Please check logs (rogue antivirus) problem - Page 2

litobitblond · 10-17-2009

Here you go

DDS (Ver_09-10-13.01) - NTFSx86
Run by Marilyn at 17:41:59.06 on Sat 10/17/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.595 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marilyn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ATI Scheduler] c:\program files\ati multimedia\main\ATISched.EXE
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\marilyn\startm~1\programs\startup\ami-up~1.lnk - c:\program files\alchemy mindworks\up2date\AMI-up2date.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mag ict~1.lnk - c:\program files\portrait displays\magictune\DTHtml.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
LSP: c:\windows\system32\lsp.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} - hxxp://www.umediaserver.net/bin/UMediaControl5.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150050385515
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38088.0036342593
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} - hxxp://www.umediaserver.net/bin/UMediaControl3.cab
DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/shpo/default/shapo.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup151.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marilyn\applic~1\mozilla\firefox\profi les\tq1njf2d.default\
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-15 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-15 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-15 297752]
R2 CINEMSUP;Software Cinemaster NT4.0 Driver;c:\windows\system32\drivers\cinemsup.sys [2006-6-11 6144]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdih wctl.sys [2003-1-29 14416]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2006-1-21 14976]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [2005-12-28 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [2005-12-28 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [2005-12-28 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [2005-12-28 38912]
S3 csaudio;USB2.0 Audio Device Driver;c:\windows\system32\drivers\csaud.sys [2004-7-11 11008]
S3 DCamUSB20;USB 2.0 WebCam;c:\windows\system32\drivers\CsMini20.sys [2004-7-11 126037]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [2005-12-28 13824]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]

=============== Created Last 30 ================

2009-10-16 15:29 178,432 a------- c:\windows\system32\lsp.dll
2009-10-16 15:26 <DIR> --d----- c:\program files\quwcjb
2009-09-30 14:30 <DIR> --d----- c:\docume~1\marilyn\applic~1\Trillian

==================== Find3M ====================

2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-23 17:59 389,120 a------- c:\windows\system32\CF14253.exe
2009-08-23 16:00 922,112 -------- c:\windows\system32\imapi2fs.dll
2009-08-23 16:00 426,496 -------- c:\windows\system32\imapi2.dll
2009-08-15 13:04 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 04:01 204,800 -------- c:\windows\system32\mswebdvd.dll
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2005-08-17 20:52 4,056,576 -------- c:\program files\pspx.msi
2005-08-17 20:52 1,942 -------- c:\program files\Setup.ini
2005-08-17 20:52 7,032,943 -------- c:\program files\_NoVer~1.cab
2005-08-17 20:52 2,674,349 -------- c:\program files\RCDLL_~1.cab
2005-08-17 20:52 1,086,668 -------- c:\program files\ThumbS~1.cab
2005-08-17 20:52 745,272 -------- c:\program files\_Yahoo~1.cab
2005-08-17 20:52 1,054 -------- c:\program files\Retail.cab
2005-08-17 20:52 1,900,383 -------- c:\program files\EXE_Pr~1.cab
2005-08-17 20:52 63,803,765 -------- c:\program files\Conten~1.cab
2005-08-17 20:52 20,557,824 -------- c:\program files\PaintS~1.cab
2005-08-17 20:51 1,080,225 -------- c:\program files\_ISUS.cab
2005-08-17 20:51 6,011 -------- c:\program files\Update~1.cab
2005-07-14 00:27 2,587,408 -------- c:\program files\msi31.exe
2005-07-14 00:25 1,822,520 -------- c:\program files\instmsiw.exe
2005-07-14 00:25 1,708,856 -------- c:\program files\instmsia.exe
2005-07-14 00:24 5,515 -------- c:\program files\0x0409.ini
2003-11-20 21:12 22,175,519 -------- c:\documents and settings\marilyn\NetStudioPictures.exe.zip

============= FINISH: 17:42:19.18 ===============

Crush · 10-18-2009

litobitblond,

You are operating your computer with multiple Anti Virus programs:
Macafee
AVG

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please Uninstall all but one of them using Control Panel, Add/Remove Programs.
==============================================

Next, Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

============================================

After that, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Combofix -> Anti-malware Tools -> Downloads

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

litobitblond · 10-18-2009

Crush I know it says Macafee is on here but it always has and I have searched for it and can't find it any where.

ComboFix 09-10-16.09 - Marilyn 10/17/2009 20:51.8.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.589 [GMT -5:00]
Running from: c:\documents and settings\Marilyn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\10e165a.msi
c:\windows\Installer\1950a9.msi
c:\windows\Installer\19bfa82.msi
c:\windows\Installer\1a26a18.msi
c:\windows\Installer\520534.msi
c:\windows\Installer\7ac66e.msi
c:\windows\Installer\7d3c14.msi
c:\windows\Installer\84ba6c.msi
c:\windows\Installer\93f332.msi
c:\windows\Installer\c82e4b.msi
c:\windows\Installer\e1eb58.msi
c:\windows\system32\axaltocm.dll
c:\windows\system32\images
c:\windows\system32\images\accessinghvnoprop.jpg
c:\windows\system32\images\accessingmdesk.jpg
c:\windows\system32\images\ati_logo.jpg
c:\windows\system32\images\hvdm.jpg
c:\windows\system32\images\hvhotkeys.jpg
c:\windows\system32\images\hvsystray.jpg
c:\windows\system32\images\hvsystray2.jpg
c:\windows\system32\lsp.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-18 to 2009-10-18 )))))))))))))))))))))))))))))))
.
2009-10-16 22:50 . 2009-10-16 22:50 -------- d-----w- c:\documents and settings\Marilyn\Local Settings\Application Data\AIM
2009-10-16 20:26 . 2009-10-16 22:47 -------- d-----w- c:\program files\quwcjb
2009-10-09 14:29 . 2009-10-09 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-30 19:30 . 2009-09-30 19:31 -------- d-----w- c:\documents and settings\Marilyn\Application Data\Trillian
2009-09-30 19:30 . 2009-10-18 01:58 -------- d-----w- c:\program files\Trillian
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-18 01:58 . 2004-04-26 02:03 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80671102}.dat
2009-10-18 01:58 . 2004-04-26 02:03 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000002-80671102}.dat
2009-10-18 01:40 . 2004-04-11 21:46 -------- d-----w- c:\program files\Java
2009-10-11 15:37 . 2007-10-17 13:50 -------- d-----w- c:\program files\PhotoScape
2009-10-07 15:33 . 2007-01-31 15:38 -------- d-----w- c:\program files\Google
2009-09-16 19:21 . 2008-08-29 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-16 19:14 . 2009-09-16 17:20 -------- d-----w- c:\program files\Yahoo!
2009-09-16 17:20 . 2007-05-20 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-10 19:54 . 2008-08-29 22:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-08-29 22:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-05 16:43 . 2009-09-05 16:30 -------- d-----w- c:\program files\softendo.com
2009-08-24 19:21 . 2007-08-26 14:47 -------- d-----w- c:\program files\Microsoft Picture It! PhotoPub
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-20 23:14 . 2007-01-02 04:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-15 18:04 . 2009-08-15 18:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-15 18:04 . 2009-08-15 18:04 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-15 18:04 . 2009-08-15 18:04 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-15 18:04 . 2009-08-15 18:04 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-07 00:24 . 2004-08-12 13:34 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-12 13:34 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 09:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-12 13:34 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-04-11 07:14 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-04-11 07:08 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-12 13:34 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-06-12 14:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2004-04-11 07:14 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-04-11 08:10 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-31 20:23 . 2008-11-22 17:27 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-08-18 01:52 . 2005-11-24 17:47 4056576 ------w- c:\program files\pspx.msi
2005-08-18 01:52 . 2005-11-24 17:47 1942 ------w- c:\program files\Setup.ini
2005-08-18 01:52 . 2005-11-24 17:47 7032943 ------w- c:\program files\_NoVer~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 745272 ------w- c:\program files\_Yahoo~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 2674349 ------w- c:\program files\RCDLL_~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 1086668 ------w- c:\program files\ThumbS~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 1054 ------w- c:\program files\Retail.cab
2005-08-18 01:52 . 2005-11-24 17:47 1900383 ------w- c:\program files\EXE_Pr~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 63803765 ------w- c:\program files\Conten~1.cab
2005-08-18 01:52 . 2005-11-24 17:47 20557824 ------w- c:\program files\PaintS~1.cab
2005-08-18 01:51 . 2005-11-24 17:47 1080225 ------w- c:\program files\_ISUS.cab
2005-08-18 01:51 . 2005-11-24 17:47 6011 ------w- c:\program files\Update~1.cab
2005-07-14 05:27 . 2005-11-24 17:47 2587408 ------w- c:\program files\msi31.exe
2005-07-14 05:25 . 2005-11-24 17:47 1822520 ------w- c:\program files\instmsiw.exe
2005-07-14 05:25 . 2005-11-24 17:47 1708856 ------w- c:\program files\instmsia.exe
2005-07-14 05:24 . 2005-11-24 17:47 5515 ------w- c:\program files\0x0409.ini
2005-01-07 20:20 . 2005-01-07 20:20 278528 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll
2005-01-07 20:20 . 2005-01-07 20:20 143360 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
2006-07-31 01:47 . 2006-07-14 19:36 848 --sh--w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ATI Scheduler"="c:\program files\ATI Multimedia\main\ATISched.EXE" [2001-10-02 28672]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-12 1961984]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-09 28672]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-11 20992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]
c:\documents and settings\Marilyn\Start Menu\Programs\Startup\
AMI-Up2Date.lnk - c:\program files\Alchemy Mindworks\Up2Date\AMI-up2date.exe [2004-4-25 290816]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MagicTune.lnk - c:\program files\Portrait Displays\MagicTune\DTHtml.exe [2003-9-29 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-15 18:04 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ------w- c:\windows\system32\PCANotify.dll
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe"
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_06\bin\jusched.exe
"WatchDog"=c:\program files\mobile PhoneTools\WatchDog.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.ex e
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\Abacast\\Abaclient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\VCOM\\Web Easy Pro\\WebEasy5.exe"=
"c:\\Program Files\\VectorWorks 10.1\\VectorWorks.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr .exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8419:TCP"= 8419:TCP

