Page 4 of 4 FirstFirst 1234
Results 31 to 37 of 37

Thread: Virtumonde

  1. #31
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Hi,
    Performed the removals, updates & Scan as requested. I see you were quite right about more work to be done. Can I delete limewire & torrent from application data folders?

    Following is the KOS & ComboFix logs. DDS in next post

    KASPERSKY ONLINE SCANNER 7.0: scan report
    Wednesday, September 23, 2009
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, September 23, 2009 06:01:55
    Records in database: 2870749


    Scan settings
    scan using the following database extended
    Scan archives yes
    Scan e-mail databases yes

    Scan area My Computer
    C:\
    D:\
    E:\
    F:\
    G:\

    Scan statistics
    Objects scanned 79746
    Threats found 3
    Infected objects found 4
    Suspicious objects found 0
    Scan duration 01:47:40

    File name Threat Threats count
    C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\LocalCopy\{7DAF6782-CE2C-43B9-547B-8849618E8877}-rdl114.tmp.exe Infected: Trojan.Win32.Vaklik.fvi 1

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP666\A0304319.exe Infected: Trojan-Spy.Win32.Zbot.aatt 1

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP673\A0310929.exe Infected: Trojan-Dropper.Win32.WormDrop.r 1

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP673\A0311995.exe Infected: Trojan-Dropper.Win32.WormDrop.r 1

    Selected area has been scanned.

    -----------------------

    ComboFix 09-09-17.04 - Office 09/22/2009 19:46.5.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.172 [GMT -5:00]
    Running from: c:\documents and settings\Office\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Office\Desktop\CFScript.txt
    AV: avast! antivirus 4.8.1351 [VPS 090817-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

    FILE ::
    "c:\program files\LimeWireWin-full.exe"
    "c:\program files\LimeWireWin.exe"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Office\LOCALS~1\Temp\catchme.dll
    c:\documents and settings\Angie\Application Data\LimeWire
    c:\documents and settings\Angie\Application Data\LimeWire\410splashfree.png
    c:\documents and settings\Angie\Application Data\LimeWire\createtimes.cache
    c:\documents and settings\Angie\Application Data\LimeWire\fileurns.bak
    c:\documents and settings\Angie\Application Data\LimeWire\fileurns.cache
    c:\documents and settings\Angie\Application Data\LimeWire\filters.props
    c:\documents and settings\Angie\Application Data\LimeWire\gnutella.net
    c:\documents and settings\Angie\Application Data\LimeWire\installation.props
    c:\documents and settings\Angie\Application Data\LimeWire\library.dat
    c:\documents and settings\Angie\Application Data\LimeWire\limewire.props
    c:\documents and settings\Angie\Application Data\LimeWire\mojito.props
    c:\documents and settings\Angie\Application Data\LimeWire\pub1.key
    c:\documents and settings\Angie\Application Data\LimeWire\public.key
    c:\documents and settings\Angie\Application Data\LimeWire\questions.props
    c:\documents and settings\Angie\Application Data\LimeWire\responses.cache
    c:\documents and settings\Angie\Application Data\LimeWire\simpp.xml
    c:\documents and settings\Angie\Application Data\LimeWire\spam.dat
    c:\documents and settings\Angie\Application Data\LimeWire\tables.props
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme.lwtp
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\01_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\02_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\03_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\04_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\05_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\chat.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\dir_closed.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\dir_open.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\forward_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\forward_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\kill.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\kill_on.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\lime.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\logo.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\notsearching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\pause_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\pause_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\play_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\play_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\question.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\rewind_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\rewind_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\searching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\splash.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\stop_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\stop_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\theme.txt
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\version.txt
    c:\documents and settings\Angie\Application Data\LimeWire\themes\black_theme\warning.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme.lwtp
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\01_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\02_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\03_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\04_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\05_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\chat.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\dir_closed.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\dir_open.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\forward_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\forward_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\kill.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\logo.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\notsearching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\pause_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\pause_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\play_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\play_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\question.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\rewind_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\rewind_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\search.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\searching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\splash.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\stop_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\stop_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\theme.txt
    c:\documents and settings\Angie\Application Data\LimeWire\themes\classic_theme\warning.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme.lwtp
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\01_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\02_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\03_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\04_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\05_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\chat.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\dir_closed.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\dir_open.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\forward_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\forward_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\kill.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\kill_on.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\lime.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\logo.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\notsearching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\pause_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\pause_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\play_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\play_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\question.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\rewind_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\rewind_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\searching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\splash.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\stop_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\stop_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\theme.txt
    c:\documents and settings\Angie\Application Data\LimeWire\themes\limewire_theme\warning.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme.lwtp
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\01_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\02_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\03_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\04_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\05_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\chat.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\forward_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\forward_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\kill.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\kill_on.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\logo.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\name.txt
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\notsearching.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\pause_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\pause_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\play_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\play_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\question.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\rewind_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\rewind_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\searching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\splash.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\stop_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\stop_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\theme.txt
    c:\documents and settings\Angie\Application Data\LimeWire\themes\other_theme\warning.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme.lwtp
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\01_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\02_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\03_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\04_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\05_star.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\chat.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\forward_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\kill.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\kill_on.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\logo.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\notsearching.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\pause_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\play_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\play_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\question.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\searching.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\splash.png
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\stop_up.gif
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\theme.txt
    c:\documents and settings\Angie\Application Data\LimeWire\themes\windows_theme\warning.gif
    c:\documents and settings\Angie\Application Data\LimeWire\ttree.cache
    c:\documents and settings\Angie\Application Data\LimeWire\ttrees.cache
    c:\documents and settings\Angie\Application Data\LimeWire\ttroot.cache
    c:\documents and settings\Angie\Application Data\LimeWire\update.xml
    c:\documents and settings\Angie\Application Data\LimeWire\version.key
    c:\documents and settings\Angie\Application Data\LimeWire\version.xml
    c:\documents and settings\Angie\Application Data\LimeWire\xml\data\audio.sxml
    c:\documents and settings\Angie\Application Data\LimeWire\xml\data\delete_me
    c:\documents and settings\Angie\Application Data\LimeWire\xml\data\video.sxml
    c:\documents and settings\Angie\Application Data\LimeWire\xml\misc\application.gif
    c:\documents and settings\Angie\Application Data\LimeWire\xml\misc\audio.gif
    c:\documents and settings\Angie\Application Data\LimeWire\xml\misc\document.gif
    c:\documents and settings\Angie\Application Data\LimeWire\xml\misc\image.gif
    c:\documents and settings\Angie\Application Data\LimeWire\xml\misc\video.gif
    c:\documents and settings\Angie\Application Data\LimeWire\xml\schemas\application.xsd
    c:\documents and settings\Angie\Application Data\LimeWire\xml\schemas\audio.xsd
    c:\documents and settings\Angie\Application Data\LimeWire\xml\schemas\document.xsd
    c:\documents and settings\Angie\Application Data\LimeWire\xml\schemas\image.xsd
    c:\documents and settings\Angie\Application Data\LimeWire\xml\schemas\video.xsd
    c:\documents and settings\Angie\Application Data\uTorrent
    c:\documents and settings\Office\Application Data\uTorrent
    c:\documents and settings\Office\Application Data\uTorrent\Blues Clues UK-1.torrent
    c:\documents and settings\Office\Application Data\uTorrent\Dead alive (aka Braindead).1.torrent
    c:\documents and settings\Office\Application Data\uTorrent\Dead alive (aka Braindead).torrent
    c:\documents and settings\Office\Application Data\uTorrent\dht.dat
    c:\documents and settings\Office\Application Data\uTorrent\dht.dat.old
    c:\documents and settings\Office\Application Data\uTorrent\District.9.R5.LiNE.XviD-KAMERA.torrent
    c:\documents and settings\Office\Application Data\uTorrent\Freddy's Nightmares - 1x19 - Missing Persons.avi.torrent
    c:\documents and settings\Office\Application Data\uTorrent\resume.dat
    c:\documents and settings\Office\Application Data\uTorrent\resume.dat.old
    c:\documents and settings\Office\Application Data\uTorrent\rss.dat
    c:\documents and settings\Office\Application Data\uTorrent\rss.dat.old
    c:\documents and settings\Office\Application Data\uTorrent\settings.dat
    c:\documents and settings\Office\Application Data\uTorrent\settings.dat.old
    c:\documents and settings\Office\Local Settings\temp\catchme.dll
    c:\program files\LimeWireWin-full.exe
    c:\program files\LimeWireWin.exe

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-23 to 2009-09-23 )))))))))))))))))))))))))))))))
    .

    2009-09-22 21:29 . 2009-09-22 21:29 -------- d-----w- c:\documents and settings\Angie\Application Data\Malwarebytes
    2009-09-21 08:15 . 2009-09-21 08:15 -------- dc----w- c:\documents and settings\Office\Application Data\Malwarebytes
    2009-09-21 05:10 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-21 05:10 . 2009-09-21 05:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-21 05:10 . 2009-09-21 05:10 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-09-21 05:10 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-15 18:24 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-09-15 18:24 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-09-15 18:24 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-09-15 18:24 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-09-15 18:23 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-09-15 18:23 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-09-15 18:23 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-09-15 18:23 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-09-15 18:23 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-09-15 18:23 . 2009-09-15 18:23 -------- d-----w- c:\program files\Alwil Software
    2009-09-15 08:11 . 2009-09-15 08:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-09-15 05:00 . 2009-09-15 06:58 -------- d-----w- c:\program files\COMODO
    2009-09-14 00:33 . 2009-09-14 00:33 -------- d-----w- c:\program files\Trend Micro
    2009-09-13 13:06 . 2009-09-13 13:06 1119618 -c--a-w- C:\OneCareSupportData.zip
    2009-09-09 21:48 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2009-09-04 04:45 . 2009-09-04 04:45 -------- dc----w- c:\documents and settings\Office\Local Settings\Application Data\Xara
    2009-09-04 04:41 . 2007-04-27 14:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
    2009-09-04 04:39 . 2009-09-04 04:46 -------- d-----w- c:\windows\system32\MAGIX
    2009-09-04 04:39 . 2008-04-15 20:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
    2009-09-04 03:37 . 2009-09-04 03:37 -------- d-----w- c:\program files\3ivx
    2009-09-04 03:37 . 2009-09-04 03:37 -------- dc----w- c:\documents and settings\All Users\Application Data\Flip Video
    2009-09-04 03:37 . 2009-09-04 03:37 -------- d-----w- c:\program files\Flip Video

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-22 21:32 . 2005-04-18 19:51 17920 -csha-w- c:\program files\Thumbs.db
    2009-09-22 12:52 . 2009-07-17 23:56 273 -c--a-w- c:\documents and settings\Office\Application Data\ftpfile.dat
    2009-09-22 08:27 . 2009-07-16 14:43 -------- d-----w- c:\program files\CoffeeCup Software
    2009-09-22 03:24 . 2004-12-24 06:43 2835 ----a-w- c:\program files\photohse.ini
    2009-09-22 03:24 . 2004-12-24 06:43 338 ----a-w- c:\program files\country.ini
    2009-09-22 03:06 . 2004-12-23 13:25 -------- d-----w- c:\program files\Custom
    2009-09-22 03:06 . 2004-12-24 06:43 1323 ----a-w- c:\program files\CorelApp.ini
    2009-09-22 01:34 . 2009-07-26 08:22 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
    2009-09-15 05:32 . 2009-07-11 11:44 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
    2009-09-12 22:00 . 2009-08-09 20:07 109968 -c--a-w- c:\documents and settings\Jessy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-09 11:21 . 2004-12-24 06:42 3292 -c--a-w- c:\program files\printhse.ini
    2009-09-09 06:23 . 2009-07-06 21:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Motive
    2009-09-05 18:22 . 2006-08-06 10:50 109968 -c--a-w- c:\documents and settings\Angie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-05 09:34 . 2005-01-26 13:32 171 ----a-w- c:\program files\Color.ini
    2009-09-04 05:32 . 2009-03-07 21:05 109968 -c--a-w- c:\documents and settings\Office\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-09-04 04:46 . 2009-09-04 04:43 -------- dc----w- c:\documents and settings\All Users\Application Data\MAGIX
    2009-09-04 04:45 . 2009-09-04 04:43 -------- d-----w- c:\program files\Common Files\MAGIX Shared
    2009-09-04 04:43 . 2009-09-04 04:43 -------- d-----w- c:\program files\Common Files\xara
    2009-08-31 18:17 . 2009-06-06 04:44 -------- d-----w- c:\documents and settings\Angie\Application Data\gtk-2.0
    2009-08-21 18:12 . 2009-07-12 20:06 -------- d-----w- c:\documents and settings\Angie\Application Data\dvdcss
    2009-08-11 22:33 . 2009-08-11 22:33 -------- d-----w- c:\program files\Common Files\muvee Technologies
    2009-08-11 02:59 . 2009-07-09 09:31 -------- d-----w- c:\program files\Veoh Networks
    2009-08-08 04:15 . 2005-04-01 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-07 07:05 . 2009-08-07 07:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-08-06 23:50 . 2009-08-01 22:40 -------- d-----w- c:\program files\NCH Software
    2009-08-06 23:47 . 2009-08-01 22:40 -------- d-----w- c:\program files\NCH Swift Sound
    2009-08-06 23:46 . 2009-08-06 23:46 -------- dc----w- c:\documents and settings\Office\Application Data\NCH Swift Sound
    2009-08-05 09:01 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-05 05:04 . 2009-04-29 02:04 -------- dc----w- c:\documents and settings\Office\Application Data\gtk-2.0
    2009-08-02 12:09 . 2009-08-02 12:09 -------- d-----w- c:\program files\MSBuild
    2009-08-02 12:09 . 2009-08-02 12:09 -------- d-----w- c:\program files\Reference Assemblies
    2009-08-01 22:42 . 2009-08-01 22:42 -------- dc----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
    2009-08-01 22:41 . 2009-08-01 22:40 -------- d-----w- c:\documents and settings\Angie\Application Data\NCH Swift Sound
    2009-08-01 17:19 . 2009-08-01 17:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\PeerNetworking
    2009-07-26 09:43 . 2006-05-24 01:32 -------- d-----w- c:\program files\Yahoo!
    2009-07-26 09:24 . 2004-12-12 06:39 -------- d-----w- c:\program files\Java
    2009-07-26 09:19 . 2005-01-13 23:11 -------- d-----w- c:\program files\DivX
    2009-07-26 06:10 . 2009-07-09 08:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-07-25 20:27 . 2009-07-25 08:36 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-07-17 19:01 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-17 12:04 . 2009-07-17 12:04 335 ----a-w- c:\windows\mozregistry.dat
    2009-07-13 15:08 . 2004-08-04 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-03 17:09 . 2004-08-04 11:00 915456 ------w- c:\windows\system32\wininet.dll
    2009-06-25 08:25 . 2004-08-04 11:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2009-06-25 08:25 . 2004-08-04 11:00 56832 ----a-w- c:\windows\system32\secur32.dll
    2009-06-25 08:25 . 2004-08-04 11:00 54272 ----a-w- c:\windows\system32\wdigest.dll
    2009-06-25 08:25 . 2004-08-04 11:00 301568 ----a-w- c:\windows\system32\kerberos.dll
    2009-06-25 08:25 . 2004-08-04 11:00 147456 ----a-w- c:\windows\system32\schannel.dll
    2009-06-25 08:25 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-06-17 03:47 . 2005-05-02 16:09 100261 -c-ha-w- c:\program files\photohse.GID
    2009-05-14 21:54 . 2006-03-02 16:25 69477 -c-ha-w- c:\program files\aim95.GID
    2009-03-05 09:35 . 2007-03-13 00:45 8444 -c--a-w- c:\program files\Xpcs Registry.dat
    2009-02-09 23:57 . 2003-12-10 05:39 178 -c--a-w- c:\program files\log.txt
    2008-10-30 17:39 . 2004-12-24 06:43 2449 -c--a-w- c:\program files\corelprn.ini
    2005-05-26 13:32 . 2005-04-06 14:51 38435 -c--a-w- c:\program files\licens32.txt
    2005-05-21 02:00 . 2005-05-21 01:58 148564 -c-ha-w- c:\program files\Printhse.GID
    2005-04-08 13:07 . 2005-04-06 14:51 611 ----a-w- c:\program files\Uninstall AOL Instant Messenger.lnk
    2004-12-24 06:44 . 2004-12-24 06:42 713 -c----w- c:\program files\BOX.REG
    2004-12-24 06:44 . 2004-12-24 06:43 2860 -c----w- c:\program files\PHOTOHSE.REG
    2004-12-24 06:44 . 2004-12-24 06:42 832 -c----w- c:\program files\PRINTHSE.REG
    2004-08-27 23:29 . 2005-04-06 14:51 1935 -c--a-w- c:\program files\icbmftvc.lst
    2004-03-12 21:02 . 2005-04-06 14:51 116900 ----a-w- c:\program files\uninstll.exe
    2004-03-12 21:02 . 2005-04-06 14:51 1466368 ----a-w- c:\program files\AimRes.dll
    2004-03-12 20:22 . 2005-04-06 14:51 61440 ----a-w- c:\program files\aim.exe
    2004-03-12 20:22 . 2005-04-06 14:51 131072 ----a-w- c:\program files\ateima32.dll
    2004-03-12 20:21 . 2005-04-06 14:51 61440 -c--a-w- c:\program files\AlertUI.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 25088 -c--a-w- c:\program files\browse.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 208896 -c--a-w- c:\program files\buddyui.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 225280 ----a-w- c:\program files\AimSecondarySvcs.dll
    2004-03-12 20:21 . 2005-04-06 14:51 6144 -c--a-w- c:\program files\stats.ocm
    2004-03-12 20:21 . 2005-04-06 14:51 98304 -c--a-w- c:\program files\ChatUI.ocm
    2004-03-12 20:20 . 2005-04-06 14:51 192512 ----a-w- c:\program files\AimCoreSvcs.dll
    2004-03-12 20:20 . 2005-04-06 14:51 237568 -c--a-w- c:\program files\icbmui.ocm
    2004-03-12 20:20 . 2005-04-06 14:51 94208 -c--a-w- c:\program files\ticker.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 98304 ----a-w- c:\program files\aimapi.dll
    2004-03-12 20:19 . 2005-04-06 14:51 15872 -c--a-w- c:\program files\Admin.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 135168 -c--a-w- c:\program files\locateui.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 184320 -c--a-w- c:\program files\miscui.ocm
    2004-03-12 20:19 . 2005-04-06 14:51 14848 -c--a-w- c:\program files\NTP.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 59904 -c--a-w- c:\program files\OscMail.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 19456 ----a-w- c:\program files\aimtalk.dll
    2004-03-12 20:18 . 2005-04-06 14:51 69632 -c--a-w- c:\program files\osclogin.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 9216 -c--a-w- c:\program files\oscmain.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 53248 -c--a-w- c:\program files\startup.ocm
    2004-03-12 20:18 . 2005-04-06 14:51 147456 ----a-w- c:\program files\aimauto.exe
    2004-03-12 20:17 . 2005-04-06 14:51 81920 -c--a-w- c:\program files\OscSrch.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 2048 ----a-w- c:\program files\ShareFile.exe
    2004-03-12 20:17 . 2005-04-06 14:51 2048 ----a-w- c:\program files\SendFile.exe
    2004-03-12 20:17 . 2005-04-06 14:51 13824 -c--a-w- c:\program files\osconfig.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 39424 -c--a-w- c:\program files\rvapps.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 13312 -c--a-w- c:\program files\popup.ocm
    2004-03-12 20:17 . 2005-04-06 14:51 69632 ----a-w- c:\program files\Patcher.dll
    2004-03-12 20:17 . 2005-04-06 14:51 172032 ----a-w- c:\program files\rtvideo.dll
    2004-03-12 20:16 . 2005-04-06 14:51 49152 ----a-w- c:\program files\ProgressDlg.dll
    2004-03-12 20:16 . 2005-04-06 14:51 204800 ----a-w- c:\program files\wndutils.dll
    2004-03-12 20:16 . 2005-04-06 14:51 221184 ----a-w- c:\program files\inetsocket.dll
    2004-03-12 20:15 . 2005-04-06 14:51 33792 -c--a-w- c:\program files\proto.ocm
    2004-03-12 20:15 . 2005-04-06 14:51 147456 ----a-w- c:\program files\oscarui.dll
    2004-03-12 20:14 . 2005-04-06 14:51 184320 ----a-w- c:\program files\oscore.dll
    2004-03-12 20:14 . 2005-04-06 14:51 188416 ----a-w- c:\program files\ate32.dll
    2002-08-01 00:55 . 2009-07-16 14:44 106 --sh--w- c:\windows\WSYS049.SYS
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-09-19_09.55.52 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-09-22 21:27 . 2009-09-22 21:27 16384 c:\windows\Temp\Perflib_Perfdata_744.dat
    + 2009-09-22 21:26 . 2009-09-22 21:26 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
    + 2009-09-22 21:28 . 2009-09-22 21:28 16384 c:\windows\Temp\Perflib_Perfdata_3e4.dat
    + 2004-08-04 11:00 . 2004-08-04 11:00 14336 c:\windows\SYSTEM32\svchost.exe
    + 2004-08-04 11:00 . 2004-08-04 11:00 14336 c:\windows\SYSTEM32\DLLCACHE\svchost.exe
    + 2007-07-31 07:25 . 2007-07-31 07:25 142696 c:\windows\SYSTEM32\MicrosoftUpdateCatalogWebControl.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HughesNetTools_McciTrayApp"="c:\program files\HughesNetTools\1\McciTrayApp_SSR.exe" [2007-11-20 1454592]
    "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Picture Package Menu.lnk.disabled [2009-8-11 964]
    Picture Package VCD Maker.lnk.disabled [2009-8-11 1015]

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
    backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
    backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
    "c:\\Program Files\\aim.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\trueplay.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CoffeeCup Software\\CoffeeCup Visual Site Designer\\vsd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [9/15/2009 1:23 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [9/15/2009 1:23 PM 20560]
    R2 FlipShare Service;FlipShare Service;c:\program files\Flip Video\FlipShare\FlipShareService.exe [6/4/2009 5:41 PM 451904]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
    R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;g:\programs\Common\Database\bin\fbserver.exe [9/3/2009 11:44 PM 1527900]
    S3 samhid;samhid;c:\windows\SYSTEM32\DRIVERS\Samhid.sys [12/25/2006 1:41 PM 7548]
    S3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;c:\windows\SYSTEM32\DRIVERS\SDVPlus.sys [3/14/2006 1:15 AM 42102]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-23 c:\windows\Tasks\User_Feed_Synchronization-{BABCC35D-64AE-4BD7-9952-16FE21501C3D}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    Trusted Zone: musicmatch.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
    FF - ProfilePath - c:\documents and settings\Office\Application Data\Mozilla\Firefox\Profiles\wpzoq6gr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\Mozilla Firefox\plugins\nphssb.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    AddRemove-HijackThis - c:\documents and settings\John.HOME\Desktop\HijackThis.exe
    AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-22 19:58
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,7b,1e,4b,ac,24,
    e1,ec,1c,2e,e8,e1,00,eb,16,2b,de,db,e8,ba,44,63,bf,ce,72,e2,63,26,f1,3f,c8,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,9d,66,59,76,69,
    bf,ac,5a,46,47,15,b0,92,4b,c7,ef,3f,f1,c8,66,f8,84,06,49,6a,9c,d6,61,af,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,00,50,1b,1c,cf,
    c4,a6,06,7a,45,05,fd,91,e8,6f,31,04,54,e4,0d,6b,27,29,df,ff,7c,85,e0,43,d4,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,58,bf,f5,07,cb,
    52,00,4f,6b,65,49,6a,7e,99,74,f7,f9,cf,61,ea,f1,72,cb,fa,86,8c,21,01,be,91,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,67,d6,88,b8,9d,
    38,aa,7f,e9,02,6c,fa,fb,1d,47,57,4d,0d,2a,85,62,38,64,f9,f5,1d,4d,73,a8,13,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,00,82,de,ec,3f,
    0a,cc,fb,50,93,e5,ab,ec,6a,4e,ab,e0,97,50,c9,64,28,64,ba,df,20,58,62,78,6b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,07,78,44,eb,71,
    24,be,e1,97,20,4e,9a,c7,f1,35,ee,d0,b1,34,3f,28,c4,69,07,fb,a7,78,e6,12,2f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,6a,f2,d9,dc,ab,
    e5,28,4c,aa,52,c6,00,84,3c,26,64,c8,aa,47,9e,c1,4e,91,48,01,3a,48,fc,e8,04,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,c2,24,5b,7d,92,
    55,c3,dc,b2,46,9a,e2,1b,fe,1b,94,9a,f1,00,87,60,47,17,41,f6,0f,4e,58,98,5b,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,d3,c1,88,36,87,
    d6,a5,23,37,a4,aa,c3,a6,15,56,0a,f4,f2,95,01,81,b9,ce,71,3d,ce,ea,26,2d,45,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,eb,85,49,eb,1e,
    f2,7b,fd,f8,31,0f,a9,5f,a0,ec,fb,d4,5a,c5,ee,5f,3a,cc,ee,2a,b7,cc,b5,b9,7f,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
    "ThreadingModel"="Apartment"
    @="c:\\WINDOWS\\system32\\OLE32.DLL"
    "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,cf,43,f6,74,c5,
    5a,7d,8f,05,73,21,dd,54,d8,4a,c5,21,8e,7a,9a,25,96,11,4f,6c,43,2d,1e,aa,22,\
    .
    Completion time: 2009-09-23 20:02
    ComboFix-quarantined-files.txt 2009-09-23 01:02
    ComboFix2.txt 2009-09-21 02:45
    ComboFix3.txt 2009-09-20 09:33
    ComboFix4.txt 2009-09-19 10:37
    ComboFix5.txt 2009-09-23 00:44

    Pre-Run: 23,343,304,704 bytes free
    Post-Run: 23,465,140,224 bytes free

    525 --- E O F --- 2009-09-10 08:45

  2. #32
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Cont. from last post

    Heres the dds log:


    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Office at 8:46:12.51 on Tue 09/22/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.368 [GMT -5:00]

    AV: avast! antivirus 4.8.1351 [VPS 090817-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Office\Desktop\sbsd\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
    uStart Page = hxxp://www.google.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
    uSearchAssistant =
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh.dll
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - No File
    TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
    TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
    TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [HughesNetTools_McciTrayApp] c:\program files\hughesnettools\1\McciTrayApp_SSR.exe
    mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Picture Package Menu.lnk.disabled
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Picture Package VCD Maker.lnk.disabled
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim.exe
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
    Trusted Zone: musicmatch.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1253521747359
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1244587224828
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} - hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\office\applic~1\mozilla\firefox\profiles\wpzoq6gr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-15 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-15 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-15 138680]
    R2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe [2009-6-4 451904]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2009-7-9 26104]
    R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-15 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-15 352920]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;g:\programs\common\database\bin\fbserver.exe [2009-9-3 1527900]
    S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-6-21 141056]
    S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-12-31 62570]
    S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-12-25 7548]
    S3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;c:\windows\system32\drivers\SDVPlus.sys [2006-3-14 42102]

    =============== Created Last 30 ================

    2009-09-22 03:33 80 a------- c:\windows\mapforms.ini
    2009-09-22 03:27 13 a------- c:\windows\system32\WinUserI32.crc
    2009-09-21 06:29 552 ac------ c:\windows\system32\DO_NOT_DELETE.backupSetID
    2009-09-21 03:15 <DIR> -cd----- c:\docume~1\office\applic~1\Malwarebytes
    2009-09-21 00:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-21 00:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
    2009-09-21 00:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-09-21 00:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-09-19 04:18 <DIR> acdshr-- C:\cmdcons
    2009-09-18 07:13 229,888 a------- c:\windows\PEV.exe
    2009-09-18 07:13 161,792 a------- c:\windows\SWREG.exe
    2009-09-18 07:13 98,816 a------- c:\windows\sed.exe
    2009-09-15 03:11 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-09-15 00:00 <DIR> --d----- c:\program files\COMODO
    2009-09-13 19:33 <DIR> --d----- c:\program files\Trend Micro
    2009-09-13 08:06 1,119,618 ac------ C:\OneCareSupportData.zip
    2009-09-09 16:48 153,088 -------- c:\windows\system32\dllcache\triedit.dll
    2009-09-03 23:43 <DIR> --d----- c:\program files\common files\xara
    2009-09-03 23:43 <DIR> --d----- c:\program files\common files\MAGIX Shared
    2009-09-03 23:43 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\MAGIX
    2009-09-03 23:41 120,200 a------- c:\windows\system32\DLLDEV32i.dll
    2009-09-03 23:39 700,416 a------- c:\windows\system32\mgxoschk.dll
    2009-09-03 23:39 6,211 a------- c:\windows\mgxoschk.ini
    2009-09-03 23:39 <DIR> --d----- c:\windows\system32\MAGIX
    2009-09-03 22:37 <DIR> --d----- c:\program files\3ivx
    2009-09-03 22:37 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Flip Video
    2009-09-03 22:37 <DIR> --d----- c:\program files\Flip Video
    2009-08-28 16:33 54,156 a---h--- c:\windows\QTFont.qfn
    2009-08-28 16:33 1,409 a------- c:\windows\QTFont.for

    ==================== Find3M ====================

    2009-09-22 07:52 273 ac------ c:\docume~1\office\applic~1\ftpfile.dat
    2009-09-21 22:24 2,835 a------- c:\program files\photohse.ini
    2009-09-21 22:24 338 a------- c:\program files\country.ini
    2009-09-21 22:06 1,323 a------- c:\program files\CorelApp.ini
    2009-09-15 19:03 17,920 ac-sh--- c:\program files\Thumbs.db
    2009-09-15 00:32 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
    2009-09-09 06:21 3,292 ac------ c:\program files\printhse.ini
    2009-09-05 04:34 171 a------- c:\program files\Color.ini
    2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-30 09:44 77,939 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
    2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
    2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
    2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
    2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
    2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
    2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
    2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll
    2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
    2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
    2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
    2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
    2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-07-03 12:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
    2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
    2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
    2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
    2009-07-03 06:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-06-25 03:25 730,112 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 03:25 301,568 a------- c:\windows\system32\kerberos.dll
    2009-06-25 03:25 147,456 a------- c:\windows\system32\schannel.dll
    2009-06-25 03:25 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 03:25 56,832 a------- c:\windows\system32\secur32.dll
    2009-06-25 03:25 54,272 a------- c:\windows\system32\wdigest.dll
    2009-06-25 03:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
    2009-06-25 03:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
    2009-06-25 03:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
    2009-06-25 03:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
    2009-06-25 03:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
    2009-06-25 03:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
    2009-06-16 22:47 100,261 ac--h--- c:\program files\photohse.GID
    2009-05-29 02:54 494,867 ac------ c:\docume~1\alluse~1\applic~1\phn.dat
    2009-05-14 16:54 69,477 ac--h--- c:\program files\aim95.GID
    2009-03-05 04:35 8,444 ac------ c:\program files\Xpcs Registry.dat
    2009-02-09 18:57 178 ac------ c:\program files\log.txt
    2008-10-30 12:39 2,449 ac------ c:\program files\corelprn.ini
    2006-11-14 12:29 416,304 ac------ c:\windows\inf\programs\mpg4c32.dll
    2006-01-02 00:57 2,788,656 a------- c:\program files\LimeWireWin-full.exe
    2006-01-02 00:30 359,112 a------- c:\program files\LimeWireWin.exe
    2005-05-26 08:32 38,435 ac------ c:\program files\licens32.txt
    2005-05-20 21:00 148,564 ac--h--- c:\program files\Printhse.GID
    2005-04-26 19:34 294,912 ac------ c:\windows\inf\programs\PcleCaptureDC10.dll
    2005-04-13 16:37 352,256 ac------ c:\windows\inf\programs\PcleCaptureMarvin.dll
    2005-04-08 12:40 376,832 ac------ c:\windows\inf\programs\PcleCaptureGenericYUV.dll
    2005-04-08 08:07 611 a------- c:\program files\Uninstall AOL Instant Messenger.lnk
    2005-04-01 18:57 106,496 ac------ c:\windows\inf\programs\PCLEMediaManager.dll
    2005-04-01 16:48 344,064 ac------ c:\windows\inf\programs\PcleCaptureDV.dll
    2005-03-29 21:13 90,112 ac------ c:\windows\inf\programs\ACnvrtX.dll
    2005-02-24 00:11 315,392 ac------ c:\windows\inf\programs\PcleCaptureCirrus2.dll
    2005-01-31 22:58 98,304 ac------ c:\windows\inf\programs\pcleSplice.dll
    2005-01-31 22:49 512,000 ac------ c:\windows\inf\programs\mpegencoderlib.dll
    2005-01-28 17:31 352,256 ac------ c:\windows\inf\programs\PcleCapturePCTV.dll
    2005-01-28 17:31 102,400 ac------ c:\windows\inf\programs\PcleCapture2.dll
    2005-01-21 22:15 323,584 ac------ c:\windows\inf\programs\PcleCaptureZoran.dll
    2005-01-21 22:15 307,200 ac------ c:\windows\inf\programs\PcleCapturePython.dll
    2005-01-21 22:15 352,256 ac------ c:\windows\inf\programs\PcleCaptureProteus.dll
    2005-01-21 22:14 286,720 ac------ c:\windows\inf\programs\PcleCaptureMicroMV.dll
    2005-01-21 22:14 335,872 ac------ c:\windows\inf\programs\PcleCaptureEmuzed.dll
    2005-01-21 22:14 319,488 ac------ c:\windows\inf\programs\PcleCaptureDvxcel.dll
    2005-01-21 22:13 376,832 ac------ c:\windows\inf\programs\PcleCaptureAvDv2.dll
    2005-01-21 22:12 364,544 ac------ c:\windows\inf\programs\PcleCaptureAmoeba.dll
    2005-01-12 09:42 577,536 ac------ c:\windows\inf\programs\AudioCodec.dll
    2005-01-12 09:42 495,616 ac------ c:\windows\inf\programs\4code.dll
    2005-01-12 09:42 294,912 ac------ c:\windows\inf\programs\4codeDecoder.dll
    2005-01-12 09:42 262,144 ac------ c:\windows\inf\programs\dllzAAC.dll
    2005-01-12 09:42 57,344 ac------ c:\windows\inf\programs\StreamIO.dll
    2005-01-05 06:09 188,416 ac------ c:\windows\inf\programs\mpegdecoder2.dll
    2004-12-24 01:44 713 -c------ c:\program files\BOX.REG
    2004-12-24 01:44 2,860 -c------ c:\program files\PHOTOHSE.REG
    2004-12-24 01:44 832 -c------ c:\program files\PRINTHSE.REG
    2004-11-22 21:02 30,208 ac------ c:\windows\inf\programs\pcleUtil.dll
    2004-11-03 21:22 86,016 ac------ c:\windows\inf\programs\CSCSaFX.dll
    2004-09-20 16:39 262,144 ac------ c:\windows\inf\programs\lame_enc.dll
    2004-08-27 18:29 1,935 ac------ c:\program files\icbmftvc.lst
    2004-08-09 06:03 73,728 ac------ c:\windows\inf\programs\pcleDVcd.dll
    2004-08-06 02:23 110,592 ac------ c:\windows\inf\programs\pcleDVdc.dll
    2004-03-12 16:02 116,900 a------- c:\program files\uninstll.exe
    2004-03-12 16:02 1,466,368 a------- c:\program files\AimRes.dll
    2004-03-12 15:22 61,440 a------- c:\program files\aim.exe
    2004-03-12 15:22 131,072 a------- c:\program files\ateima32.dll
    2004-03-12 15:21 61,440 ac------ c:\program files\AlertUI.ocm
    2004-03-12 15:21 25,088 ac------ c:\program files\browse.ocm
    2004-03-12 15:21 208,896 ac------ c:\program files\buddyui.ocm
    2004-03-12 15:21 225,280 a------- c:\program files\AimSecondarySvcs.dll
    2004-03-12 15:21 98,304 ac------ c:\program files\ChatUI.ocm
    2004-03-12 15:21:02 AC------ 6,144 c:\program files\stats.ocm
    2002-07-31 19:55 106 ---sh--- c:\windows\WSYS049.SYS

    ============= FINISH: 8:47:37.15 ===============

  3. #33
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Can I delete limewire & torrent from application data folders?
    Please do if those still exist.

    Looks like dds log was taken before ComboFix run. Please post a fresh one.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  4. #34
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Hi,
    Here is the fresh DDS Log:

    DDS (Ver_09-07-30.01) - NTFSx86
    Run by Office at 9:51:36.51 on Thu 09/24/2009
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.446 [GMT -5:00]

    AV: avast! antivirus 4.8.1351 [VPS 090817-0] *On-access scanning disabled* (Outdated)

    {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Windows Live OneCare *On-access scanning enabled* (Updated)

    {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
    FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winss.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HughesNetTools\1\McciTrayApp_SSR.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\lexpps.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\Program Files\HughesNetTools\1\bin\McciBrowser.exe
    C:\Documents and Settings\Office\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program

    files\netzero\SearchEnh.dll
    mURLSearchHooks: H - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

    files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
    BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program

    files\netzero\qsacc\X1IEBHO.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} -

    c:\windows\system32\dla\tfswshx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

    files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

    files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll
    TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh

    networks\veohwebplayer\VeohIEToolbar.dll
    TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh

    networks\veoh video compass\SearchRecsPlugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [HughesNetTools_McciTrayApp] c:\program files\hughesnettools\1\McciTrayApp_SSR.exe
    mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes'

    anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Picture Package

    Menu.lnk.disabled
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Picture Package VCD

    Maker.lnk.disabled
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim.exe
    IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -

    http://wwws.musicmatch.com/mmz/openWebRadio.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} -

    c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
    Trusted Zone: musicmatch.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {1D082E71-DF20-4AAF-863B-596428C49874} -

    hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} -

    hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -

    hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1253521

    747359
    DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -

    hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

    hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?124458722

    4828
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -

    hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

    hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} -

    hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAEAFE12-7726-4C39-B620-2601216CFBB5} -

    hxxp://phughescw.hughes.motive.com/wizlet/spaceway/static/controls/Mcci_6-1-0.cab
    DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

    hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

    hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

    hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\office\applic~1\mozilla\firefox\profiles\wpzoq6gr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\mozilla firefox\plugins\nphssb.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
    FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant:

    {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

    presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

    firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText",

    "noAccess");
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js -

    pref("security.remember_cert_checkbox_default_setting", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

    pref("browser.search.param.yahoo-fr", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js -

    pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",

    true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",

    true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",

    false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",

    true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",

    true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",

    true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",

    true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps",

    false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings",

    false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",

    false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\program files\mozilla firefox\defaults\pref\firefox.js -

    pref("security.alternate_certificate_error_page", "certerror");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart",

    false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js -

    pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri",

    "https://www.google.com/loc/json");

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-15 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-15 20560]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-15

    138680]
    R2 FlipShare Service;FlipShare Service;c:\program files\flip video\flipshare\FlipShareService.exe

    [2009-6-4 451904]
    R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
    R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare

    live\OcHealthMon.exe [2009-7-9 26104]
    R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe

    [2008-11-9 602392]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program

    files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe

    [2009-9-15 254040]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe

    [2009-9-15 352920]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX

    Instance;g:\programs\common\database\bin\fbserver.exe [2009-9-3 1527900]
    S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-6-21 141056]
    S3 JL2005C;Dual Mode Camera;c:\windows\system32\drivers\jl2005c.sys [2008-12-31 62570]
    S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2006-12-25 7548]
    S3 SDVPlus;Pinnacle Studio DVplus WDM Renderer;c:\windows\system32\drivers\SDVPlus.sys

    [2006-3-14 42102]

    =============== Created Last 30 ================

    2009-09-22 22:15 73,728 a------- c:\windows\system32\javacpl.cpl
    2009-09-22 19:43 <DIR> -cd----- C:\ComboFix
    2009-09-22 03:33 80 a------- c:\windows\mapforms.ini
    2009-09-22 03:27 13 a------- c:\windows\system32\WinUserI32.crc
    2009-09-21 06:29 552 ac------ c:\windows\system32\DO_NOT_DELETE.backupSetID
    2009-09-21 03:15 <DIR> -cd----- c:\docume~1\office\applic~1\Malwarebytes
    2009-09-21 00:10 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-21 00:10 19,160 a------- c:\windows\system32\drivers\mbam.sys
    2009-09-21 00:10 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2009-09-21 00:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
    2009-09-19 04:18 <DIR> acdshr-- C:\cmdcons
    2009-09-18 07:13 229,888 a------- c:\windows\PEV.exe
    2009-09-18 07:13 161,792 a------- c:\windows\SWREG.exe
    2009-09-18 07:13 98,816 a------- c:\windows\sed.exe
    2009-09-15 03:11 <DIR> -cd-h---

    c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-09-15 00:00 <DIR> --d----- c:\program files\COMODO
    2009-09-13 19:33 <DIR> --d----- c:\program files\Trend Micro
    2009-09-13 08:06 1,119,618 ac------ C:\OneCareSupportData.zip
    2009-09-09 16:48 153,088 -------- c:\windows\system32\dllcache\triedit.dll
    2009-09-03 23:43 <DIR> --d----- c:\program files\common files\xara
    2009-09-03 23:43 <DIR> --d----- c:\program files\common files\MAGIX Shared
    2009-09-03 23:43 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\MAGIX
    2009-09-03 23:41 120,200 a------- c:\windows\system32\DLLDEV32i.dll
    2009-09-03 23:39 700,416 a------- c:\windows\system32\mgxoschk.dll
    2009-09-03 23:39 6,211 a------- c:\windows\mgxoschk.ini
    2009-09-03 23:39 <DIR> --d----- c:\windows\system32\MAGIX
    2009-09-03 22:37 <DIR> --d----- c:\program files\3ivx
    2009-09-03 22:37 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Flip Video
    2009-09-03 22:37 <DIR> --d----- c:\program files\Flip Video
    2009-08-28 16:33 54,156 a---h--- c:\windows\QTFont.qfn
    2009-08-28 16:33 1,409 a------- c:\windows\QTFont.for

    ==================== Find3M ====================

    2009-09-24 09:49 273 ac------ c:\docume~1\office\applic~1\ftpfile.dat
    2009-09-24 07:20 2,621 a------- c:\program files\photohse.ini
    2009-09-24 07:20 338 a------- c:\program files\country.ini
    2009-09-24 07:19 1,323 a------- c:\program files\CorelApp.ini
    2009-09-24 04:22 3,243 ac------ c:\program files\printhse.ini
    2009-09-23 16:17 17,920 ac-sh--- c:\program files\Thumbs.db
    2009-09-22 22:15 411,368 a------- c:\windows\system32\deploytk.dll
    2009-09-15 00:32 1,474,832 a------- c:\windows\system32\drivers\sfi.dat
    2009-09-05 04:34 171 a------- c:\program files\Color.ini
    2009-08-05 04:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-08-05 04:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-30 09:44 77,939 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
    2009-07-19 18:48 11,067,392 -------- c:\windows\system32\dllcache\ieframe.dll
    2009-07-19 08:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
    2009-07-17 14:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-17 14:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
    2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
    2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
    2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
    2009-07-10 08:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
    2009-07-03 12:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll
    2009-07-03 12:09 915,456 -------- c:\windows\system32\wininet.dll
    2009-07-03 12:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
    2009-07-03 12:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll
    2009-07-03 12:09 206,848 a------- c:\windows\system32\dllcache\occache.dll
    2009-07-03 12:09 594,432 -------- c:\windows\system32\dllcache\msfeeds.dll
    2009-07-03 12:09 55,296 -------- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-07-03 12:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
    2009-07-03 12:09 1,985,536 -------- c:\windows\system32\dllcache\iertutil.dll
    2009-07-03 12:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll
    2009-07-03 12:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-03 12:09 386,048 -------- c:\windows\system32\dllcache\iedkcs32.dll
    2009-07-03 06:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
    2009-06-16 22:47 100,261 ac--h--- c:\program files\photohse.GID
    2009-05-29 02:54 494,867 ac------ c:\docume~1\alluse~1\applic~1\phn.dat
    2009-05-14 16:54 69,477 ac--h--- c:\program files\aim95.GID
    2009-03-05 04:35 8,444 ac------ c:\program files\Xpcs Registry.dat
    2009-02-09 18:57 178 ac------ c:\program files\log.txt
    2008-10-30 12:39 2,449 ac------ c:\program files\corelprn.ini
    2006-11-14 12:29 416,304 ac------ c:\windows\inf\programs\mpg4c32.dll
    2005-05-26 08:32 38,435 ac------ c:\program files\licens32.txt
    2005-05-20 21:00 148,564 ac--h--- c:\program files\Printhse.GID
    2005-04-26 19:34 294,912 ac------ c:\windows\inf\programs\PcleCaptureDC10.dll
    2005-04-13 16:37 352,256 ac------ c:\windows\inf\programs\PcleCaptureMarvin.dll
    2005-04-08 12:40 376,832 ac------ c:\windows\inf\programs\PcleCaptureGenericYUV.dll
    2005-04-08 08:07 611 a------- c:\program files\Uninstall AOL Instant Messenger.lnk
    2005-04-01 18:57 106,496 ac------ c:\windows\inf\programs\PCLEMediaManager.dll
    2005-04-01 16:48 344,064 ac------ c:\windows\inf\programs\PcleCaptureDV.dll
    2005-03-29 21:13 90,112 ac------ c:\windows\inf\programs\ACnvrtX.dll
    2005-02-24 00:11 315,392 ac------ c:\windows\inf\programs\PcleCaptureCirrus2.dll
    2005-01-31 22:58 98,304 ac------ c:\windows\inf\programs\pcleSplice.dll
    2005-01-31 22:49 512,000 ac------ c:\windows\inf\programs\mpegencoderlib.dll
    2005-01-28 17:31 352,256 ac------ c:\windows\inf\programs\PcleCapturePCTV.dll
    2005-01-28 17:31 102,400 ac------ c:\windows\inf\programs\PcleCapture2.dll
    2005-01-21 22:15 323,584 ac------ c:\windows\inf\programs\PcleCaptureZoran.dll
    2005-01-21 22:15 307,200 ac------ c:\windows\inf\programs\PcleCapturePython.dll
    2005-01-21 22:15 352,256 ac------ c:\windows\inf\programs\PcleCaptureProteus.dll
    2005-01-21 22:14 286,720 ac------ c:\windows\inf\programs\PcleCaptureMicroMV.dll
    2005-01-21 22:14 335,872 ac------ c:\windows\inf\programs\PcleCaptureEmuzed.dll
    2005-01-21 22:14 319,488 ac------ c:\windows\inf\programs\PcleCaptureDvxcel.dll
    2005-01-21 22:13 376,832 ac------ c:\windows\inf\programs\PcleCaptureAvDv2.dll
    2005-01-21 22:12 364,544 ac------ c:\windows\inf\programs\PcleCaptureAmoeba.dll
    2005-01-12 09:42 577,536 ac------ c:\windows\inf\programs\AudioCodec.dll
    2005-01-12 09:42 495,616 ac------ c:\windows\inf\programs\4code.dll
    2005-01-12 09:42 294,912 ac------ c:\windows\inf\programs\4codeDecoder.dll
    2005-01-12 09:42 262,144 ac------ c:\windows\inf\programs\dllzAAC.dll
    2005-01-12 09:42 57,344 ac------ c:\windows\inf\programs\StreamIO.dll
    2005-01-05 06:09 188,416 ac------ c:\windows\inf\programs\mpegdecoder2.dll
    2004-12-24 01:44 713 -c------ c:\program files\BOX.REG
    2004-12-24 01:44 2,860 -c------ c:\program files\PHOTOHSE.REG
    2004-12-24 01:44 832 -c------ c:\program files\PRINTHSE.REG
    2004-11-22 21:02 30,208 ac------ c:\windows\inf\programs\pcleUtil.dll
    2004-11-03 21:22 86,016 ac------ c:\windows\inf\programs\CSCSaFX.dll
    2004-09-20 16:39 262,144 ac------ c:\windows\inf\programs\lame_enc.dll
    2004-08-27 18:29 1,935 ac------ c:\program files\icbmftvc.lst
    2004-08-09 06:03 73,728 ac------ c:\windows\inf\programs\pcleDVcd.dll
    2004-08-06 02:23 110,592 ac------ c:\windows\inf\programs\pcleDVdc.dll
    2004-03-12 16:02 116,900 a------- c:\program files\uninstll.exe
    2004-03-12 16:02 1,466,368 a------- c:\program files\AimRes.dll
    2004-03-12 15:22 61,440 a------- c:\program files\aim.exe
    2004-03-12 15:22 131,072 a------- c:\program files\ateima32.dll
    2004-03-12 15:21 61,440 ac------ c:\program files\AlertUI.ocm
    2004-03-12 15:21 25,088 ac------ c:\program files\browse.ocm
    2004-03-12 15:21 208,896 ac------ c:\program files\buddyui.ocm
    2004-03-12 15:21 225,280 a------- c:\program files\AimSecondarySvcs.dll
    2004-03-12 15:21 98,304 ac------ c:\program files\ChatUI.ocm
    2004-03-12 15:21 6,144 ac------ c:\program files\stats.ocm
    2004-03-12 15:20 192,512 a------- c:\program files\AimCoreSvcs.dll
    2004-03-12 15:20 237,568 ac------ c:\program files\icbmui.ocm
    2004-03-12 15:20 94,208 ac------ c:\program files\ticker.ocm
    2004-03-12 15:19 98,304 a------- c:\program files\aimapi.dll
    2004-03-12 15:19 15,872 ac------ c:\program files\Admin.ocm
    2004-03-12 15:19 135,168 ac------ c:\program files\locateui.ocm
    2004-03-12 15:19 184,320 ac------ c:\program files\miscui.ocm
    2004-03-12 15:19 14,848 ac------ c:\program files\NTP.ocm
    2004-03-12 15:18 59,904 ac------ c:\program files\OscMail.ocm
    2004-03-12 15:18 19,456 a------- c:\program files\aimtalk.dll
    2004-03-12 15:18 69,632 ac------ c:\program files\osclogin.ocm
    2004-03-12 15:18 9,216 ac------ c:\program files\oscmain.ocm
    2004-03-12 15:18:18 AC------ 53,248 c:\program files\startup.ocm
    2002-07-31 19:55 106 ---sh--- c:\windows\WSYS049.SYS

    ============= FINISH: 9:52:48.81 ===============

  5. #35
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


    THESE STEPS ARE VERY IMPORTANT

    Let's reset system restore
    Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

    1. Turn off System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    2. Reboot.

    3. Turn ON System Restore.
    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    UN-Check *Turn off System Restore*.
    Click Apply, and then click OK.
    NOTE: only do this ONCE,NOT on a regular basis



    Now lets uninstall ComboFix:
    • Click START then RUN
    • Now copy-paste Combofix /u in the runbox and click OK


    Next we remove all used tools.

    Please download OTC and save it to desktop.
    • Double-click OTC.exe.
    • Click the CleanUp! button.
    • Select Yes when the
      Begin cleanup Process?
      prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes, if not delete it by yourself.


    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.



    UPDATING WINDOWS AND INTERNET EXPLORER

    IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

    If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


    Make your Internet Explorer more secure

    This can be done by following these simple instructions:
    From within Internet Explorer click on the Tools menu and then click on Options.
    Click once on the Security tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.



    The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

    • hosts file:
      • Every version of windows has a hosts file as part of them.
      • In a very basic sense, they are used to locate webpages.
      • We can customize a hosts file so that it blocks certain webpages.
      • However, it can slow down certain computers.
      • This is why using a hosts file is optional!!

      Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
      If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
      1. Click the start button (at the lower left hand corner of your screen)
      2. Click run
      3. In the dialog box, type services.msc
      4. hit enter, then locate dns client
      5. Highlight it, then double-click it.
      6. On the dropdown box, change the setting from automatic to manual.
      7. Click ok



    Just a final reminder for you. I am trying to stress these two points.
    UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
    Make sure all of your security programs are up to date.
    Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



    Once again, please post and tell me how things are going with your system... problems etc.

    Have a great day,
    Blade
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  6. #36
    Member
    Join Date
    Sep 2009
    Posts
    34

    Default

    Blade,
    I performed the operations you outlined in your last post.
    Once again thank you for all your help. The system is running great! I am glad my search to fix the problem brought me here. I thought it was hopeless, untill you began working through this with me. Your work here is greatly appreciated.
    Thank You!
    Jseymour3000

  7. #37
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Smile It was my pleasure to help

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •