Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Long Story About My Laptop...


  • Please log in to reply
14 replies to this topic

#1 .-=m1k3y=-.

.-=m1k3y=-.

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 23 March 2007 - 03:23 PM

[color=#FF0000] Well to cut a long story short im 13 years old i live in england and i had a laptop for christmas and my laptop one day started to go slow. I posted on the technology section of the forum (you might want to check that post for some info on me... http://www.gamerenders.com/forum/index.php...8899&st=30) anyway he told me to download hijack this and adaware and spybot search and destroy well i did it all before and i did it again just to be sure didnt do anything still getting the same popups and everything still going slow. But as i was logging back on from safe mode (i was in that because i was told it was safer to delete viruses when in safe mode ) anyway when i logged back in my lapop looked like this Posted Imagehttps://ssl-proxy-updated.herokuapp.com/3b8c241003e75a39be22e66076e300ccee6a031a/687474703a2f2f696d673434322e696d616765736861636b2e75732f696d673434322f3739312f68656c70313030307567382e706e67/ its gone into ME mode from XP :S

now i just dont know what to do ??? plz help dont speak all technicy stuff as well im quite good at computers (half a gcse in i.t in year 5) but cba with it at the mo with yr9 SATS comeing up plz help me sorry forgot to add this its my hijackthis log :D hope it helps
Logfile of HijackThis v1.99.1
Scan saved at 20:29:11, on 23/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\BitLord\BitLord.exe
C:\Documents and Settings\mike\My Documents\My Received Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1459C863-6F01-4008-A93A-089B90B436Fe} - C:\WINDOWS\system32\gqlmkvcr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\mswlnswo.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mike\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Edited by .-=m1k3y=-., 23 March 2007 - 03:32 PM.


BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 23 March 2007 - 04:27 PM

Welcome to the BleepingComputer HijackThis forum .-=m1k3y=-. :thumbsup:

Please make sure all hidden files are showing:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading select 'Show hidden files and folders'.
* Uncheck the 'Hide file extensions for known types' option.
* Uncheck the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

*******************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions very carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Note:
If you have any problems running the update process prior to running the scan,download/install the 'Full Database' from here:
http://download.ewido.net/avgas-signatures-full-current.exe

Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O2 - BHO: (no name) - {1459C863-6F01-4008-A93A-089B90B436Fe} - C:\WINDOWS\system32\gqlmkvcr.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\mswlnswo.dll",setvm


Find and delete if present:
C:\WINDOWS\system32\gqlmkvcr.dll
C:\WINDOWS\system32\mswlnswo.dll

Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

*******************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Post the AVG Anti Spyware report,the C:\ComboFix.txt,and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#3 .-=m1k3y=-.

.-=m1k3y=-.
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 23 March 2007 - 04:33 PM

kk i will try it havent git my printer withme have to writr it down or take coupleof screenies ty i will try that :D

#4 .-=m1k3y=-.

.-=m1k3y=-.
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2007 - 06:07 AM

Ok here we go here are the logs :thumbsup:


Combo Fix Log

"mike" - 07-03-24 10:43:59 Service Pack 2
ComboFix 07-03-23 - Running from: "C:\Documents and Settings\mike\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\mike\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\DOCUME~1\mike\APPLIC~1.\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\DOCUME~1\mike\APPLIC~1.\searchtoolbarcorp
C:\Program Files\vsadd-in


((((((((((((((((((((((((((((((( Files Created from 2007-02-24 to 2007-03-24 ))))))))))))))))))))))))))))))))))