ca1
"7378:UDP"= 7378:UDP

ca2
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/15/2009 1:04 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/15/2009 1:04 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/15/2009 1:04 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/15/2009 1:04 PM 297752]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdih wctl.sys [1/29/2003 3:08 PM 14416]
R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [1/21/2006 8:54 PM 14976]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [12/28/2005 8:54 AM 79360]
S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [12/28/2005 8:55 AM 174592]
S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [12/28/2005 8:54 AM 64512]
S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [12/28/2005 8:54 AM 38912]
S3 csaudio;USB2.0 Audio Device Driver;c:\windows\system32\drivers\csaud.sys [7/11/2004 9:55 AM 11008]
S3 DCamUSB20;USB 2.0 WebCam;c:\windows\system32\drivers\CsMini20.sys [7/11/2004 9:55 AM 126037]
S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [12/28/2005 8:55 AM 13824]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
.
Contents of the 'Scheduled Tasks' folder
2009-10-17 c:\windows\Tasks\Backup M_s.job
- c:\windows\system32\ntbackup.exe [2001-08-23 00:12]
2009-10-05 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-16 14:22]
2009-10-17 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-04-24 18:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} - hxxp://www.umediaserver.net/bin/UMediaControl3.cab
DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab
FF - ProfilePath - c:\documents and settings\Marilyn\Application Data\Mozilla\Firefox\Profiles\tq1njf2d.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\documents and settings\Marilyn\Desktop\HijackThis.exe

************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-10-17 20:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2472)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\msdtc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\AIM6\aolsoftware.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
************************************************** ************************
.
Completion time: 2009-10-18 21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-18 02:07
Pre-Run: 35,104,604,160 bytes free
Post-Run: 35,081,601,024 bytes free
264 --- E O F --- 2009-10-11 19:00

Crush · 10-18-2009

Litobitblond,

That's easily resolved. Go here and download the Macafee removal tool:

How to uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)
===========================================

Next, please go Start>Run

Type appwiz.cpl

This will bring up your Add/Remove Programs utility. Please check if the following exists:

quwcjb

If it exists, please uninstall it and move on to the next step. If not, please move on to the next step.
===========================================

Now, let's delete the leftover folder. Please navigate to the following folder and delete it:

c:\program files\quwcjb

Then, right click on your Recycle Bin and choose Empty Recycle Bin
=========================================

Next, Please visit Virustotal

Click the Browse.. button
Navigate to the file c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80671102}.dat
Click the Open button
Click the Send button
Do the same for c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000002-80671102}.dat
Also please do the same for c:\program files\0x0409.ini

Copy and paste the URL to the results into a new reply in this thread please. At the end you will have 3 URL's

If VirusTotal is busy please use Jotti

litobitblond · 4 Weeks Ago

Crush see if these are right I may have done one twice. Thought they were the same but then saw there weren't.

analisis/8392f282bb266cfebe3f59f6f083d56a2f5a578d24708daf54 82bf6c3365ef6f-1244144002

analisis/40a1d71f6f448f58bc28930f01fffe2d97956f5d43efba5692 c8f4bf5445df29-1237493960

analisis/8392f282bb266cfebe3f59f6f083d56a2f5a578d24708daf54 82bf6c3365ef6f-1244144002

Crush · 4 Weeks Ago

Great! None of those are infected. Were you able to complete the other steps?

litobitblond · 4 Weeks Ago

Yes got the other done!!Was not in add/remove but deleted the folder.

10-17-2009	#8
litobitblond Silver Member Join Date: Sep 2008 Posts: 103 PC Experience: Experienced	Re: Please check logs (rogue antivirus) probl Here you go DDS (Ver_09-10-13.01) - NTFSx86 Run by Marilyn at 17:41:59.06 on Sat 10/17/2009 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.595 [GMT -5:00] AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan On-access scanning disabled (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall Plus disabled {94894B63-8C7F-4050-BDA4-813CA00DA3E8} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Portrait Displays\MagicTune\dtsrvc.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\ATI Multimedia\main\ATISched.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Portrait Displays\MagicTune\DTHtml.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trillian\trillian.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Marilyn\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [ATI Scheduler] c:\program files\ati multimedia\main\ATISched.EXE uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe" uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [CTHelper] CTHELPER.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Logitech Utility] Logi_MwX.Exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\marilyn\startm~1\programs\startup\ami-up~1.lnk - c:\program files\alchemy mindworks\up2date\AMI-up2date.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mag ict~1.lnk - c:\program files\portrait displays\magictune\DTHtml.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} LSP: c:\windows\system32\lsp.dll DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {26522409-8BBF-4C5B-A4D3-CF4B1D6F255B} - hxxp://www.umediaserver.net/bin/UMediaControl5.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150050385515 DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://www.pandasoftware.com/activescan/as5/asinst.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38088.0036342593 DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab DPF: {BE964208-66F0-48FB-8F53-0C2BC35A610A} - hxxp://www.umediaserver.net/bin/UMediaControl3.cab DPF: {CA11EB7C-1C85-4577-8A49-9E28EFB30184} - hxxp://www.umediaserver.net/bin/UMediaControl4.cab DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://zone.msn.com/bingame/feed/default/SproutLauncher.cab DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin.cab DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/shpo/default/shapo.cab DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup151.cab DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/aio/en/check/qdiagh.cab?319 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll Notify: PCANotify - PCANotify.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\marilyn\applic~1\mozilla\firefox\profi les\tq1njf2d.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-15 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-15 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-15 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-15 297752] R2 CINEMSUP;Software Cinemaster NT4.0 Driver;c:\windows\system32\drivers\cinemsup.sys [2006-6-11 6144] R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdih wctl.sys [2003-1-29 14416] R2 portD;CMS PortIO Service;c:\windows\system32\drivers\portd2k.sys [2006-1-21 14976] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S3 atinysxx;ATI USB 2.0 TV Audio Crossbar;c:\windows\system32\drivers\atinysxx.sys [2005-12-28 79360] S3 atinyvxx;ATI TV WONDER USB2.0 Video & Audio;c:\windows\system32\drivers\atinyvxx.sys [2005-12-28 174592] S3 ATITUNEP2;ATI TV WONDER USB2.0 TV Tuner;c:\windows\system32\drivers\atinyuxx.sys [2005-12-28 64512] S3 ATIUTD;ATI TV WONDER USB2.0 Device Driver;c:\windows\system32\drivers\ATIUTD.sys [2005-12-28 38912] S3 csaudio;USB2.0 Audio Device Driver;c:\windows\system32\drivers\csaud.sys [2004-7-11 11008] S3 DCamUSB20;USB 2.0 WebCam;c:\windows\system32\drivers\CsMini20.sys [2004-7-11 126037] S3 TTDec;ATI TV WONDER USB2.0 Teletext Decoder;c:\windows\system32\drivers\atinyttx.sys [2005-12-28 13824] S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?] =============== Created Last 30 ================ 2009-10-16 15:29 178,432 a------- c:\windows\system32\lsp.dll 2009-10-16 15:26 <DIR> --d----- c:\program files\quwcjb 2009-09-30 14:30 <DIR> --d----- c:\docume~1\marilyn\applic~1\Trillian ==================== Find3M ==================== 2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys 2009-08-23 17:59 389,120 a------- c:\windows\system32\CF14253.exe 2009-08-23 16:00 922,112 -------- c:\windows\system32\imapi2fs.dll 2009-08-23 16:00 426,496 -------- c:\windows\system32\imapi2.dll 2009-08-15 13:04 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-08-06 19:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 19:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 04:01 204,800 -------- c:\windows\system32\mswebdvd.dll 2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll 2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll 2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2005-08-17 20:52 4,056,576 -------- c:\program files\pspx.msi 2005-08-17 20:52 1,942 -------- c:\program files\Setup.ini 2005-08-17 20:52 7,032,943 -------- c:\program files\_NoVer~1.cab 2005-08-17 20:52 2,674,349 -------- c:\program files\RCDLL_~1.cab 2005-08-17 20:52 1,086,668 -------- c:\program files\ThumbS~1.cab 2005-08-17 20:52 745,272 -------- c:\program files\_Yahoo~1.cab 2005-08-17 20:52 1,054 -------- c:\program files\Retail.cab 2005-08-17 20:52 1,900,383 -------- c:\program files\EXE_Pr~1.cab 2005-08-17 20:52 63,803,765 -------- c:\program files\Conten~1.cab 2005-08-17 20:52 20,557,824 -------- c:\program files\PaintS~1.cab 2005-08-17 20:51 1,080,225 -------- c:\program files\_ISUS.cab 2005-08-17 20:51 6,011 -------- c:\program files\Update~1.cab 2005-07-14 00:27 2,587,408 -------- c:\program files\msi31.exe 2005-07-14 00:25 1,822,520 -------- c:\program files\instmsiw.exe 2005-07-14 00:25 1,708,856 -------- c:\program files\instmsia.exe 2005-07-14 00:24 5,515 -------- c:\program files\0x0409.ini 2003-11-20 21:12 22,175,519 -------- c:\documents and settings\marilyn\NetStudioPictures.exe.zip ============= FINISH: 17:42:19.18 ===============

10-18-2009	#9
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,112 PC Experience: Always Learning New Things	Re: Please check logs (rogue antivirus) probl litobitblond, You are operating your computer with multiple Anti Virus programs: Macafee AVG Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please Uninstall all but one of them using Control Panel, Add/Remove Programs. ============================================== Next, Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. ============================================ After that, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages . http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe Combofix -> Anti-malware Tools -> Downloads * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. Double-click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply. __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this**

10-18-2009	#11
Crush Tech Support Team Join Date: Sep 2008 Location: Caldwell, New Jersey Posts: 10,112 PC Experience: Always Learning New Things	Re: Please check logs (rogue antivirus) probl Litobitblond, That's easily resolved. Go here and download the Macafee removal tool: How to uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe) =========================================== Next, please go Start>Run Type appwiz.cpl This will bring up your Add/Remove Programs utility. Please check if the following exists: quwcjb If it exists, please uninstall it and move on to the next step. If not, please move on to the next step. =========================================== Now, let's delete the leftover folder. Please navigate to the following folder and delete it: c:\program files\quwcjb Then, right click on your Recycle Bin and choose Empty Recycle Bin ========================================= Next, Please visit Virustotal Click the Browse.. button Navigate to the file c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000002-80671102}.dat Click the Open button Click the Send button Do the same for c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000002-80671102}.dat Also please do the same for c:\program files\0x0409.ini Copy and paste the URL to the results into a new reply in this thread please. At the end you will have 3 URL's If VirusTotal is busy please use Jotti __________________ Crush aka Chris [Prework][Afterwork][PCHF Rules][BSOD's][SFC][Screenshots][PC Specs][Donate] I am in fact, quite cool. My graphing calculator confirms this

4 Weeks Ago	#12
litobitblond Silver Member Join Date: Sep 2008 Posts: 103 PC Experience: Experienced	Re: Please check logs (rogue antivirus) probl Crush see if these are right I may have done one twice. Thought they were the same but then saw there weren't. analisis/8392f282bb266cfebe3f59f6f083d56a2f5a578d24708daf54 82bf6c3365ef6f-1244144002 analisis/40a1d71f6f448f58bc28930f01fffe2d97956f5d43efba5692 c8f4bf5445df29-1237493960 analisis/8392f282bb266cfebe3f59f6f083d56a2f5a578d24708daf54 82bf6c3365ef6f-1244144002

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
Fixed: Can someone check these logs	darkeevee	[Fixed] Hijackthis! Logs	14	04-07-2009 09:07 AM
Logs need check	xanz	[Fixed] Hijackthis! Logs	12	04-01-2009 11:39 AM
Fixed: Can someone check these logs for me?	pootsey	[Fixed] Hijackthis! Logs	6	03-22-2009 10:35 PM
Fixed: Can someone just check these logs please	pc18	[Fixed] Hijackthis! Logs	13	07-27-2008 11:34 PM
[Fixed] can you check my logs	genie3251	[Fixed] Hijackthis! Logs	6	10-14-2006 08:34 PM

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode