of File - - AF972473E1880917AABF5D65AF62BD95





BC AdBot (Login to Remove)

 


#2 GoingALittleCrazy

GoingALittleCrazy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 03 April 2010 - 11:03 AM

did a bunch of things, and appears to be fixed.

#3 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:48 PM

Posted 05 April 2010 - 06:16 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad we could help smile.gif
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users