Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
14 Posts
Discussion Starter · #1 ·
I have AVG and it keeps detecting Win32/Heur whenever I open a new window (both in XP and IE7). The file name is C:\windows\system32\browselck.dll, the process name is C:\WINDOWS\Explorer.EXE, and the process ID is 512.

I ran a scan using AVG and it also found C:\windows\system32\browselck.dll.bak and several ActiveX entries in the registry.

Here are my computers specs and the HJT log. Any help would be appreciated.

Dell Inspiron B130 laptop
Windows XP home sp2
Celeron M 1.4 Ghz processor
248 Mb RAM
Internet Explorer 7

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:29 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F06A8C5-7E7F-4284-AAA1-9F8A6DCB25CF} - C:\WINDOWS\system32\colbacti.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BE20FE80-2F8F-4563-9860-C2FE34A9B3DF} - c:\windows\system32\browselck.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [i0h08zocwuda] C:\WINDOWS\system32\i0h08zocwuda.exe
O4 - HKLM\..\Run: [ErrorSmart] "C:\Program Files\ErrorSmart\ErrorSmart.exe" -boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e73654b6ab0a48d895adc9182fd930c6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e73654b6ab0a48d895adc9182fd930c6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dafedddecafbaf - C:\WINDOWS\system32\dafedddecafbaf.dll (file missing)
O20 - Winlogon Notify: pktfcpvd - C:\WINDOWS\SYSTEM32\browselck.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7184 bytes
 

·
Registered
Joined
·
9,113 Posts
Welcome to TSG :)

Do you do any online banking from this computer???

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #3 ·
Here are my computers specs, along with the ComboFix log and the new HJT log. Thank you for any help you can give me.

Dell Inspiron B130 laptop
Windows XP home sp2
Celeron M 1.4 Ghz processor
248 Mb RAM
Internet Explorer 7

-----ComboFix log-----

ComboFix 08-03-10.1 - Ken Trader 2008-03-11 15:59:26.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.58 [GMT -7:00]
Running from: C:\Documents and Settings\Ken Trader\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Ken Trader\err.log
C:\WINDOWS\system32\appcert
C:\WINDOWS\system32\browselck.dll
C:\WINDOWS\system32\colbacti.dll
C:\WINDOWS\system32\drivers\eimwwbnn.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_DAFGJVVQ
-------\LEGACY_EFFKHTLT
-------\LEGACY_FOPN
-------\dafgjvvq
-------\effkhtlt

((((((((((((((((((((((((( Files Created from 2008-02-11 to 2008-03-11 )))))))))))))))))))))))))))))))
.

2008-03-09 20:54 . 2008-03-09 20:54 d-------- C:\WINDOWS\WinRAR
2008-03-09 09:44 . 2008-03-09 09:45 d-------- C:\HijackThis
2008-03-06 21:35 . 2008-03-06 21:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-03-02 21:53 . 2004-08-04 00:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-02 21:51 . 2008-03-02 21:51 d-------- C:\Program Files\MP3 Player Utilities 4.13
2008-03-02 15:03 . 2008-03-11 11:29 d-------- C:\Downloads
2008-03-02 15:02 . 2008-03-02 20:54 d-------- C:\Program Files\BitComet
2008-03-02 14:59 . 2008-03-02 14:59 d-------- C:\BitComet
2008-03-02 00:25 . 2008-03-02 00:25 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-03-02 00:25 . 2008-03-02 00:25 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-03-02 00:25 . 2008-03-02 00:25 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-03-02 00:25 . 2008-03-02 00:25 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-02 00:24 . 2008-03-05 13:09 d-------- C:\WINDOWS\system32\drivers\Avg
2008-03-02 00:24 . 2008-03-02 00:24 d-------- C:\Program Files\AVG
2008-03-02 00:24 . 2008-03-02 00:24 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-01 23:01 . 2008-03-01 23:01 d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-01 23:01 . 2008-03-01 23:52 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 22:58 . 2008-03-01 22:59 d-------- C:\spybot
2008-02-28 11:56 . 2007-12-26 02:15 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-28 11:56 . 2006-02-21 07:41 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-26 22:07 . 2008-02-26 22:07 d--hs---- C:\found.000
2008-02-14 21:09 . 2008-03-01 18:10 d-------- C:\Program Files\Microsoft Silverlight
2008-02-12 03:50 . 2008-03-01 23:51 d-------- C:\Program Files\ErrorSmart
2008-02-11 23:41 . 2008-02-12 15:31 d-------- C:\Documents and Settings\Ken Trader\Application Data\ErrorSmart
2008-02-11 15:02 . 2008-02-13 19:05 1,374 --a------ C:\WINDOWS\imsins.BAK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 04:38 --------- d-----w C:\Program Files\Google
2008-03-05 20:00 --------- d-----w C:\Program Files\Dell
2008-02-27 05:04 --------- d-----w C:\Program Files\Desktop Maestro
2008-02-14 17:47 --------- d-----w C:\Program Files\Netscape Internet Service
2008-02-14 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
2008-02-11 06:29 --------- d-----w C:\Program Files\Privacy Guardian
2008-02-11 06:29 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\Spam Monitor
2008-02-11 06:22 --------- d-----w C:\Program Files\Common Files\CryptDrive
2008-02-11 06:18 671,744 ----a-w C:\WINDOWS\isRS-000.tmp
2008-02-10 17:07 --------- d-----w C:\Program Files\Verizon Wireless
2008-02-09 22:01 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\Uniblue
2008-02-09 21:45 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\RegSweep
2008-02-09 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-09 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-02-08 04:58 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\AdobeUM
2008-02-07 07:23 --------- d-----w C:\Program Files\mail.com
2008-02-05 07:43 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\CryptDrive
2008-02-04 22:48 --------- d-----w C:\Program Files\File Recover
2008-02-02 06:52 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-02-02 03:01 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\PCToolsFirewallPlus
2008-02-02 02:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-01 20:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\CryptDrive
2008-01-27 04:44 --------- d-----w C:\Program Files\QuickTime
2008-01-26 07:30 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\CyberLink
2008-01-23 20:59 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\Apple Computer
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-14 04:07 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\Desktop Mechanic
2008-01-14 02:05 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\PrivacyConductor
2008-01-14 01:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\PrivacyConductor
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-31 03:31 2,122,028 ----a-w C:\Program Files\Windows Defender.zip
2007-12-22 17:35 246,545 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-12-22 17:35 1,188,375 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-17 10:06 14,198,497 ----a-w C:\WINDOWS\system32\drivers.zip
2007-12-17 09:04 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0391AAD0-AB5A-4338-B6DC-BB8405EB1C58}]
C:\WINDOWS\system32\ssa.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 04:00 143360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"i0h08zocwuda"="C:\WINDOWS\system32\i0h08zocwuda.exe" [ ]
"ErrorSmart"="C:\Program Files\ErrorSmart\ErrorSmart.exe" [ ]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 21:48 1392640]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 18:20 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 02:01 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-03-02 00:24 1171712 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 20:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WinDefend"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DellSupport\\DSAgnt.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15912:TCP"= 15912:TCP:BitComet 15912 TCP
"15912:UDP"= 15912:UDP:BitComet 15912 UDP

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-03-02 00:25]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-02 00:25]
R1 DrvPrt;DrvPrt;C:\WINDOWS\system32\drivers\drvprt.sys [2003-11-26 15:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-02 00:25]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:00]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-02-01 17:25]
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-02 00:24]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
effkhtlt

.
Contents of the 'Scheduled Tasks' folder
"2008-03-11 22:09:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-06 02:00:06 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\[email protected]
"2008-02-12 11:30:01 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
"2008-03-10 16:00:00 C:\WINDOWS\Tasks\Scheduled Tasks.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
"2008-03-11 01:13:09 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CEE21C1F-69D8-4E6C-94FE-C5F41196E390}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-03-11 03:13:05 C:\WINDOWS\Tasks\{1DA85CA3-6570-4F19-9FC1-E51A584B05B0}_DH4WLJ91_Ken Trader.job"
- C:\WINDOWS\system32\mobsync.exeH /Schedule=
"2008-02-12 10:10:17 C:\WINDOWS\Tasks\{884ADBB1-0FBF-4AE4-B1E4-BC78B464E52F}_DH4WLJ91_Ken Trader.job"
- C:\WINDOWS\system32\mobsync.exeH /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 16:01:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-11 16:02:48
ComboFix-quarantined-files.txt 2008-03-11 23:02:44
.
2008-02-29 05:31:30 --- E O F ---

------HJT Log-------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:29 AM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F06A8C5-7E7F-4284-AAA1-9F8A6DCB25CF} - C:\WINDOWS\system32\colbacti.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {BE20FE80-2F8F-4563-9860-C2FE34A9B3DF} - c:\windows\system32\browselck.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [i0h08zocwuda] C:\WINDOWS\system32\i0h08zocwuda.exe
O4 - HKLM\..\Run: [ErrorSmart] "C:\Program Files\ErrorSmart\ErrorSmart.exe" -boot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e73654b6ab0a48d895adc9182fd930c6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e73654b6ab0a48d895adc9182fd930c6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dafedddecafbaf - C:\WINDOWS\system32\dafedddecafbaf.dll (file missing)
O20 - Winlogon Notify: pktfcpvd - C:\WINDOWS\SYSTEM32\browselck.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7184 bytes
 

·
Registered
Joined
·
9,113 Posts
Can you post a fresh Hijackthis log, the one you posted is from march 9th. Thanks.
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #5 ·
Sorry about that...here is the new HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36:57 AM, on 3/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [i0h08zocwuda] C:\WINDOWS\system32\i0h08zocwuda.exe
O4 - HKLM\..\Run: [ErrorSmart] "C:\Program Files\ErrorSmart\ErrorSmart.exe" -boot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?e73654b6ab0a48d895adc9182fd930c6
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?e73654b6ab0a48d895adc9182fd930c6
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6364 bytes
 

·
Registered
Joined
·
9,113 Posts
Download the attached file CFScript.txt to your Desktop



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt". In your next reply, please include the ComboFix log and a fresh HIjackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Note:Please do not use this script on another computer, you may damage the system. The script is made especially for this user's computer only!!!!

================================

Please perform a scan with Kaspersky Webscan Online Virus Scanner

1. Read the Requirements and Privacy statement, then select "Accept". 2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?". 3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run. 4. When the download is complete it will say ready, click "Next". 5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard). 6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases". 7. Click "OK". 8. Under "Select a target to scan", click on "My Computer". 9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
 

Attachments

·
Registered
Joined
·
14 Posts
Discussion Starter · #7 ·
OK. Here is the new ComboFix log, along with the new HJT log.

-----ComboFix log-----

ComboFix 08-03-10.1 - Ken Trader 2008-03-14 18:49:39.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.71 [GMT -7:00]
Running from: C:\Documents and Settings\Ken Trader\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Ken Trader\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-12 19:00 . 2008-03-12 19:00 d-------- C:\VA Forms
2008-03-12 12:19 . 2008-03-12 12:19 d-------- C:\Documents and Settings\Ken Trader\Application Data\vlc
2008-03-12 12:11 . 2008-03-12 12:11 d-------- C:\Program Files\VideoLAN
2008-03-12 11:50 . 2008-03-12 11:50 d-------- C:\temp
2008-03-12 11:49 . 1999-04-09 01:14 416,304 --a------ C:\WINDOWS\system32\mpg4c32.bkp
2008-03-12 11:49 . 1999-04-09 01:14 416,304 --a------ C:\temp\MPG4C32.DLL
2008-03-09 20:54 . 2008-03-09 20:54 d-------- C:\WINDOWS\WinRAR
2008-03-09 09:44 . 2008-03-11 16:04 d-------- C:\HijackThis
2008-03-06 21:35 . 2008-03-06 21:35 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-03-02 21:53 . 2004-08-04 00:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-02 21:51 . 2008-03-02 21:51 d-------- C:\Program Files\MP3 Player Utilities 4.13
2008-03-02 15:03 . 2008-03-13 12:03 d-------- C:\Downloads
2008-03-02 15:02 . 2008-03-02 20:54 d-------- C:\Program Files\BitComet
2008-03-02 14:59 . 2008-03-02 14:59 d-------- C:\BitComet
2008-03-02 00:25 . 2008-03-02 00:25 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-03-02 00:25 . 2008-03-02 00:25 74,376 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-03-02 00:25 . 2008-03-02 00:25 12,424 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-03-02 00:25 . 2008-03-02 00:25 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-03-02 00:24 . 2008-03-05 13:09 d-------- C:\WINDOWS\system32\drivers\Avg
2008-03-02 00:24 . 2008-03-02 00:24 d-------- C:\Program Files\AVG
2008-03-02 00:24 . 2008-03-02 00:24 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-03-01 23:01 . 2008-03-01 23:01 d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-01 23:01 . 2008-03-01 23:52 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-01 22:58 . 2008-03-01 22:59 d-------- C:\spybot
2008-02-28 11:56 . 2007-12-26 02:15 d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-02-28 11:56 . 2006-02-21 07:41 d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-26 22:07 . 2008-02-26 22:07 d--hs---- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 04:38 --------- d-----w C:\Program Files\Google
2008-03-05 20:00 --------- d-----w C:\Program Files\Dell
2008-03-02 06:51 --------- d-----w C:\Program Files\ErrorSmart
2008-03-02 01:10 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-27 05:04 --------- d-----w C:\Program Files\Desktop Maestro
2008-02-14 17:47 --------- d-----w C:\Program Files\Netscape Internet Service
2008-02-14 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Netscape Internet Service
2008-02-12 22:31 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\ErrorSmart
2008-02-11 06:29 --------- d-----w C:\Program Files\Privacy Guardian
2008-02-11 06:29 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\Spam Monitor
2008-02-11 06:22 --------- d-----w C:\Program Files\Common Files\CryptDrive
2008-02-11 06:18 671,744 ----a-w C:\WINDOWS\isRS-000.tmp
2008-02-10 17:07 --------- d-----w C:\Program Files\Verizon Wireless
2008-02-09 22:01 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\Uniblue
2008-02-09 21:45 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\RegSweep
2008-02-09 08:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-09 08:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-02-08 04:58 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\AdobeUM
2008-02-07 07:23 --------- d-----w C:\Program Files\mail.com
2008-02-05 07:43 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\CryptDrive
2008-02-04 22:48 --------- d-----w C:\Program Files\File Recover
2008-02-02 06:52 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2008-02-02 03:01 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\PCToolsFirewallPlus
2008-02-02 02:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-01 20:24 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-27 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\CryptDrive
2008-01-27 04:44 --------- d-----w C:\Program Files\QuickTime
2008-01-26 07:30 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\CyberLink
2008-01-23 20:59 --------- d-----w C:\Documents and Settings\Ken Trader\Application Data\Apple Computer
2008-01-23 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-31 03:31 2,122,028 ----a-w C:\Program Files\Windows Defender.zip
2007-12-22 17:35 246,545 ----a-w C:\WINDOWS\system32\libssl32.dll
2007-12-22 17:35 1,188,375 ----a-w C:\WINDOWS\system32\libeay32.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-17 10:06 14,198,497 ----a-w C:\WINDOWS\system32\drivers.zip
2007-12-17 09:04 6,580 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_16.02.31.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"Mail.com"="C:\Program Files\mail.com\mcalert.exe" [2007-06-25 01:14 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 04:00 143360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"ErrorSmart"="C:\Program Files\ErrorSmart\ErrorSmart.exe" [ ]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-01 21:48 1392640]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 18:20 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 02:01 437160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2008-03-02 00:24 1171712 C:\PROGRA~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 20:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"WinDefend"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DellSupport\\DSAgnt.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15912:TCP"= 15912:TCP:BitComet 15912 TCP
"15912:UDP"= 15912:UDP:BitComet 15912 UDP

R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-03-02 00:25]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-03-02 00:25]
R1 DrvPrt;DrvPrt;C:\WINDOWS\system32\drivers\drvprt.sys [2003-11-26 15:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-03-02 00:25]
R2 NwSapAgent;SAP Agent;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:00]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-02-01 17:25]
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-03-02 00:24]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-14 07:09:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 01:01:50 C:\WINDOWS\Tasks\ParetoLogic Registration.job"
- C:\WINDOWS\system32\[email protected]
"2008-02-12 11:30:01 C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job"
- C:\Program Files\RegSweep\RegSweep.ex
- C:\Program Files\RegSweep
"2008-03-13 16:00:00 C:\WINDOWS\Tasks\Scheduled Tasks.job"
- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
"2008-03-14 05:12:15 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CEE21C1F-69D8-4E6C-94FE-C5F41196E390}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-03-13 03:13:02 C:\WINDOWS\Tasks\{1DA85CA3-6570-4F19-9FC1-E51A584B05B0}_DH4WLJ91_Ken Trader.job"
- C:\WINDOWS\system32\mobsync.exeH /Schedule=
"2008-02-12 10:10:17 C:\WINDOWS\Tasks\{884ADBB1-0FBF-4AE4-B1E4-BC78B464E52F}_DH4WLJ91_Ken Trader.job"
- C:\WINDOWS\system32\mobsync.exeH /Schedule=
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 18:53:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-14 18:55:28
ComboFix-quarantined-files.txt 2008-03-15 01:55:23
ComboFix2.txt 2008-03-11 23:02:49
.
2008-03-12 08:12:39 --- E O F ---

-----HJT log-----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:34 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mail.com\mcalert.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErrorSmart] "C:\Program Files\ErrorSmart\ErrorSmart.exe" -boot
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - HKUS\S-1-5-18\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 5819 bytes
 

·
Registered
Joined
·
14 Posts
Discussion Starter · #8 ·
Sorry. I forgot the Kaspersky log. Here it is.

-----Kaspersky log-----


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 15, 2008 2:32:00 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/03/2008
Kaspersky Anti-Virus database records: 631900
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 37016
Number of viruses found: 4
Number of infected objects: 8
Number of suspicious objects: 0
Duration of the scan process: 01:05:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder1.zip/SpyShredder.exe Infected: not-a-virus:FraudTool.Win32.BraveSentry.j skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder8.zip/SpyShredder1.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.j skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder8.zip/SpyShredder2.dll Infected: not-a-virus:AdWare.Win32.SearchAssistant.k skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder8.zip/SpyShredder3.dll Infected: not-a-virus:AdWare.Win32.SearchAssistant.l skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyShredder8.zip ZIP: infected - 3 skipped
C:\Documents and Settings\All Users\Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\PS2Trial.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 - Carbon Leaf - Life Less Ordinary - Indian Summer_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 SupaSaturation (radio version).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\01 Windblown.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\02 OK Alone.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\03 Lost Angeles.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Desert Train.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\05 Show Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 - Nickel Creek - This Side - This Side_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\06 I Just Drove By.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\07 Lighted Up.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\08 If Its Wrong 1.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 - Deanna Carter - Sunny Day - the story of my life_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\09 When We Are One.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\adam.hood.playsomethingweknow.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.million.miles.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\ah.tuesday.night.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{0265D0B1-6F78-44FF-B1FD-7020DE129C57}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{0265D0B1-6F78-44FF-B1FD-7020DE129C57}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08166482-EE5F-4EA6-9E12-E52FF6C99927}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08166482-EE5F-4EA6-9E12-E52FF6C99927}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{1BE48D8C-F891-43A8-8045-8E6858F60DF5}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{1BE48D8C-F891-43A8-8045-8E6858F60DF5}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{2B2D3982-2161-431E-928E-E68B443F3DC7}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{2B2D3982-2161-431E-928E-E68B443F3DC7}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{34D35156-3FF9-4D45-9039-BB84EB061030}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{34D35156-3FF9-4D45-9039-BB84EB061030}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{381AFC4C-DC52-46C9-B6B4-3C030EAB4C3E}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{381AFC4C-DC52-46C9-B6B4-3C030EAB4C3E}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{6323D114-1260-45CA-917B-073C09105BAF}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{6323D114-1260-45CA-917B-073C09105BAF}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{7EEF4752-00B6-45BC-B34A-906DEB7449E9}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{7EEF4752-00B6-45BC-B34A-906DEB7449E9}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{90B91751-6D75-4386-B2B1-8923F5258077}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{90B91751-6D75-4386-B2B1-8923F5258077}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{918053A2-1815-47C3-ADCE-9D2417886EEB}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{918053A2-1815-47C3-ADCE-9D2417886EEB}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{932024FB-45CE-44D1-986E-3F9E6FE71618}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{932024FB-45CE-44D1-986E-3F9E6FE71618}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{A16B0B6A-D574-459B-BB6F-F3DD10FF72C7}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{A16B0B6A-D574-459B-BB6F-F3DD10FF72C7}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{C64BD29A-0D83-42B1-87B9-446534FFBF1A}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{C64BD29A-0D83-42B1-87B9-446534FFBF1A}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{DDC2663D-4861-4E54-894E-3347C7395265}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{DDC2663D-4861-4E54-894E-3347C7395265}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{E10B4826-922D-4446-BFCA-869389E0FC8F}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{E10B4826-922D-4446-BFCA-869389E0FC8F}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F1C9E3E9-FC06-4803-933D-359DF4AC9095}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F1C9E3E9-FC06-4803-933D-359DF4AC9095}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F286943F-080C-41E5-97D9-6607F005E80A}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F286943F-080C-41E5-97D9-6607F005E80A}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F28B6669-5CB5-4B05-B18D-01B770EF850B}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F28B6669-5CB5-4B05-B18D-01B770EF850B}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F84244E0-DF17-4505-981F-22723918683D}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{F84244E0-DF17-4505-981F-22723918683D}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FB042D8B-14B9-4867-B8FE-60C52389D5BC}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FB042D8B-14B9-4867-B8FE-60C52389D5BC}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FD9A1F68-DB63-4C86-B890-1CC91571731F}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FD9A1F68-DB63-4C86-B890-1CC91571731F}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FDEEDFAA-93A2-42C7-80D5-819F82638A60}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FDEEDFAA-93A2-42C7-80D5-819F82638A60}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FED5E58D-F923-4C93-9784-00F460A2A88B}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FED5E58D-F923-4C93-9784-00F460A2A88B}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FF73D6EA-9243-4A06-B4D1-8FD398006258}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{FF73D6EA-9243-4A06-B4D1-8FD398006258}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Big Sky190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Carey Ott - Mother Madam_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Clark Country - Track 2.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - It Doesn't Get Any Better Than This.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - My Favorite Revolution.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Eugene Edwards - The Next Time You Go.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Freakhouse - Liars Inc. 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\gandalf_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Get More with Jukebox Plus.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\GIRL.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Green.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\I Love Lovin U.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Jeff Black - Tin Lily_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacy.crowley.badass.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.blood.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\kacycrowley.kindofperfect.192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Lie To Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Long Long Time 192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Love Me Too Much190k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Marcy Playground - No Ones Boy 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Mas Rapido - Christopher Robin's Dead - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Natural Fool (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Not Hot To Trot.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\NuSensation_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OceanDriveClubMix_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\omar_192.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\OpusOne_192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Orange Peels - Something In You - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Rescue Me.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sister Vikki.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorrow - 192k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Sorry.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Steady As She Goes (192k).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Swell.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\The Greencards - Time - weather and water_193k.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Baby Blue.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - Can You Feel It Now.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Tremolo - You Were Born For This.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Urbia.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Indiana Sun.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - Jealousy (Will Get You).mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\White Hassle - She's Dead.mp3 Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\Ken Trader\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
C:\Documents and Settings\Ken Trader\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ken Trader\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ken Trader\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ken Trader\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ken Trader\ntuser.dat Object is locked skipped
C:\Documents and Settings\Ken Trader\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\eimwwbnn.dat.vir Object is locked skipped
C:\QooBox\Quarantine\catchme2008-03-11_115002.23.zip/eimwwbnn.dat Infected: Trojan.Win32.BHO.bbo skipped
C:\QooBox\Quarantine\catchme2008-03-11_115002.23.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP4\change.log Object is locked skipped
C:\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{A1CC1FD7-261B-406C-A7CB-60AB0B3FE73C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
 
1 - 10 of 10 Posts
Status
Not open for further replies.
Top