lesser-equity

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware & Security
Reload this Page

Trojan Vundo.H Will Not Go Away.

Register Site Spy Member List Donate Search Today's Posts Mark Forums Read Forum Rules


Register


Reply
 
Thread Tools
  #1  
Old 13th May 2009, 22:20
New Member Group
  
Malwarebytes keeps finding trojan vundo.h and 3 registry keys but it cant delete them. Ive tried several hard delete methods which all failed. Combofix, symantic vundo fix, kapersky, malwarebytes and nothing is getting rid of it. Any help would be greatly appreciated. I am attaching the combofix log as well as the malwarebytes report.
Thank you in advance.
jeff

ComboFix 09-05-09.05 - Steph 05/11/2009 0:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.623 [GMT -7:00]
Running from: c:\documents and settings\Steph\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SFC
-------\Service_sfc

((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.
2009-05-10 18:17 . 2009-05-11 07:15 -------- d-----w c:\documents and settings\Steph\Tracing
2009-05-10 18:15 . 2009-05-10 18:15 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-10 18:14 . 2009-05-10 18:16 -------- d-----w c:\program files\Windows Live
2009-05-10 17:31 . 2009-05-10 17:31 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-----w c:\program files\Microsoft
2009-05-10 17:29 . 2009-05-10 17:32 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-----w c:\documents and settings\Steph\Application Data\Windows Desktop Search
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-10 17:28 . 2009-05-10 17:28 -------- d-----w c:\program files\Windows Desktop Search
2009-05-10 17:28 . 2009-05-10 17:28 -------- d-----w c:\windows\system32\GroupPolicy
2009-05-10 17:27 . 2008-03-07 17:02 29696 ------w c:\windows\system32\dllcache\mimefilt.dll
2009-05-10 17:27 . 2008-03-07 17:02 98304 ------w c:\windows\system32\dllcache\nlhtml.dll
2009-05-10 17:27 . 2008-03-07 17:02 192000 ------w c:\windows\system32\dllcache\offfilt.dll
2009-05-10 17:25 . 2009-05-10 17:25 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-10 17:08 . 2009-05-10 17:08 -------- d-sh--w c:\documents and settings\Steph\IECompatCache
2009-05-10 17:08 . 2009-05-10 17:08 -------- d-sh--w c:\documents and settings\Steph\PrivacIE
2009-05-10 17:05 . 2009-05-10 17:05 -------- d-sh--w c:\documents and settings\Steph\IETldCache
2009-05-10 17:02 . 2009-05-10 17:02 -------- d-----w c:\windows\ie8updates
2009-05-10 17:01 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-10 16:59 . 2009-05-10 17:01 -------- dc-h--w c:\windows\ie8
2009-05-10 09:57 . 2009-05-10 09:57 -------- d-----w C:\52a0d57655da9c9fc15435
2009-05-10 09:48 . 2009-05-10 09:48 -------- d-----w c:\windows\system32\XPSViewer
2009-05-10 09:48 . 2009-05-10 09:48 -------- d-----w c:\program files\MSBuild
2009-05-10 09:48 . 2009-05-10 09:48 -------- d-----w c:\program files\Reference Assemblies
2009-05-10 09:47 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-10 09:47 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-05-10 09:47 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-05-10 09:47 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-10 09:47 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-10 09:47 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-10 09:47 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-10 09:47 . 2009-05-10 09:48 -------- d-----w C:\c4cd4c658e6db55db29be7c002
2009-05-10 09:47 . 2009-05-10 16:54 -------- d-----w c:\windows\SxsCaPendDel
2009-05-10 09:10 . 2008-10-15 16:34 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-10 09:08 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-10 09:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 09:08 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-10 09:08 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\system32\scripting
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\l2schemas
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\system32\en
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\system32\bits
2009-05-10 08:48 . 2009-05-10 08:50 -------- d-----w c:\windows\ServicePackFiles
2009-05-10 08:44 . 2009-01-08 01:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-10 08:30 . 2008-04-14 00:12 20992 ------w c:\windows\system32\spupdwxp.exe
2009-05-10 08:29 . 2008-04-14 00:12 10752 ------w c:\windows\system32\smtpapi.dll
2009-05-10 07:32 . 2009-05-10 08:02 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-10 07:32 . 2009-05-10 08:02 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-10 07:31 . 2009-05-11 07:13 2329632 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-10 07:31 . 2009-05-11 07:15 376864 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-10 07:31 . 2009-05-10 07:31 -------- d-----w c:\program files\Kaspersky Lab
2009-05-10 07:31 . 2009-05-11 07:15 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-10 06:40 . 2009-05-10 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-10 06:38 . 2009-05-10 07:27 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-10 06:38 . 2009-05-10 06:38 -------- d-----w c:\documents and settings\Steph\Application Data\SUPERAntiSpyware.com
2009-05-10 06:25 . 2009-05-10 07:28 -------- d-----w c:\program files\Loaris Trojan Remover
2009-05-05 07:16 . 2009-05-05 07:16 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-05 07:16 . 2009-05-05 07:16 -------- d-----w c:\program files\SiteAdvisor
2009-05-05 07:10 . 2009-05-10 06:23 -------- d-----w c:\program files\McAfee
2009-05-05 07:00 . 2009-05-10 06:23 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-05-04 08:14 . 2008-11-06 09:03 -------- d-----w C:\SDFix
2009-05-04 08:04 . 2009-05-04 08:04 61440 ----a-w c:\windows\system32\drivers\kyhmnink.sys
2009-05-03 17:10 . 2009-05-03 17:10 -------- d-----w c:\documents and settings\Steph\Application Data\Malwarebytes
2009-05-03 16:46 . 2009-05-03 16:46 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-03 16:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 16:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 16:46 . 2009-05-03 16:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 16:46 . 2009-05-03 16:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 16:27 . 2009-05-03 16:27 76832 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 15:55 . 2009-05-03 15:55 -------- d-----w c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-05-02 22:54 . 2009-05-10 06:17 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-02 22:37 . 2009-05-02 22:37 -------- d-----w c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-02 21:38 . 2009-05-02 21:38 -------- d-----w c:\documents and settings\NetworkService\Application Data\jqkocrau
2009-05-02 21:38 . 2009-05-02 21:38 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\jqkocrau
2009-05-02 19:25 . 2009-05-02 19:25 -------- d-----w c:\documents and settings\Steph\Application Data\jqkocrau
2009-05-02 19:25 . 2009-05-02 19:25 -------- d-----w c:\documents and settings\Steph\Local Settings\Application Data\jqkocrau
2009-05-02 18:41 . 2009-05-02 18:41 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-02 18:41 . 2008-11-12 23:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-02 18:41 . 2009-05-02 18:41 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-02 18:41 . 2009-05-02 18:41 -------- d-----w c:\documents and settings\Steph\Application Data\TuneUp Software
2009-05-02 18:40 . 2009-05-02 18:40 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-02 18:40 . 2009-05-02 18:41 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-02 18:40 . 2009-05-02 18:40 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-02 17:55 . 2009-05-02 17:55 -------- d-----w c:\program files\Bonjour
2009-04-15 01:40 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 01:36 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 01:36 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-11 07:15 . 2009-05-10 07:31 2368 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-11 07:13 . 2009-05-10 07:31 19280 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-10 18:16 . 2006-09-01 02:13 78192 ----a-w c:\documents and settings\Steph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 17:26 . 2006-09-01 03:13 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 08:54 . 2005-08-16 09:41 89503 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-10 08:02 . 2008-01-30 00:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-05 07:09 . 2006-09-01 03:30 -------- d-----w c:\program files\Symantec
2009-05-02 21:10 . 2007-09-16 05:13 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-02 21:08 . 2006-10-07 00:40 -------- d-----w c:\program files\The Weather Channel FW
2009-05-02 21:07 . 2006-08-28 08:42 -------- d-----w c:\program files\Dell
2009-05-02 21:06 . 2006-08-28 08:42 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-02 17:57 . 2006-08-28 08:54 -------- d-----w c:\program files\Roxio
2009-05-02 17:56 . 2005-08-17 01:54 -------- d-----w c:\program files\GemMaster
2009-03-24 07:22 . 2006-09-05 01:35 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-24 07:22 . 2006-09-05 01:35 88 --sh--r c:\windows\system32\B0DDC70D09.sys
2009-03-08 11:34 . 2005-08-16 09:18 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2005-08-16 09:18 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2005-08-16 09:18 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2005-08-16 09:18 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2005-08-16 09:18 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2005-08-16 09:18 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2005-08-16 09:18 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2005-08-16 09:18 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2005-08-16 09:18 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2005-08-16 09:18 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w c:\windows\system32\pdh.dll
.
------- Sigcheck -------
[-] 2004-08-10 10:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2004-08-10 10:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdee dce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-10 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[-] 2004-08-10 10:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 10:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[-] 2008-08-14 09:33 2066048 4AC58F03EB94A72809949D757FC39D80 c:\windows\$hf_mig$\KB956841\SP3GDR\ntkrnlpa.exe
[-] 2008-08-14 22:39 2066048 A25E9B86EFFB2AF33BF51E676B68BFB0 c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2020864 243223E3FB74B68DFFBB41989F33DFB3 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP2GDR\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP3QFE\ntkrnlpa.exe
[-] 2008-04-13 18:31 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntkrnlpa.exe
[-] 2008-04-13 18:31 2023936 7F653A89F6E89E3AE0D49830EECE35D4 c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-08 02:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[-] 2008-08-14 10:11 2189184 EEAF32F8E15A24F62BECB1BD403BB5C5 c:\windows\$hf_mig$\KB956841\SP3GDR\ntoskrnl.exe
[-] 2008-08-14 23:11 2189184 31914172342BFF330063F343AC6958FE c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 10:29 2142720 19A791C5DFE59AA9BB1461C4957004F6 c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP2GDR\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 02:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\SoftwareDistribution\Download\51401b498 f4675531d9efb941ee01ef3\SP3QFE\ntoskrnl.exe
[-] 2008-04-13 19:27 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ntoskrnl.exe
[-] 2008-04-13 19:24 2145280 40F8880122A030A7E9E1FEDEA833B33D c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\explorer.exe
[-] 2004-08-10 10:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[-] 2004-08-10 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[-] 2004-08-10 10:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2005-03-10 00:49 295424 C29A5286E64D97385178452D5F307B98 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2004-08-10 10:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2004-08-10 10:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2004-08-10 10:00 1580544 D8309CE33E2B8389362BD4C135C56346 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4661FF0-E2B6-4FC4-BA97-1D5050996795}]
2004-08-10 10:00 104448 ----a-w c:\windows\system32\gsqwipm.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-10 206088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\srivynay]
2004-08-10 10:00 104448 ----a-w c:\windows\system32\gsqwipm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkComm on Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R0 xhluycqc;xhluycqc;c:\windows\system32\drivers\xhlu ycqc.sys [8/16/2005 2:18 AM 23424]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/2/2009 11:41 AM 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
eqpghuhv
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-11 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 23:28]
2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
2009-05-04 c:\windows\Tasks\At1.job
- c:\windows\system32\gsqwipm.dll [2005-08-16 10:00]
2007-07-14 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF1721 57206.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 09:46]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-11 00:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1672)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-05-11 0:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-11 07:19
ComboFix2.txt 2009-05-04 09:58
Pre-Run: 33,744,183,296 bytes free
Post-Run: 33,763,667,968 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windo ws XP Media Center Edition" /noexecute=optin /fastdetect

Malwarebytes' Anti-Malware 1.36
Database version: 2070
Windows 5.1.2600 Service Pack 3
5/13/2009 8:02:15 PM
mbam-log-2009-05-13 (20-02-09).txt
Scan type: Quick Scan
Objects scanned: 84254
Time elapsed: 5 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{c4661ff0-e2b6-4fc4-ba97-1d5050996795} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\srivynay (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c4661ff0-e2b6-4fc4-ba97-1d5050996795} (Trojan.Vundo.H) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\WINDOWS\system32\gsqwipm.dll (Trojan.Vundo.H) -> No action taken.
  #2  
Old 14th May 2009, 11:27
Moderator Group
  
ComboFix Warning

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. That's the decision by the creator and we will abide by that decision.



Everything in the MBAM log says No action taken.

Anyway lets try to clean this up...

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:
KillAll::

NetSvc::
eqpghuhv

Driver::
xhluycqc
eqpghuhv

File::
c:\windows\system32\drivers\xhluycqc.sys
c:\windows\Tasks\At1.job
c:\windows\system32\gsqwipm.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4661FF0-E2B6-4FC4-BA97-1D5050996795}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\srivynay]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Open Malwarebytes' Anti-Malware.
  • Click the Update tab.
  • Click Check for Updates
  • If an update is found, it will download and install.
  • Click the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
__________________
  #3  
Old 14th May 2009, 13:15
New Member Group
  
Thank you so much for your help. Heres the new log.
ComboFix 09-05-14.03 - Steph 05/14/2009 13:04.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.624 [GMT -7:00]
Running from: c:\documents and settings\Steph\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Steph\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FILE ::
c:\windows\system32\drivers\xhluycqc.sys
c:\windows\system32\gsqwipm.dll
c:\windows\Tasks\At1.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\xhluycqc.sys
c:\windows\system32\gsqwipm.dll
c:\windows\Tasks\At1.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_EQPGHUHV
-------\Legacy_XHLUYCQC
-------\Service_xhluycqc