2007-03-24 09:47 <DIR> d-------- C:\WINDOWS\CSC
2007-03-24 09:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-03-23 16:41 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-03-21 17:29 76,412 --a------ C:\WINDOWS\system32\onnqbdfo.dll
2007-03-21 17:28 765,740 ---hs---- C:\WINDOWS\system32\hgjlm.bak2
2007-03-21 16:01 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-03-21 16:01 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-03-21 16:01 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-03-21 16:00 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-03-21 16:00 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-03-21 16:00 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-03-21 16:00 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-03-21 16:00 <DIR> d-------- C:\Program Files\Alwil Software
2007-03-20 20:06 88,340 --a------ C:\WINDOWS\system32\gdkdnoxx.exe
2007-03-19 19:40 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\Lavasoft
2007-03-19 18:55 <DIR> d-------- C:\WINDOWS\pss
2007-03-19 18:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-03-19 17:48 48,660 --a------ C:\WINDOWS\system32\hkrggnsr.dll
2007-03-19 17:43 <DIR> d-------- C:\VundoFix Backups
2007-03-19 17:07 <DIR> d-------- C:\d53c83d2269f6ccd94ae95d4b61e
2007-03-19 16:32 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-03-19 16:29 <DIR> d-------- C:\2a3fc6067c5cfb8e9d7c29
2007-03-18 20:51 123,412 --a------ C:\WINDOWS\system32\mswlnswo.dll
2007-03-18 16:45 132,116 --a------ C:\WINDOWS\system32\jakiadfw.dll
2007-03-18 12:08 132,116 --a------ C:\WINDOWS\system32\rslggfco.dll
2007-03-17 20:48 <DIR> d-------- C:\Program Files\vso
2007-03-17 20:00 <DIR> d-------- C:\Program Files\Common Files\SystemRequirementsLab
2007-03-17 19:59 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\System Requirements Lab
2007-03-17 16:47 132,116 --a------ C:\WINDOWS\system32\sdycrbhn.dll
2007-03-17 15:35 132,116 --a------ C:\WINDOWS\system32\ysovyidw.dll
2007-03-17 13:42 87,608 --a------ C:\DOCUME~1\mike\APPLIC~1\ezpinst.exe
2007-03-17 13:42 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-03-17 13:42 47,360 --a------ C:\DOCUME~1\mike\APPLIC~1\pcouffin.sys
2007-03-17 13:42 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\Vso
2007-03-17 13:14 132,116 --a------ C:\WINDOWS\system32\pfldjslv.dll
2007-03-17 11:21 132,116 --a------ C:\WINDOWS\system32\wnpaprun.dll
2007-03-16 19:13 <DIR> d-------- C:\Program Files\SpacialAudio
2007-03-16 09:56 72,496 --a------ C:\WINDOWS\system32\drivers\khips.sys
2007-03-16 09:56 302,000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2007-03-15 20:09 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\Screenshot Sender
2007-03-10 22:56 131,604 --a------ C:\WINDOWS\system32\tddgvcjm.dll
2007-03-09 19:26 131,604 --a------ C:\WINDOWS\system32\ypmakgio.dll
2007-03-06 17:09 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-03-06 16:14 <DIR> d-------- C:\Program Files\CCleaner
2007-03-05 17:08 <DIR> d-------- C:\Extras
2007-03-05 17:08 <DIR> d-------- C:\Autorun
2007-03-04 19:44 <DIR> d---s---- C:\Program Files\Xfire
2007-03-04 15:59 <DIR> d-------- C:\Program Files\THQ
2007-03-04 15:56 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\InstallShield
2007-03-03 20:38 1,168 --a------ C:\WINDOWS\mozver.dat
2007-03-03 13:47 <DIR> d-------- C:\Program Files\RegistryPatrol3.0
2007-03-03 12:58 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-03-03 11:26 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\PC Tools
2007-02-28 20:26 282,164 --a------ C:\WINDOWS\system32\mljgh.dll.vir
2007-02-28 20:11 <DIR> d-------- C:\Program Files\PFG
2007-02-28 19:38 286,720 --------- C:\WINDOWS\Setup1.exe
2007-02-28 19:37 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-02-25 19:30 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2007-02-25 19:30 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-02-24 19:07 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-02-24 19:07 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll
2007-02-24 19:07 323,584 --a------ C:\WINDOWS\system32\FoxImager.dll
2007-02-24 19:07 1,101,824 --a------ C:\WINDOWS\system32\NMSDVDXU.dll
2007-02-24 19:07 <DIR> d-------- C:\Program Files\Cheetah Burner
2007-02-24 18:59 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\DeepBurner Pro
2007-02-24 18:14 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-02-24 13:20 <DIR> d-------- C:\DOCUME~1\mike\APPLIC~1\Atari
2007-02-24 10:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-02-24 10:14 <DIR> d-------- C:\Program Files\Virtual Villagers - The Lost Children
2007-02-24 10:14 <DIR> d-------- C:\Program Files\BFG


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-03-23 18:58 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\xfire
2007-03-23 17:58 -------- d-------- C:\Program Files\wolfenstein - enemy territory
2007-03-23 15:30 -------- d-------- C:\Program Files\windows live toolbar
2007-03-20 16:40 -------- d-------- C:\Program Files\bitlord
2007-03-18 19:56 -------- d-------- C:\Program Files\msn messenger
2007-03-18 19:56 -------- d-------- C:\Program Files\messenger plus! live
2007-03-17 20:48 34 --a------ C:\DOCUME~1\mike\APPLIC~1\pcouffin.log
2007-03-17 20:48 1144 --a------ C:\DOCUME~1\mike\APPLIC~1\pcouffin.inf
2007-03-17 20:48 1074 --a------ C:\DOCUME~1\mike\APPLIC~1\pcouffin.cat
2007-03-10 11:54 -------- d-------- C:\Program Files\shortkeys2
2007-03-04 15:59 -------- d--h----- C:\Program Files\installshield installation information
2007-03-03 21:00 74 --ah----- C:\WINDOWS\uce.dat
2007-03-03 13:47 -------- d-------- C:\Program Files\Common Files\ahead
2007-03-03 13:32 -------- d-------- C:\Program Files\microsoft works
2007-02-28 20:05 -------- d-------- C:\Program Files\Common Files\download manager
2007-02-22 15:15 -------- d-------- C:\Program Files\novalogic
2007-02-21 18:43 0 --a------ C:\WINDOWS\nsreg.dat
2007-02-17 19:37 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-02-17 04:06 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\bang
2007-02-16 22:16 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\ulead systems
2007-02-16 15:45 -------- d-------- C:\Program Files\newtech infosystems
2007-02-16 15:10 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\apple computer
2007-02-15 09:07 -------- d-------- C:\Program Files\Common Files\stardock
2007-02-14 22:01 218624 --a------ C:\WINDOWS\system32\uxtheme.dll
2007-02-14 21:42 -------- d-------- C:\Program Files\stardock
2007-02-13 12:52 -------- d-------- C:\Program Files\Common Files\real
2007-02-13 11:05 -------- d-------- C:\Program Files\real
2007-02-13 09:39 -------- d-------- C:\Program Files\alcohol soft
2007-02-13 09:35 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-02-12 09:37 -------- d-------- C:\Program Files\bittorrent
2007-02-11 22:13 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-02-11 21:23 -------- d-------- C:\Program Files\symantec
2007-02-09 18:30 -------- d-------- C:\Program Files\nero
2007-02-09 17:42 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\opera
2007-02-09 11:12 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\gtk-2.0
2007-02-08 20:46 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\real
2007-02-08 20:46 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\media player classic
2007-02-08 20:28 -------- d-------- C:\Program Files\real alternative
2007-02-08 20:18 -------- d-------- C:\Program Files\media player classic
2007-02-04 21:31 -------- d-------- C:\Program Files\cdburnerxp pro 3
2007-01-29 18:15 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\winrar
2007-01-29 17:09 -------- d-------- C:\Program Files\epson
2007-01-28 14:56 -------- d-------- C:\DOCUME~1\mike\APPLIC~1\bittorrent
2007-01-26 18:46 -------- d-------- C:\Program Files\Common Files\installshield
2007-01-24 16:12 28400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-10 20:54 58952 --a------ C:\WINDOWS\system32\msgplusloader.dll
2007-01-08 19:01 17408 --a------ C:\WINDOWS\system32\corpol.dll
2007-01-02 14:46 1024 -r-h----- C:\WINDOWS\system32\ntibun4.dll
2007-01-02 14:45 150 --a------ C:\AUTOEXEC.BAT
2007-01-02 14:43 1024 -r-h----- C:\WINDOWS\system32\ntimpeg2.dll
2007-01-02 14:43 1024 -r-h----- C:\WINDOWS\system32\ntimp3.dll
2007-01-02 14:43 1024 -r-h----- C:\WINDOWS\system32\ntifcd3.dll
2007-01-02 14:43 1024 -r-h----- C:\WINDOWS\system32\nticdmk7.dll
2006-12-29 21:46 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
"igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"2chkdsk"="rundll32.exe \"C:\\WINDOWS\\system32\\mswlnswo.dll\",setvm"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"0aMCPClient"="{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\Z]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{33002f2c-6b06-11db-9055-0015af0e4522}]
Shell\AutoRun\command winshell110.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e458190b-77ff-11db-ba0b-806d6172696f}]
Shell\AutoRun\command D:\Setup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job


********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-24 10:49:42


HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 11:00:28, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mike\My Documents\My Received Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1459C863-6F01-4008-A93A-089B90B436Fe} - C:\WINDOWS\system32\gqlmkvcr.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\mswlnswo.dll",setvm
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mike\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


AVG Scan

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:26:28 24/03/2007

+ Scan result:



C:\System Volume Information\_restore{4BF2C15B-24E1-4387-A592-E87432727BAE}\RP9\A0001605.dll -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\efcbcdb.dll.bad -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\nnnllkk.dll.bad -> Adware.Virtumonde : Cleaned.
C:\VundoFix Backups\qommjgh.dll.bad -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\system32\nnnllkk.dll.vir -> Adware.Virtumonde : Cleaned.
C:\Program Files\PFG\PFG.006 -> Not-A-Virus.Monitor.Win32.Ardamax.o : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@7search[2].txt -> TrackingCookie.7search : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@cpvfeed[3].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{4BF2C15B-24E1-4387-A592-E87432727BAE}\RP1\A0000012.dll -> Trojan.Agent.acl : Cleaned.


::Report end




I hope these logs help :flowers:

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2007 - 07:07 AM

Download Avenger from the link below:
http://swandog46.geekstogo.com/avenger.zip
Unzip/extract it to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste ALL the following bold blue text in the Quote box below:

Files to delete:
C:\WINDOWS\system32\onnqbdfo.dll
C:\WINDOWS\system32\hgjlm.bak2
C:\WINDOWS\system32\gdkdnoxx.exe
C:\WINDOWS\system32\hkrggnsr.dll
C:\WINDOWS\system32\mswlnswo.dll
C:\WINDOWS\system32\jakiadfw.dll
C:\WINDOWS\system32\rslggfco.dll
C:\WINDOWS\system32\sdycrbhn.dll
C:\WINDOWS\system32\ysovyidw.dll
C:\WINDOWS\system32\pfldjslv.dll
C:\WINDOWS\system32\wnpaprun.dll
C:\WINDOWS\system32\tddgvcjm.dll
C:\WINDOWS\system32\ypmakgio.dll
C:\WINDOWS\system32\mljgh.dll.vir

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Post the Avenger output.txt, which you can find at C:\Avenger\.txt into your next reply.

***************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

***************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {1459C863-6F01-4008-A93A-089B90B436Fe} - C:\WINDOWS\system32\gqlmkvcr.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\mswlnswo.dll",setvm

Exit Hijackthis.

Restart your pc please.
Post the Avenger output.txt,the C:\vundofix.txt,and a new Hijackthis log into your next reply please.

Please make sure you post you reply using regular black text,red makes it hard on the eyes,thanks.
Posted Image
Posted Image

#6 .-=m1k3y=-.

.-=m1k3y=-.
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2007 - 08:31 AM

Right here are the logs, although vundofix didnt find anything so no output txt sorry :thumbsup:

Avenger Log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wmgbaljp

*******************

Script file located at: \??\C:\Documents and Settings\nsbagmgt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\onnqbdfo.dll deleted successfully.
File C:\WINDOWS\system32\hgjlm.bak2 deleted successfully.
File C:\WINDOWS\system32\gdkdnoxx.exe deleted successfully.
File C:\WINDOWS\system32\hkrggnsr.dll deleted successfully.
File C:\WINDOWS\system32\mswlnswo.dll deleted successfully.
File C:\WINDOWS\system32\jakiadfw.dll deleted successfully.
File C:\WINDOWS\system32\rslggfco.dll deleted successfully.
File C:\WINDOWS\system32\sdycrbhn.dll deleted successfully.
File C:\WINDOWS\system32\ysovyidw.dll deleted successfully.
File C:\WINDOWS\system32\pfldjslv.dll deleted successfully.
File C:\WINDOWS\system32\wnpaprun.dll deleted successfully.
File C:\WINDOWS\system32\tddgvcjm.dll deleted successfully.
File C:\WINDOWS\system32\ypmakgio.dll deleted successfully.
File C:\WINDOWS\system32\mljgh.dll.vir deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 13:21:17, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\mike\My Documents\My Received Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customi...fo/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\mike\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.pcservicecall.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe


P.S Sorry about the red writing, also none of this has fixed my Xp to Me Version of Windows change thats what i mostly want back the pop-ups seem to have stopped but i was posting my problems on a different forum and they said something like there version of windows going from Xp to Me happened to them and he said that some of my OS files might be corrupted dont know whether that means anything to you ?

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2007 - 11:25 AM

Your log is clean :thumbsup:
If all's ok,please do the following:

* Click 'Start'.
* Open 'My Computer'.
* Select the 'Tools' menu and click 'Folder Options'.
* Select the 'View' tab.
* Under the 'Hidden files and folders' heading unselect 'Show hidden files and folders'.
* Re-check the 'Hide file extensions for known types' option.
* Re-check the 'Hide protected operating system files (recommended)' option.
* Click Yes to confirm.
* Click OK.

Clear your 'System Restore' points by doing the following:
Right-click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Select 'Turn Off System Restore On All Drives'.
Select 'Apply'.
You will then get the following warning:
"You have chosen to turn off System Restore.
If you continue,all existing restore points will be deleted,and you will not be able to track or undo changes to your computer.
Do you want to turn off System Restore?".
Then select 'Yes',your 'System Restore' directories will be purged.

Turn 'System Restore' back on:
Right click on 'My Computer' and select 'Properties'.
Select 'System Restore'.
Unselect 'Turn Off System Restore On All Drives'.
Select 'Apply',then click 'Ok'.

Create a new 'System Restore' point:
Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description,then click on 'Create',then click 'Close'.
The date and time is created automatically.

Read through the information found here,to help you prevent any possible future infections.
Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Please Note:
Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6.0'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Online Installation, Multi-language' and save to your desktop.
7. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
8. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
9. Click the Change/Remove button.
10. Repeat as many times as necessary to remove each Java versions.
11. Reboot your computer once all Java components are removed.
12. Then from your desktop double-click on jre-6-windows-i586-iftw.
13. Allow it access to the internet,follow any prompts,it should install the latest version automatically.

none of this has fixed my Xp to Me Version of Windows change thats what i mostly want back

I'm sorry but i haven't got a clue what you're referring to,can you explain in as much detail as possible please.
Posted Image
Posted Image

#8 .-=m1k3y=-.

.-=m1k3y=-.
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2007 - 11:31 AM

i was on another forum posting about my problem of my laptop slwing down and i downloaded adaware and AVG but after it didnt do anything so i unistalled them using the add/or remove prgrams in contorl panel and when it prompted me to restart my laptop is said ok when is restarted is came on as an ME theme so i then went into control panel to change my theme but i went into the contorl panel into display and there were no XP themes just the classical Me Themes and before i was running Xp now it seems like im running ME, on the other forum some1 said that they had had the same problem they said there might be something wrong with me OS files like they were corupted or something so i have no idea on what to do i cant use system restor becasue i disabled that (due to some1 trying to help me get rid of viruses) so im tottalky stuck so i dont want to create a new system restore point until i have my XP theme up and running please help :thumbsup:

Edited by .-=m1k3y=-., 24 March 2007 - 11:33 AM.


#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2007 - 11:57 AM

Download the file attached below to your desktop.
Then unzip it to the C:\WINDOWS folder overwriting/replacing your present 'Resources' folder.
Restart when you've finished,you should now have the XP style available in 'Display Properties'.

Edited by RichieUK, 24 March 2007 - 12:01 PM.

Posted Image
Posted Image

#10 .-=m1k3y=-.

.-=m1k3y=-.
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 25 March 2007 - 03:57 AM

sorry did exactly as you said but nothing hapened apart from the background changed so i decided to click on browse in the themes and i clicked on celestial theme it came up with an error

"The theme could not be loaded becasue the theme service is not running. You can turn this on in the Computer Management Tool in the Control Panel

C:\WINDOWS\Recources\Themes\Celestial.Theme " that is exactly what it said im gonna do a google search but please post your answer ?? :thumbsup:

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 25 March 2007 - 04:44 AM

"The theme could not be loaded becasue the theme service is not running.


Click on Start>Run and type Services.msc then hit Ok.
Scroll down and find the service called:
Themes
When you find it, double-click on it.
In the next window that opens, click the 'Start' button.
Then change the 'Startup Type:' to 'Automatic'.
Now press Apply and then Ok and close any open windows,restart your pc.
Posted Image
Posted Image

#12 .-=m1k3y=-.

.-=m1k3y=-.
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 25 March 2007 - 10:48 AM

Thank you very much this time it has worked :D just wondering for future reference how do i go back to a system point i have made ?

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 25 March 2007 - 01:27 PM

You're welcome :thumbsup:

just wondering for future reference how do i go back to a system point i have made ?

You should read through the information in the link below.
Windows XP System Restore Is Easy to Use:
http://www.microsoft.com/windowsxp/using/h...ew_03may19.mspx

Edited by RichieUK, 25 March 2007 - 01:28 PM.

Posted Image
Posted Image

#14 .-=m1k3y=-.

.-=m1k3y=-.
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 26 March 2007 - 10:27 AM

The Thing is ive been upgraded to 8MB right but when i download something like a file off the net then sometimes its going at like 1000kb+ and sometimes it goes like 80kb or less and i dont know why i have the same prgrmas running i just dont know whats happening

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 26 March 2007 - 01:18 PM

Well your log is clean,if you're experiencing other problems i suggest you start a new topic here:
Windows XP Home and Professional:
http://www.bleepingcomputer.com/forums/f/56/windows-xp-home-and-professional/
Give as much detail as possible regarding any problems,you might also want to post a link to this topic as well if you think that would help.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users