Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Flashcodec.exe Virus

(New)
(!)

Nicbaz's Avatar
Nicbaz Nicbaz is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: May 2008
28-Apr-2009, 11:40 PM #1
Flashcodec.exe Virus
Today i downloaded a flashcodex.exe file.

It was a fake, a virus.
It has shut down my internet. I am now using a different computer.
All my web browsers do not work, when i first go the virus my MSN stayed signed in though?

FireFox, GoogleCrome, IE7 all don't work.

I have run combofix, it fixed some cashing errors with FF3 But still didnt fix the conection probs.

Il will post the combofix log when i can find it. For not here is the Hijackthis Log.


Quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:18 PM, on 29/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\system32\CF23380.exe
C:\Windows\system32\CF23380.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\ComboFix\pv.cfexe
C:\ComboFix\pev.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareware.pro/?lang=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareware.pro/?lang=en
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{92AD9C0F-AC5E-45F5-B850-D60F08B1ACE1}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{B57DE57F-744D-41F6-B63B-E6F04AD8B54B}: NameServer = 85.255.0.0,85.255.0.0
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5273DD6-5F82-4875-B745-5183BB9A7B3A}: NameServer = 85.255.0.0,85.255.0.0
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11538 bytes

Last edited by Nicbaz; 29-Apr-2009 at 12:12 AM..
Nicbaz's Avatar
Nicbaz Nicbaz is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: May 2008
29-Apr-2009, 12:17 AM #2
And here is the ComboFix logg, i have ran copmbo fix twice, this is the second logg, i lost the first please note that lots more was deleted in the first logg.

Quote:
ComboFix 09-04-28.02 - Patrick 29/04/2009 13:59.4 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3061.2624 [GMT 10:00]
Running from: c:\users\Patrick\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 03:47 . 2009-04-29 03:47 -------- d-----w c:\program files\Trend Micro
2009-04-24 10:47 . 2009-04-24 10:47 -------- d-----w c:\users\Public\Pixophile - Art Portfolio_files
2009-04-23 05:55 . 2009-04-23 06:57 -------- d-----w c:\users\Patrick\AppData\Roaming\BitTorrent
2009-04-23 05:54 . 2009-04-23 05:54 -------- d-----w c:\users\Patrick\AppData\Local\DNA
2009-04-23 05:54 . 2009-04-29 03:24 -------- d-----w c:\program files\DNA
2009-04-23 05:54 . 2009-04-29 03:44 -------- d-----w c:\users\Patrick\AppData\Roaming\DNA
2009-04-23 05:54 . 2009-04-23 05:55 -------- d-----w c:\program files\BitTorrent
2009-04-19 02:30 . 2009-04-19 02:30 -------- d-----w c:\users\Patrick\AppData\Local\Scion
2009-04-18 04:46 . 2009-04-18 04:49 -------- d-----w c:\users\Patrick\AppData\Local\Microsoft Games
2009-04-18 02:01 . 2009-04-18 02:01 -------- d-----w c:\program files\Electric Rain
2009-04-16 03:03 . 2009-04-16 22:23 -------- d-----w c:\users\Patrick\thumbnails
2009-04-15 00:57 . 2009-04-15 00:57 -------- d-----w c:\users\Patrick\SpryAssets
2009-04-13 21:10 . 2008-03-16 04:47 872192 ----a-w c:\windows\system32\drivers\mod7700.sys
2009-04-13 21:10 . 2008-01-22 05:10 100864 ----a-w c:\windows\system32\drivers\ewusbnet.sys
2009-04-13 21:10 . 2008-03-17 01:05 101632 ----a-r c:\windows\system32\drivers\ewusbmdm.sys
2009-04-13 21:10 . 2008-03-17 01:57 103680 ----a-w c:\windows\system32\drivers\ewusbfake.sys
2009-04-13 21:10 . 2007-08-08 18:06 23424 ----a-r c:\windows\system32\drivers\ewdcsc.sys
2009-04-13 21:05 . 2009-04-13 21:19 -------- d-----w c:\program files\Mobile Partner
2009-04-12 23:36 . 2009-04-13 00:30 680 ----a-w c:\users\Patrick\AppData\Local\d3d9caps.dat
2009-03-31 20:35 . 2009-03-31 20:35 -------- d-----w c:\users\Patrick\AppData\Local\Xara
2009-03-31 20:32 . 2009-04-01 08:24 -------- d-----w c:\program files\Xara
2009-03-31 20:32 . 2009-04-23 06:59 -------- d-----w c:\program files\Common Files\Xara

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 02:58 . 2009-02-11 04:00 12 ----a-w c:\windows\bthservsdp.dat
2009-04-29 01:08 . 2009-02-17 06:45 34 ----a-w c:\users\Patrick\jagex_runescape_preferences.dat
2009-04-26 23:40 . 2009-02-17 05:04 111744 ----a-w c:\users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-23 06:58 . 2009-02-10 20:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 02:00 . 2009-02-10 20:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 21:10 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-13 21:10 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-13 21:10 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-03-28 11:01 . 2009-02-17 05:45 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 10:13 . 2009-03-27 10:13 -------- d-----w c:\program files\Caderno
2009-03-21 08:23 . 2009-03-21 08:23 0 ----a-w c:\users\Patrick\jagex_runescape_18581223preferences.dat
2009-03-20 10:23 . 2009-03-20 10:23 -------- d-----w c:\program files\InterActual
2009-03-06 23:35 . 2009-03-06 23:35 -------- d-----w c:\program files\Fast Browser
2009-03-06 21:15 . 2009-02-17 05:20 -------- d-----w c:\program files\SCAR 3.15
2009-02-18 08:24 . 2009-02-18 08:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-17 22:51 . 2009-02-17 05:59 146 ----a-w c:\users\Patrick\AppData\Roaming\wklnhst.dat
2009-02-17 06:20 . 2009-02-17 06:20 0 ----a-w c:\windows\nsreg.dat
2009-02-11 11:50 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-02-11 11:50 . 2009-02-11 11:50 8704 ----a-w c:\windows\system32\hccoin.dll
2009-02-11 11:50 . 2009-02-11 11:50 73216 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-02-11 11:50 . 2009-02-11 11:50 5888 ----a-w c:\windows\system32\drivers\usbd.sys
2009-02-11 11:50 . 2009-02-11 11:50 39936 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-02-11 11:50 . 2009-02-11 11:50 23552 ----a-w c:\windows\system32\drivers\usbuhci.sys
2009-02-11 11:50 . 2009-02-11 11:50 226304 ----a-w c:\windows\system32\drivers\usbport.sys
2009-02-11 11:50 . 2009-02-11 11:50 195584 ----a-w c:\windows\system32\drivers\usbhub.sys
2009-02-11 11:50 . 2009-02-11 11:50 15872 ----a-w c:\windows\system32\hcrstco.dll
2009-02-11 11:49 . 2009-02-11 11:49 26112 ----a-w c:\windows\system32\hidserv.dll
2009-02-11 11:49 . 2009-02-11 11:49 22016 ----a-w c:\windows\system32\hid.dll
2009-02-11 11:48 . 2009-02-11 11:48 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-02-11 11:48 . 2009-02-11 11:48 74752 ----a-w c:\windows\system32\newdev.exe
2009-02-11 11:48 . 2009-02-11 11:48 468992 ----a-w c:\windows\system32\newdev.dll
2009-02-11 11:48 . 2009-02-11 11:48 180224 ----a-w c:\windows\system32\scrobj.dll
2009-02-11 11:48 . 2009-02-11 11:48 172032 ----a-w c:\windows\system32\scrrun.dll
2009-02-11 11:48 . 2009-02-11 11:48 155648 ----a-w c:\windows\system32\wscript.exe
2009-02-11 11:48 . 2009-02-11 11:48 135168 ----a-w c:\windows\system32\cscript.exe
2009-02-11 11:48 . 2009-02-11 11:48 90112 ----a-w c:\windows\system32\wshext.dll
2009-02-11 11:48 . 2009-02-11 11:48 430080 ----a-w c:\windows\system32\vbscript.dll
2009-02-11 11:46 . 2009-02-11 11:46 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-02-11 11:45 . 2009-02-11 11:45 269312 ----a-w c:\windows\system32\es.dll
2009-02-11 11:42 . 2009-02-11 11:42 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-02-11 11:40 . 2009-02-11 11:40 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-02-11 11:39 . 2009-02-11 11:39 885248 ----a-w c:\windows\system32\RacEngn.dll
2009-02-11 11:39 . 2009-02-11 11:39 1314816 ----a-w c:\windows\system32\quartz.dll
2009-02-11 11:38 . 2009-02-11 11:38 1695744 ----a-w c:\windows\system32\gameux.dll
2009-02-11 11:37 . 2009-02-11 11:37 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-02-11 11:37 . 2009-02-11 11:37 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-02-11 11:37 . 2009-02-11 11:37 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-02-11 11:36 . 2009-02-11 11:49 29184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-02-11 11:36 . 2009-02-11 11:49 220160 ----a-w c:\windows\system32\drivers\bthport.sys
2009-02-11 11:36 . 2009-02-11 11:49 19456 ----a-w c:\windows\system32\drivers\bthenum.sys
2009-02-11 11:36 . 2009-02-11 11:49 181760 ----a-w c:\windows\system32\fsquirt.exe
2009-02-11 11:34 . 2009-02-11 11:34 443392 ----a-w c:\windows\system32\win32spl.dll
2009-02-11 11:32 . 2009-02-11 11:32 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-02-11 11:32 . 2009-02-11 11:32 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-02-11 11:31 . 2009-02-11 11:31 2032640 ----a-w c:\windows\system32\win32k.sys
2009-02-11 11:31 . 2009-02-11 11:31 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-02-10 20:29 . 2009-02-10 20:29 243312 ----a-w c:\users\Public\GoogleToolbarUser.exe
2009-02-10 20:20 . 2009-02-10 20:20 75 --sh--r c:\windows\CT4CET.bin
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-02-10 20:30 . 2009-02-17 07:18 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_03.09.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-04-29 03:25 74238 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-17 04:58 . 2009-04-29 03:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-02-17 04:58 . 2009-04-29 01:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-02-17 04:58 . 2009-04-29 03:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-02-17 04:58 . 2009-04-29 01:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 04:58 . 2009-04-29 03:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-02-17 04:58 . 2009-04-29 01:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-02-17 05:04 . 2009-04-29 03:25 4734 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-654739891-416204842-1371545251-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-04-29 03:59 601686 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-29 03:59 105502 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-17 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-23 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-18 148888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-10 30192]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{249F9628-7C5C-442D-84D4-7F4B13921885}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B97AC137-FE95-4ECD-8932-0A8F95ED2B06}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{A79AB7D8-1140-46C0-98D0-29730F7404E1}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{4340FB54-D896-40FA-B28E-5E5FB7C79EFE}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{552A88F4-2E64-4059-99C8-4DADC040E269}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{B3F50256-365E-4683-99C6-DFD250630EB5}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{FE8D7DC9-69AE-4D9E-8873-D3A50F9A1CC7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{F5A77F46-6D53-4067-AB4C-B39A3B846E06}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{1839ABF9-6A8F-4A7C-93DB-6C12EA01797F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0AEEE16B-306C-4357-8758-8B5CE3CCFF06}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{7BD3B317-7A98-477E-A426-92B6CF36F99F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{DFD522DA-3C47-43EA-AAC5-E40F686424F1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D415C5F-1D67-47D8-AD5B-32C71F42EE02}"= UDP:990:LocalSubnet:LocalSubnet|IF={2D4139E0-D4AF-4F61-A578-39E898A86915}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\W indowsMobile\wmdSync.exe,-4001
"{9C50F0D6-0BDA-4B2D-AD74-3ABDB47AFDBA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{219A3451-4942-4288-B4A7-8CA176F15AF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D8991FA0-7DD0-4E0A-947A-57FCC80D6C83}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{98254710-895D-429A-A59B-F94A5CE3518D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{87AD3333-3F8D-4C6C-833F-74D8D9755129}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2E55F22F-9430-4620-A7ED-730B7C036162}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{F8448726-3C0A-415A-87E9-542DA66855EA}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{069892BB-055E-41EE-87BE-4A3260A78D76}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{A356F040-CEF4-4AC3-BAFB-FD79885C2D24}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-10 30192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4345b228-2802-11de-aa6e-00234efd4c59}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4345b25b-2802-11de-aa6e-00234efd4c59}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{aff26ef6-f7ef-11dd-8cd3-806e6f6e6963}]
\shell\AutoRun\command - E:\NCM9EXT.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-654739891-416204842-1371545251-1000.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 00:47]

2009-02-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-10 05:32]

2009-02-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-10 05:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.shareware.pro/?lang=en
mStart Page = hxxp://search.shareware.pro/?lang=en
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {92AD9C0F-AC5E-45F5-B850-D60F08B1ACE1} = 85.255.0.0,85.255.0.0
TCP: {B57DE57F-744D-41F6-B63B-E6F04AD8B54B} = 85.255.0.0,85.255.0.0
TCP: {E5273DD6-5F82-4875-B745-5183BB9A7B3A} = 85.255.0.0,85.255.0.0
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\gr4mweus.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.shareware.pro/?lang=en
FF - prefs.js: keyword.URL - hxxp://search.shareware.pro/?lang=en
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Patrick\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dl l
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 14:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.ex e,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcxejcveewdbmofvsft eviejobaenmbvsj.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1332)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2009-04-29 14:05
ComboFix-quarantined-files.txt 2009-04-29 04:05
ComboFix2.txt 2009-04-29 03:11

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 41,948,315,648 bytes free

387 --- E O F --- 2009-02-23 16:03
Nicbaz's Avatar
Nicbaz Nicbaz is offline
Junior Member with 4 posts.
THREAD STARTER
 
Join Date: May 2008
29-Apr-2009, 12:17 AM #3
And here is the ComboFix logg, i have ran copmbo fix twice, this is the second logg, i lost the first please note that lots more was deleted in the first logg.

Quote:
ComboFix 09-04-28.02 - Patrick 29/04/2009 13:59.4 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3061.2624 [GMT 10:00]
Running from: c:\users\Patrick\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-29 )))))))))))))))))))))))))))))))
.

2009-04-29 03:47 . 2009-04-29 03:47 -------- d-----w c:\program files\Trend Micro
2009-04-24 10:47 . 2009-04-24 10:47 -------- d-----w c:\users\Public\Pixophile - Art Portfolio_files
2009-04-23 05:55 . 2009-04-23 06:57 -------- d-----w c:\users\Patrick\AppData\Roaming\BitTorrent
2009-04-23 05:54 . 2009-04-23 05:54 -------- d-----w c:\users\Patrick\AppData\Local\DNA
2009-04-23 05:54 . 2009-04-29 03:24 -------- d-----w c:\program files\DNA
2009-04-23 05:54 . 2009-04-29 03:44 -------- d-----w c:\users\Patrick\AppData\Roaming\DNA
2009-04-23 05:54 . 2009-04-23 05:55 -------- d-----w c:\program files\BitTorrent
2009-04-19 02:30 . 2009-04-19 02:30 -------- d-----w c:\users\Patrick\AppData\Local\Scion
2009-04-18 04:46 . 2009-04-18 04:49 -------- d-----w c:\users\Patrick\AppData\Local\Microsoft Games
2009-04-18 02:01 . 2009-04-18 02:01 -------- d-----w c:\program files\Electric Rain
2009-04-16 03:03 . 2009-04-16 22:23 -------- d-----w c:\users\Patrick\thumbnails
2009-04-15 00:57 . 2009-04-15 00:57 -------- d-----w c:\users\Patrick\SpryAssets
2009-04-13 21:10 . 2008-03-16 04:47 872192 ----a-w c:\windows\system32\drivers\mod7700.sys
2009-04-13 21:10 . 2008-01-22 05:10 100864 ----a-w c:\windows\system32\drivers\ewusbnet.sys
2009-04-13 21:10 . 2008-03-17 01:05 101632 ----a-r c:\windows\system32\drivers\ewusbmdm.sys
2009-04-13 21:10 . 2008-03-17 01:57 103680 ----a-w c:\windows\system32\drivers\ewusbfake.sys
2009-04-13 21:10 . 2007-08-08 18:06 23424 ----a-r c:\windows\system32\drivers\ewdcsc.sys
2009-04-13 21:05 . 2009-04-13 21:19 -------- d-----w c:\program files\Mobile Partner
2009-04-12 23:36 . 2009-04-13 00:30 680 ----a-w c:\users\Patrick\AppData\Local\d3d9caps.dat
2009-03-31 20:35 . 2009-03-31 20:35 -------- d-----w c:\users\Patrick\AppData\Local\Xara
2009-03-31 20:32 . 2009-04-01 08:24 -------- d-----w c:\program files\Xara
2009-03-31 20:32 . 2009-04-23 06:59 -------- d-----w c:\program files\Common Files\Xara

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-29 02:58 . 2009-02-11 04:00 12 ----a-w c:\windows\bthservsdp.dat
2009-04-29 01:08 . 2009-02-17 06:45 34 ----a-w c:\users\Patrick\jagex_runescape_preferences.dat
2009-04-26 23:40 . 2009-02-17 05:04 111744 ----a-w c:\users\Patrick\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-23 06:58 . 2009-02-10 20:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 02:00 . 2009-02-10 20:15 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 21:10 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-13 21:10 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-13 21:10 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-03-28 11:01 . 2009-02-17 05:45 -------- d-----w c:\program files\Common Files\Adobe
2009-03-27 10:13 . 2009-03-27 10:13 -------- d-----w c:\program files\Caderno
2009-03-21 08:23 . 2009-03-21 08:23 0 ----a-w c:\users\Patrick\jagex_runescape_18581223preferences.dat
2009-03-20 10:23 . 2009-03-20 10:23 -------- d-----w c:\program files\InterActual
2009-03-06 23:35 . 2009-03-06 23:35 -------- d-----w c:\program files\Fast Browser
2009-03-06 21:15 . 2009-02-17 05:20 -------- d-----w c:\program files\SCAR 3.15
2009-02-18 08:24 . 2009-02-18 08:25 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-17 22:51 . 2009-02-17 05:59 146 ----a-w c:\users\Patrick\AppData\Roaming\wklnhst.dat
2009-02-17 06:20 . 2009-02-17 06:20 0 ----a-w c:\windows\nsreg.dat
2009-02-11 11:50 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-02-11 11:50 . 2009-02-11 11:50 8704 ----a-w c:\windows\system32\hccoin.dll
2009-02-11 11:50 . 2009-02-11 11:50 73216 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-02-11 11:50 . 2009-02-11 11:50 5888 ----a-w c:\windows\system32\drivers\usbd.sys
2009-02-11 11:50 . 2009-02-11 11:50 39936 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-02-11 11:50 . 2009-02-11 11:50 23552 ----a-w c:\windows\system32\drivers\usbuhci.sys
2009-02-11 11:50 . 2009-02-11 11:50 226304 ----a-w c:\windows\system32\drivers\usbport.sys
2009-02-11 11:50 . 2009-02-11 11:50 195584 ----a-w c:\windows\system32\drivers\usbhub.sys
2009-02-11 11:50 . 2009-02-11 11:50 15872 ----a-w c:\windows\system32\hcrstco.dll
2009-02-11 11:49 . 2009-02-11 11:49 26112 ----a-w c:\windows\system32\hidserv.dll
2009-02-11 11:49 . 2009-02-11 11:49 22016 ----a-w c:\windows\system32\hid.dll
2009-02-11 11:48 . 2009-02-11 11:48 1191936 ----a-w c:\windows\system32\msxml3.dll
2009-02-11 11:48 . 2009-02-11 11:48 74752 ----a-w c:\windows\system32\newdev.exe
2009-02-11 11:48 . 2009-02-11 11:48 468992 ----a-w c:\windows\system32\newdev.dll
2009-02-11 11:48 . 2009-02-11 11:48 180224 ----a-w c:\windows\system32\scrobj.dll
2009-02-11 11:48 . 2009-02-11 11:48 172032 ----a-w c:\windows\system32\scrrun.dll
2009-02-11 11:48 . 2009-02-11 11:48 155648 ----a-w c:\windows\system32\wscript.exe
2009-02-11 11:48 . 2009-02-11 11:48 135168 ----a-w c:\windows\system32\cscript.exe
2009-02-11 11:48 . 2009-02-11 11:48 90112 ----a-w c:\windows\system32\wshext.dll
2009-02-11 11:48 . 2009-02-11 11:48 430080 ----a-w c:\windows\system32\vbscript.dll
2009-02-11 11:46 . 2009-02-11 11:46 738304 ----a-w c:\windows\system32\inetcomm.dll
2009-02-11 11:45 . 2009-02-11 11:45 269312 ----a-w c:\windows\system32\es.dll
2009-02-11 11:42 . 2009-02-11 11:42 361984 ----a-w c:\windows\system32\IPSECSVC.DLL
2009-02-11 11:40 . 2009-02-11 11:40 303616 ----a-w c:\windows\system32\wmpeffects.dll
2009-02-11 11:39 . 2009-02-11 11:39 885248 ----a-w c:\windows\system32\RacEngn.dll
2009-02-11 11:39 . 2009-02-11 11:39 1314816 ----a-w c:\windows\system32\quartz.dll
2009-02-11 11:38 . 2009-02-11 11:38 1695744 ----a-w c:\windows\system32\gameux.dll
2009-02-11 11:37 . 2009-02-11 11:37 801280 ----a-w c:\windows\system32\NaturalLanguage6.dll
2009-02-11 11:37 . 2009-02-11 11:37 2644480 ----a-w c:\windows\system32\NlsLexicons0009.dll
2009-02-11 11:37 . 2009-02-11 11:37 12240896 ----a-w c:\windows\system32\NlsLexicons0007.dll
2009-02-11 11:36 . 2009-02-11 11:49 29184 ----a-w c:\windows\system32\drivers\BTHUSB.SYS
2009-02-11 11:36 . 2009-02-11 11:49 220160 ----a-w c:\windows\system32\drivers\bthport.sys
2009-02-11 11:36 . 2009-02-11 11:49 19456 ----a-w c:\windows\system32\drivers\bthenum.sys
2009-02-11 11:36 . 2009-02-11 11:49 181760 ----a-w c:\windows\system32\fsquirt.exe
2009-02-11 11:34 . 2009-02-11 11:34 443392 ----a-w c:\windows\system32\win32spl.dll
2009-02-11 11:32 . 2009-02-11 11:32 212480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys
2009-02-11 11:32 . 2009-02-11 11:32 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-02-11 11:31 . 2009-02-11 11:31 2032640 ----a-w c:\windows\system32\win32k.sys
2009-02-11 11:31 . 2009-02-11 11:31 113664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-02-10 20:29 . 2009-02-10 20:29 243312 ----a-w c:\users\Public\GoogleToolbarUser.exe
2009-02-10 20:20 . 2009-02-10 20:20 75 --sh--r c:\windows\CT4CET.bin
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-02-10 20:30 . 2009-02-17 07:18 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-04-29_03.09.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-04-29 03:25 74238 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-17 04:58 . 2009-04-29 03:49 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
- 2009-02-17 04:58 . 2009-04-29 01:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\ Cookies\index.dat
+ 2009-02-17 04:58 . 2009-04-29 03:49 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
- 2009-02-17 04:58 . 2009-04-29 01:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Te mporary Internet Files\Content.IE5\index.dat
+ 2009-02-17 04:58 . 2009-04-29 03:49 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
- 2009-02-17 04:58 . 2009-04-29 01:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Hi story\History.IE5\index.dat
+ 2009-02-17 05:04 . 2009-04-29 03:25 4734 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-654739891-416204842-1371545251-1000_UserData.bin
+ 2006-11-02 10:33 . 2009-04-29 03:59 601686 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-04-29 03:59 105502 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 06:52 80384 ----a-w c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-10 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-04-16 133104]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-17 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-23 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-05-04 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-11-12 405504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-18 148888]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-27 3563520]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-10 30192]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-10-04 206064]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{249F9628-7C5C-442D-84D4-7F4B13921885}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{B97AC137-FE95-4ECD-8932-0A8F95ED2B06}"= c:\program files\Dell\MediaDirect\MediaDirect.exeell MediaDirect
"{A79AB7D8-1140-46C0-98D0-29730F7404E1}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{4340FB54-D896-40FA-B28E-5E5FB7C79EFE}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{552A88F4-2E64-4059-99C8-4DADC040E269}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{B3F50256-365E-4683-99C6-DFD250630EB5}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{FE8D7DC9-69AE-4D9E-8873-D3A50F9A1CC7}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{F5A77F46-6D53-4067-AB4C-B39A3B846E06}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{1839ABF9-6A8F-4A7C-93DB-6C12EA01797F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{0AEEE16B-306C-4357-8758-8B5CE3CCFF06}"= UDP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{7BD3B317-7A98-477E-A426-92B6CF36F99F}"= TCP:c:\program files\MSN Messenger\msnmsgr.exe:MSN Messenger 7.5
"{DFD522DA-3C47-43EA-AAC5-E40F686424F1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3D415C5F-1D67-47D8-AD5B-32C71F42EE02}"= UDP:990:LocalSubnet:LocalSubnet|IF={2D4139E0-D4AF-4F61-A578-39E898A86915}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\W indowsMobile\wmdSync.exe,-4001
"{9C50F0D6-0BDA-4B2D-AD74-3ABDB47AFDBA}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{219A3451-4942-4288-B4A7-8CA176F15AF2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D8991FA0-7DD0-4E0A-947A-57FCC80D6C83}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{98254710-895D-429A-A59B-F94A5CE3518D}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{87AD3333-3F8D-4C6C-833F-74D8D9755129}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2E55F22F-9430-4620-A7ED-730B7C036162}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{F8448726-3C0A-415A-87E9-542DA66855EA}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)
"{069892BB-055E-41EE-87BE-4A3260A78D76}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{A356F040-CEF4-4AC3-BAFB-FD79885C2D24}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\Auth orizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-02-10 30192]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-03-04 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-03-04 7424]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4345b228-2802-11de-aa6e-00234efd4c59}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4345b25b-2802-11de-aa6e-00234efd4c59}]
\shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{aff26ef6-f7ef-11dd-8cd3-806e6f6e6963}]
\shell\AutoRun\command - E:\NCM9EXT.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-654739891-416204842-1371545251-1000.job
- c:\users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-16 00:47]

2009-02-10 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-10 05:32]

2009-02-10 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-02-10 05:32]
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce-<NO NAME> - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.shareware.pro/?lang=en
mStart Page = hxxp://search.shareware.pro/?lang=en
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} -
TCP: {92AD9C0F-AC5E-45F5-B850-D60F08B1ACE1} = 85.255.0.0,85.255.0.0
TCP: {B57DE57F-744D-41F6-B63B-E6F04AD8B54B} = 85.255.0.0,85.255.0.0
TCP: {E5273DD6-5F82-4875-B745-5183BB9A7B3A} = 85.255.0.0,85.255.0.0
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\gr4mweus.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.shareware.pro/?lang=en
FF - prefs.js: keyword.URL - hxxp://search.shareware.pro/?lang=en
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Patrick\AppData\Local\Google\Update\1.2.141.5\npGoogleOneClick7.dl l
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-29 14:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.ex e,-101"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10a.ocx, 1"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\SOFTWARE\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\SOFTWARE\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_USERS\SOFTWARE\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_USERS\SYSTEM\ControlSet002\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcxejcveewdbmofvsft eviejobaenmbvsj.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1332)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\btncopy.dll
.
Completion time: 2009-04-29 14:05
ComboFix-quarantined-files.txt 2009-04-29 04:05
ComboFix2.txt 2009-04-29 03:11

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 41,948,315,648 bytes free

387 --- E O F --- 2009-02-23 16:03
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
flashcodec.exe, no internet, virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