((((((((((((((((((((((((( Files Created from 2009-04-14 to 2009-05-14 )))))))))))))))))))))))))))))))
.
2009-05-14 02:48 . 2009-05-14 02:48 24576 ----a-w c:\windows\system32\VundoFixSVC.exe
2009-05-14 01:31 . 2009-05-14 02:48 -------- d-----w C:\VundoFix Backups
2009-05-10 18:17 . 2009-05-14 20:09 -------- d-----w c:\documents and settings\Steph\Tracing
2009-05-10 18:15 . 2009-05-10 18:15 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-10 18:14 . 2009-05-10 18:16 -------- d-----w c:\program files\Windows Live
2009-05-10 17:31 . 2009-05-10 17:31 -------- d-----w c:\program files\Common Files\Windows Live
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-----w c:\program files\Microsoft
2009-05-10 17:29 . 2009-05-10 17:32 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-----w c:\documents and settings\Steph\Application Data\Windows Desktop Search
2009-05-10 17:29 . 2009-05-10 17:29 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-10 17:28 . 2009-05-10 17:28 -------- d-----w c:\program files\Windows Desktop Search
2009-05-10 17:28 . 2009-05-10 17:28 -------- d-----w c:\windows\system32\GroupPolicy
2009-05-10 17:27 . 2008-03-07 17:02 29696 ------w c:\windows\system32\dllcache\mimefilt.dll
2009-05-10 17:27 . 2008-03-07 17:02 98304 ------w c:\windows\system32\dllcache\nlhtml.dll
2009-05-10 17:27 . 2008-03-07 17:02 192000 ------w c:\windows\system32\dllcache\offfilt.dll
2009-05-10 17:25 . 2009-05-10 17:25 -------- d-----w c:\windows\system32\drivers\UMDF
2009-05-10 17:08 . 2009-05-10 17:08 -------- d-sh--w c:\documents and settings\Steph\IECompatCache
2009-05-10 17:08 . 2009-05-10 17:08 -------- d-sh--w c:\documents and settings\Steph\PrivacIE
2009-05-10 17:05 . 2009-05-10 17:05 -------- d-sh--w c:\documents and settings\Steph\IETldCache
2009-05-10 17:02 . 2009-05-10 17:02 -------- d-----w c:\windows\ie8updates
2009-05-10 17:01 . 2009-04-25 05:30 102400 ------w c:\windows\system32\dllcache\iecompat.dll
2009-05-10 16:59 . 2009-05-10 17:01 -------- dc-h--w c:\windows\ie8
2009-05-10 09:57 . 2009-05-10 09:57 -------- d-----w C:\52a0d57655da9c9fc15435
2009-05-10 09:48 . 2009-05-10 09:48 -------- d-----w c:\windows\system32\XPSViewer
2009-05-10 09:48 . 2009-05-10 09:48 -------- d-----w c:\program files\MSBuild
2009-05-10 09:48 . 2009-05-10 09:48 -------- d-----w c:\program files\Reference Assemblies
2009-05-10 09:47 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-05-10 09:47 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintpr oc.dll
2009-05-10 09:47 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesv c.exe
2009-05-10 09:47 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-10 09:47 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-05-10 09:47 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-05-10 09:47 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-05-10 09:47 . 2009-05-10 09:48 -------- d-----w C:\c4cd4c658e6db55db29be7c002
2009-05-10 09:47 . 2009-05-10 16:54 -------- d-----w c:\windows\SxsCaPendDel
2009-05-10 09:10 . 2008-10-15 16:34 337408 ------w c:\windows\system32\dllcache\netapi32.dll
2009-05-10 09:08 . 2008-05-08 14:02 203136 ------w c:\windows\system32\dllcache\rmcast.sys
2009-05-10 09:08 . 2008-10-24 11:21 455296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-10 09:08 . 2008-12-11 10:57 333952 ------w c:\windows\system32\dllcache\srv.sys
2009-05-10 09:08 . 2008-04-11 19:04 691712 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\system32\scripting
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\l2schemas
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\system32\en
2009-05-10 08:50 . 2009-05-10 08:50 -------- d-----w c:\windows\system32\bits
2009-05-10 08:48 . 2009-05-10 08:50 -------- d-----w c:\windows\ServicePackFiles
2009-05-10 08:44 . 2009-01-08 01:21 26144 ----a-w c:\windows\system32\spupdsvc.exe
2009-05-10 08:30 . 2008-04-14 00:12 20992 ------w c:\windows\system32\spupdwxp.exe
2009-05-10 08:29 . 2008-04-14 00:12 10752 ------w c:\windows\system32\smtpapi.dll
2009-05-10 07:32 . 2009-05-10 08:02 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-05-10 07:32 . 2009-05-10 08:02 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-05-10 07:31 . 2009-05-14 20:07 2329632 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-10 07:31 . 2009-05-14 20:08 401440 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-10 07:31 . 2009-05-10 07:31 -------- d-----w c:\program files\Kaspersky Lab
2009-05-10 07:31 . 2009-05-14 20:09 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-05-10 06:40 . 2009-05-10 06:40 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-10 06:38 . 2009-05-10 07:27 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-10 06:38 . 2009-05-10 06:38 -------- d-----w c:\documents and settings\Steph\Application Data\SUPERAntiSpyware.com
2009-05-10 06:25 . 2009-05-10 07:28 -------- d-----w c:\program files\Loaris Trojan Remover
2009-05-05 07:16 . 2009-05-05 07:16 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-05-05 07:16 . 2009-05-05 07:16 -------- d-----w c:\program files\SiteAdvisor
2009-05-05 07:10 . 2009-05-10 06:23 -------- d-----w c:\program files\McAfee
2009-05-05 07:00 . 2009-05-10 06:23 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-05-04 08:14 . 2008-11-06 09:03 -------- d-----w C:\SDFix
2009-05-04 08:04 . 2009-05-04 08:04 61440 ----a-w c:\windows\system32\drivers\kyhmnink.sys
2009-05-03 17:10 . 2009-05-03 17:10 -------- d-----w c:\documents and settings\Steph\Application Data\Malwarebytes
2009-05-03 16:46 . 2009-05-03 16:46 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-03 16:46 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-03 16:46 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-03 16:46 . 2009-05-03 16:46 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-03 16:46 . 2009-05-03 16:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 16:27 . 2009-05-03 16:27 76832 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-03 15:55 . 2009-05-03 15:55 -------- d-----w c:\documents and settings\Administrator\Application Data\Share-to-Web Upload Folder
2009-05-02 22:54 . 2009-05-10 06:17 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-02 22:37 . 2009-05-02 22:37 -------- d-----w c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-05-02 21:38 . 2009-05-02 21:38 -------- d-----w c:\documents and settings\NetworkService\Application Data\jqkocrau
2009-05-02 21:38 . 2009-05-02 21:38 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\jqkocrau
2009-05-02 19:25 . 2009-05-02 19:25 -------- d-----w c:\documents and settings\Steph\Application Data\jqkocrau
2009-05-02 19:25 . 2009-05-02 19:25 -------- d-----w c:\documents and settings\Steph\Local Settings\Application Data\jqkocrau
2009-05-02 18:41 . 2009-05-02 18:41 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-05-02 18:41 . 2008-11-12 23:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-05-02 18:41 . 2009-05-02 18:41 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-05-02 18:41 . 2009-05-02 18:41 -------- d-----w c:\documents and settings\Steph\Application Data\TuneUp Software
2009-05-02 18:40 . 2009-05-02 18:40 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-05-02 18:40 . 2009-05-02 18:41 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-05-02 18:40 . 2009-05-02 18:40 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-02 17:55 . 2009-05-02 17:55 -------- d-----w c:\program files\Bonjour
2009-04-15 01:40 . 2009-02-06 10:39 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-15 01:36 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 01:36 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-14 20:08 . 2009-05-10 07:31 2452 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-14 20:07 . 2009-05-10 07:31 19280 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 20:04 . 2005-08-16 09:18 23424 ----a-w c:\windows\system32\drivers\zjychice.sys
2009-05-10 18:16 . 2006-09-01 02:13 78192 ----a-w c:\documents and settings\Steph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-10 17:26 . 2006-09-01 03:13 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 08:02 . 2008-01-30 00:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-05 07:09 . 2006-09-01 03:30 -------- d-----w c:\program files\Symantec
2009-05-02 21:10 . 2007-09-16 05:13 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-02 21:08 . 2006-10-07 00:40 -------- d-----w c:\program files\The Weather Channel FW
2009-05-02 21:07 . 2006-08-28 08:42 -------- d-----w c:\program files\Dell
2009-05-02 21:06 . 2006-08-28 08:42 -------- d-----w c:\program files\Common Files\Sonic Shared
2009-05-02 17:57 . 2006-08-28 08:54 -------- d-----w c:\program files\Roxio
2009-05-02 17:56 . 2005-08-17 01:54 -------- d-----w c:\program files\GemMaster
2009-03-24 07:22 . 2006-09-05 01:35 3766 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-24 07:22 . 2006-09-05 01:35 88 --sh--r c:\windows\system32\B0DDC70D09.sys
2009-03-08 11:34 . 2005-08-16 09:18 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2005-08-16 09:18 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2005-08-16 09:18 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2005-08-16 09:18 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2005-08-16 09:18 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2005-08-16 09:18 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:31 . 2005-08-16 09:18 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2005-08-16 09:18 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2005-08-16 09:18 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2005-08-16 09:18 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-08-16 09:18 284160 ----a-w c:\windows\system32\pdh.dll
.
------- Sigcheck -------
[-] 2004-08-10 10:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\svchost.exe
[-] 2008-04-14 00:12 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\user32.dll
[-] 2008-04-14 00:12 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[-] 2004-08-10 10:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ws2_32.dll
[-] 2008-04-14 00:12 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\SoftwareDistribution\Download\ad744bdee dce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\system32\drivers\tcpip.sys
[-] 2004-08-10 10:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\winlogon.exe
[-] 2008-04-14 00:12 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[-] 2004-08-10 10:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ndis.sys
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[-] 2004-08-10 10:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2008-04-13 18:53 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 00:12 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\explorer.exe
[-] 2004-08-10 10:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\lsass.exe
[-] 2008-04-14 00:12 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[-] 2004-08-10 10:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\ctfmon.exe
[-] 2008-04-14 00:12 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\spoolsv.exe
[-] 2008-04-14 00:12 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[-] 2004-08-10 10:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\userinit.exe
[-] 2008-04-14 00:12 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[-] 2005-03-10 00:49 295424 C29A5286E64D97385178452D5F307B98 c:\windows\$NtServicePackUninstall$\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\termsrv.dll
[-] 2008-04-14 00:12 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[-] 2004-08-10 10:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\powrprof.dll
[-] 2008-04-14 00:12 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[-] 2004-08-10 10:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\imm32.dll
[-] 2008-04-14 00:11 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[-] 2004-08-10 10:00 1580544 D8309CE33E2B8389362BD4C135C56346 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\SoftwareDistribution\Download\dd9ab5193 501484cf5e6884fa1d22f9e\sfcfiles.dll
[-] 2008-04-14 00:12 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-11_07.16.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-14 20:08 . 2009-05-14 20:08 16384 c:\windows\temp\Perflib_Perfdata_7f4.dat
- 2006-08-28 09:01 . 2009-05-02 23:59 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-05-14 01:27 . 2009-05-14 01:27 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
- 2009-05-10 09:56 . 2009-05-10 09:56 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-23 02:05 . 2007-03-23 02:05 97632 c:\windows\Installer\$PatchCache$\Managed\90401109 00063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2009-04-02 21:35 . 2009-04-02 21:35 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBPROXY .DLL
+ 2009-04-02 21:35 . 2009-04-02 21:35 68496 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PXBCOM.E XE
- 2006-08-28 09:01 . 2009-05-02 23:59 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-08-28 09:01 . 2009-05-02 23:59 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-08-28 09:01 . 2009-05-14 01:29 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-02-14 04:05 . 2009-05-14 01:28 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-02-14 04:05 . 2009-05-02 23:58 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2005-08-16 09:18 . 2008-04-13 19:24 2145280 c:\windows\system32\ntoskrnl.exe
+ 2005-08-16 09:18 . 2009-02-06 11:06 2145280 c:\windows\system32\ntoskrnl.exe
- 2004-08-04 03:59 . 2008-04-13 18:31 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2004-08-04 03:59 . 2009-02-06 10:32 2023936 c:\windows\system32\ntkrnlpa.exe
+ 2009-04-02 21:35 . 2009-04-02 21:35 1787216 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6425\PPCNV.DL L
+ 2006-09-01 03:19 . 2009-05-07 07:16 24699336 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-05-10 206088]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^$McRebootA5E6DEAA56$.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk
backup=c:\windows\pss\$McRebootA5E6DEAA56$.lnkComm on Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup=c:\windows\pss\officejet 6100.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/2/2009 11:41 AM 603904]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - XHLUYCQC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 23:28]
2009-03-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:34]
2007-07-14 c:\windows\Tasks\FRU Task 2002-06-27 08:46ewlett-Packard2002-06-27 08:46p psc 2200 seriesF56855811176EC24C9B302F94878AD886AF77CFF1721 57206.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 09:46]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 13:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3776)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Ahead\Lib\MSVCP71.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2009-05-14 13:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-14 20:12
ComboFix2.txt 2009-05-04 09:58
Pre-Run: 33,719,230,464 bytes free
Post-Run: 33,705,033,728 bytes free
404 --- E O F --- 2009-05-14 19:52
  #4  
Old 14th May 2009, 15:27
Moderator Group
  
Can I get the new Malwarebytes log please.
__________________
  #5  
Old 14th May 2009, 20:46
New Member Group
  
Hey Thanks Evil

Malwarebytes' Anti-Malware 1.36
Database version: 2070
Windows 5.1.2600 Service Pack 3
5/14/2009 8:46:03 PM
mbam-log-2009-05-14 (20-46-03).txt
Scan type: Quick Scan
Objects scanned: 84334
Time elapsed: 3 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
  #6  
Old 15th May 2009, 10:06
Moderator Group
  
Time to do some cleanup and secure the work you have done.

  • Click START then RUN
  • Now type Combofix /u in the runbox
  • Make sure there's a space between Combofix and /u
  • Then hit Enter.
The above procedure will:
  • Delete:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Set a new, clean Restore Point.


----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.
  • Click Start Now
  • Check the box next to Enable thorough system inspection.
  • Click Start
  • Allow the scan to finish and scroll down to see if any updates are needed.
  • Update anything listed.


----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
__________________
  #7  
Old 15th May 2009, 13:12
New Member Group
  
Thanks Evil, this was much appreciated.
Reply

Register
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright ©2006 - 2009 Computer Juice.
Contact - Privacy - Sitemap - Top

Powered by vBulletin® Copyright ©2000 - 2009 Jelsoft Enterprises Ltd. SEO by vBSEO ©2009, Crawlability, Inc.