The BullGuard products and services are part of NortonLifeLock Inc., a global leader in consumer Cyber Safety with a portofolio of brands including Norton, Avira and more. Learn more at NortonLifeLock.com

HELP I AM GOING MAD

Posted 11/21/2008 4:13 PM
#68672
User avatar

traceyd31 Member

Date Joined Nov 2016
Total Posts: 5
I have used Windows Live, Malware, Windows Defender but when I go to the AVG site the internet just shuts down. I have down loaded your CC Cleaner etc and here are the results

ComboFix 08-11-20.02 - Tracey 2008-11-22 2:54:34.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.537 [GMT 11:00]
Running from: c:\documents and settings\Tracey\Desktop\FIX\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\defbbcafb.dll

----- BITS: Possible infected sites -----

hxxp://accesspornovideo.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FCI


((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.

2008-11-22 02:49 . 2008-11-22 02:49 d-------- c:\program files\CCleaner
2008-11-22 00:16 . 2008-11-22 02:15 d-------- c:\program files\Windows Live Safety Center
2008-11-22 00:16 . 2008-11-22 00:16 d-------- c:\program files\Windows Defender
2008-11-21 21:43 . 2008-11-21 21:43 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 21:43 . 2008-11-21 21:43 d-------- c:\documents and settings\Tracey\Application Data\Malwarebytes
2008-11-21 21:43 . 2008-11-21 21:43 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 21:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 21:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 21:19 . 2008-11-21 22:13 14,848 --a------ c:\windows\system32\getfn32.dll
2008-11-21 21:18 . 2008-11-21 21:18 176,128 --a------ c:\windows\system32\ws77814.dll
2008-11-21 21:18 . 2008-11-21 21:18 176,128 --a------ c:\windows\system32\mws77814.dll
2008-11-21 21:08 . 2008-11-22 00:14 32,768 --a------ c:\windows\system32\drivers\ati5ryxx.sys
2008-11-21 21:07 . 2008-11-22 00:00 d-------- c:\program files\IESurfBar
2008-11-21 21:07 . 2008-11-21 21:07 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-21 16:44 . 2008-11-21 16:44 d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-11-21 16:41 . 2008-11-21 16:41 d-------- c:\program files\Microsoft Works
2008-11-21 16:40 . 2008-11-21 16:40 d-------- c:\program files\Microsoft.NET
2008-11-21 16:38 . 2008-11-21 16:38 d-------- c:\program files\Common Files\ESRI
2008-11-21 16:35 . 2008-11-21 16:37 d-------- c:\windows\LastGood(2)
2008-11-21 16:28 . 2008-11-21 16:44 d--h----- c:\documents and settings\All Users\Application Data\CanonBJ(3)
2008-11-21 15:03 . 2008-11-21 15:03 d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-21 13:52 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-21 13:42 . 2008-11-21 16:44 d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-21 13:40 . 2008-11-21 13:40 d--h----- c:\program files\CanonBJ
2008-11-21 13:38 . 2008-11-21 13:53 d-------- c:\program files\Canon
2008-11-21 13:37 . 2008-11-21 13:37 d-------- c:\program files\Samsung
2008-11-21 13:37 . 2005-04-29 15:29 589,824 --a------ c:\windows\system32\xvidcore.dll
2008-11-21 13:37 . 1998-07-09 20:41 217,088 --a------ c:\windows\system32\skjpeg40.dll
2008-11-21 13:37 . 2005-04-04 17:52 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-11-21 13:37 . 1998-03-04 11:40 83,968 --a------ c:\windows\system32\Skbase40.dll
2008-11-21 13:37 . 2005-04-04 17:56 65,536 --a------ c:\windows\system32\xvid.ax
2008-11-21 13:37 . 2004-03-09 10:39 8,704 --a------ c:\windows\system32\vidccleaner.exe
2008-11-21 12:30 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-11-21 12:29 . 2008-11-21 12:29 d-------- c:\program files\MSBuild
2008-11-21 12:25 . 2008-11-21 16:39 d-------- c:\program files\Microsoft Visual Studio 8
2008-11-21 12:24 . 2008-11-21 12:28 d-------- c:\windows\SHELLNEW
2008-11-21 12:23 . 2008-11-21 12:23 dr-h----- C:\MSOCache
2008-11-21 12:23 . 2008-11-21 16:44 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-19 13:11 . 1998-03-02 15:36 76 --a------ c:\windows\sapmsg.ini
2008-11-19 13:11 . 1998-03-02 15:36 60 --a------ c:\windows\saproute.ini
2008-11-19 13:10 . 2008-11-21 16:48 d-------- c:\documents and settings\Tracey\SapWorkDir
2008-11-19 13:10 . 2008-11-21 16:48 2,865 --a------ c:\windows\saplogon.ini
2008-11-19 13:06 . 2006-03-07 03:52 352,256 --a------ c:\windows\system32\sapfcpl.cpl
2008-11-19 13:05 . 2008-11-21 16:37 d-------- c:\program files\SAP
2008-11-19 13:05 . 2008-11-21 16:39 d-------- c:\program files\Nortel Networks
2008-11-19 13:05 . 2008-11-21 16:38 d-------- c:\program files\Common Files\SAP Shared
2008-11-19 13:01 . 2008-04-14 05:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-18 21:31 . 2008-11-18 21:31 d-------- c:\documents and settings\Tracey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-18 21:15 . 2008-11-18 21:15 d-------- c:\windows\system32\Adobe
2008-11-18 21:12 . 2008-11-18 21:12 d-------- c:\program files\Common Files\xing shared
2008-11-18 21:11 . 2008-11-18 21:11 d-------- c:\program files\Real
2008-11-18 21:11 . 2008-11-18 21:12 d-------- c:\program files\Common Files\Real
2008-11-18 21:11 . 2008-11-18 21:11 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-18 21:11 . 2008-11-18 21:11 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-18 21:05 . 2008-11-18 21:05 d-------- c:\program files\Java
2008-11-18 21:05 . 2008-11-18 21:05 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-18 21:05 . 2008-11-18 21:05 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-18 18:23 . 2008-11-18 18:23 d-------- c:\program files\Common Files\Adobe
2008-11-18 18:20 . 2008-11-18 20:46 d-------- c:\program files\NOS
2008-11-18 18:20 . 2008-11-18 20:46 d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-18 18:15 . 2008-11-18 18:15 0 --a------ c:\windows\nsreg.dat
2008-11-18 17:32 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-18 17:32 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-17 23:37 . 2008-11-17 23:37 d-------- c:\documents and settings\Tracey\Application Data\Windows Search
2008-11-17 23:37 . 2008-11-17 23:37 d-------- c:\documents and settings\Tracey\Application Data\Windows Desktop Search
2008-11-17 23:30 . 2008-11-17 23:30 d-------- c:\documents and settings\NetworkService\Application Data\Intel
2008-11-17 20:46 . 2008-11-22 02:21 d-------- c:\documents and settings\Tracey\Application Data\uTorrent
2008-11-17 20:35 . 2008-11-17 20:35 d--hs---- c:\documents and settings\Tracey\UserData
2008-11-17 20:15 . 2008-11-17 20:15 d-------- c:\windows\system32\config\systemprofile\Application Data\Intel
2008-11-17 20:15 . 2008-11-17 20:15 d-------- c:\documents and settings\Tracey\Application Data\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 02:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 12:37 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-17 12:36 --------- d-----w c:\program files\Windows Desktop Search
2008-11-17 11:56 --------- d-----w c:\program files\MSXML 4.0
2008-11-17 11:48 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-17 09:46 --------- d-----w c:\program files\uTorrent
2008-11-17 09:21 --------- d-----w c:\program files\Modem Helper
2008-11-17 09:21 --------- d-----w c:\program files\CONEXANT
2008-11-17 09:19 --------- d-----w c:\program files\SigmaTel
2008-11-17 09:15 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-17 09:15 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-11-17 09:14 --------- d-----w c:\program files\Intel
2008-11-17 09:09 --------- d-----w c:\program files\BlueTooth
2008-11-17 09:07 --------- d-----w c:\program files\Toshiba
2008-11-17 08:58 --------- d-----w c:\program files\DIFX
2008-11-17 08:58 --------- d-----w c:\program files\Broadcom
2008-11-17 08:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-17 08:36 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21A237A4-3A94-4198-911D-647ED2263DD2}]
2008-11-21 22:13 14848 --a------ c:\windows\system32\getfn32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 136600]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5ryxx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2006-10-17 12:20 398944 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-12-28 11:56 602182 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-12-28 11:55 667718 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 11:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-18 21:11 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2008-11-19 9049]
R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-11-19 115008]
S0 ati5ryxx;ati5ryxx;c:\windows\system32\Drivers\ati5ryxx.sys [2008-11-21 32768]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-11-19 115008]
S3 ExtranetAccess;Contivity VPN Service;"c:\program files\Nortel Networks\Extranet_serv.exe" [2008-11-19 626688]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-21 27904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{571b7674-b798-11dd-8e10-444553544200}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contents of the 'Scheduled Tasks' folder

2008-11-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Tracey\Application Data\Mozilla\Firefox\Profiles\46pbzkqs.default\
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-11-22 02:57:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-22 2:59:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-21 15:59:30

Pre-Run: 64,207,872,000 bytes free
Post-Run: 64,269,066,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut

224


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:09 AM, on 22/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Tracey\Desktop\FIX\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: getfn32.msiets - {21A237A4-3A94-4198-911D-647ED2263DD2} - C:\WINDOWS\system32\getfn32.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226992342750
O17 - HKLM\System\CCS\Services\Tcpip\..\{C834437F-2424-436B-8FAF-04DFA85EDDF9}: NameServer = 192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5090 bytes

I would be so greatful as I need my computer to do work as I am on 2 weeks sick leave and working from home.
Posted 11/21/2008 4:40 PM
#68674
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Hello :smile:






Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript
and Save it on the desktop


QUOTE:


Killall::



Snapshot::



File::
c:\windows\system32\getfn32.dll
c:\windows\system32\ws77814.dll
c:\windows\system32\mws77814.dll
c:\windows\system32\drivers\ati5ryxx.sys


Folder::

c:\program files\IESurfBar

Driver::

ati5ryxx

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{21A237A4-3A94-4198-911D-647ED2263DD2}]



https://i266.photobucket.com/albums/ii277/sUBs_/Combo-Do.gif



Once saved, refering to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall





[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/22/2008 1:16 AM
#68703
User avatar

traceyd31 Member

Date Joined Nov 2016
Total Posts: 5
Hello Touch

I just cannot thank you enough for all your help.

I have done as above and here is the report.

Thank you again.

ComboFix 08-11-21.03 - Tracey 2008-11-22 12:07:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.538 [GMT 11:00]
Running from: c:\documents and settings\Tracey\Desktop\FIX\ComboFix.exe
Command switches used :: c:\documents and settings\Tracey\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\drivers\ati5ryxx.sys
c:\windows\system32\getfn32.dll
c:\windows\system32\mws77814.dll
c:\windows\system32\ws77814.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IESurfBar
c:\windows\system32\mws77814.dll
c:\windows\system32\ws77814.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ATI5RYXX
-------\Service_ati5ryxx


((((((((((((((((((((((((( Files Created from 2008-10-22 to 2008-11-22 )))))))))))))))))))))))))))))))
.

2008-11-22 03:54 . 2008-11-22 11:09 d--h----- C:\$AVG8.VAULT$
2008-11-22 03:49 . 2008-11-22 09:11 d-------- c:\windows\system32\drivers\Avg
2008-11-22 03:49 . 2008-11-22 03:49 d-------- c:\program files\AVG
2008-11-22 03:49 . 2008-11-22 03:49 d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-22 03:49 . 2008-11-22 03:49 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-22 03:49 . 2008-11-22 03:49 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-22 02:49 . 2008-11-22 02:49 d-------- c:\program files\CCleaner
2008-11-22 00:16 . 2008-11-22 11:18 d-------- c:\program files\Windows Live Safety Center
2008-11-22 00:16 . 2008-11-22 00:16 d-------- c:\program files\Windows Defender
2008-11-21 21:43 . 2008-11-21 21:43 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-21 21:43 . 2008-11-21 21:43 d-------- c:\documents and settings\Tracey\Application Data\Malwarebytes
2008-11-21 21:43 . 2008-11-21 21:43 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-21 21:43 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-21 21:43 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-21 21:07 . 2008-11-21 21:07 27,904 --a------ c:\windows\system32\drivers\ndisprot.sys
2008-11-21 16:44 . 2008-11-21 16:44 d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2008-11-21 16:41 . 2008-11-21 16:41 d-------- c:\program files\Microsoft Works
2008-11-21 16:40 . 2008-11-21 16:40 d-------- c:\program files\Microsoft.NET
2008-11-21 16:38 . 2008-11-21 16:38 d-------- c:\program files\Common Files\ESRI
2008-11-21 16:35 . 2008-11-21 16:37 d-------- c:\windows\LastGood(2)
2008-11-21 16:28 . 2008-11-21 16:44 d--h----- c:\documents and settings\All Users\Application Data\CanonBJ(3)
2008-11-21 15:03 . 2008-11-21 15:03 d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2008-11-21 13:52 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-21 13:42 . 2008-11-21 16:44 d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2008-11-21 13:40 . 2008-11-21 13:40 d--h----- c:\program files\CanonBJ
2008-11-21 13:38 . 2008-11-21 13:53 d-------- c:\program files\Canon
2008-11-21 13:37 . 2008-11-21 13:37 d-------- c:\program files\Samsung
2008-11-21 13:37 . 2005-04-29 15:29 589,824 --a------ c:\windows\system32\xvidcore.dll
2008-11-21 13:37 . 1998-07-09 20:41 217,088 --a------ c:\windows\system32\skjpeg40.dll
2008-11-21 13:37 . 2005-04-04 17:52 180,224 --a------ c:\windows\system32\xvidvfw.dll
2008-11-21 13:37 . 1998-03-04 11:40 83,968 --a------ c:\windows\system32\Skbase40.dll
2008-11-21 13:37 . 2005-04-04 17:56 65,536 --a------ c:\windows\system32\xvid.ax
2008-11-21 13:37 . 2004-03-09 10:39 8,704 --a------ c:\windows\system32\vidccleaner.exe
2008-11-21 12:30 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-11-21 12:29 . 2008-11-21 12:29 d-------- c:\program files\MSBuild
2008-11-21 12:25 . 2008-11-21 16:39 d-------- c:\program files\Microsoft Visual Studio 8
2008-11-21 12:24 . 2008-11-21 12:28 d-------- c:\windows\SHELLNEW
2008-11-21 12:23 . 2008-11-21 12:23 dr-h----- C:\MSOCache
2008-11-21 12:23 . 2008-11-21 16:44 d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-19 13:11 . 1998-03-02 15:36 76 --a------ c:\windows\sapmsg.ini
2008-11-19 13:11 . 1998-03-02 15:36 60 --a------ c:\windows\saproute.ini
2008-11-19 13:10 . 2008-11-21 16:48 d-------- c:\documents and settings\Tracey\SapWorkDir
2008-11-19 13:10 . 2008-11-21 16:48 2,865 --a------ c:\windows\saplogon.ini
2008-11-19 13:06 . 2006-03-07 03:52 352,256 --a------ c:\windows\system32\sapfcpl.cpl
2008-11-19 13:05 . 2008-11-21 16:37 d-------- c:\program files\SAP
2008-11-19 13:05 . 2008-11-21 16:39 d-------- c:\program files\Nortel Networks
2008-11-19 13:05 . 2008-11-21 16:38 d-------- c:\program files\Common Files\SAP Shared
2008-11-19 13:01 . 2008-04-14 05:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-11-18 21:31 . 2008-11-18 21:31 d-------- c:\documents and settings\Tracey\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-11-18 21:15 . 2008-11-18 21:15 d-------- c:\windows\system32\Adobe
2008-11-18 21:12 . 2008-11-18 21:12 d-------- c:\program files\Common Files\xing shared
2008-11-18 21:11 . 2008-11-18 21:11 d-------- c:\program files\Real
2008-11-18 21:11 . 2008-11-18 21:12 d-------- c:\program files\Common Files\Real
2008-11-18 21:11 . 2008-11-18 21:11 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-11-18 21:11 . 2008-11-18 21:11 348,160 --a------ c:\windows\system32\msvcr71.dll
2008-11-18 21:05 . 2008-11-18 21:05 d-------- c:\program files\Java
2008-11-18 21:05 . 2008-11-18 21:05 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-18 21:05 . 2008-11-18 21:05 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-11-18 18:23 . 2008-11-18 18:23 d-------- c:\program files\Common Files\Adobe
2008-11-18 18:20 . 2008-11-18 20:46 d-------- c:\program files\NOS
2008-11-18 18:20 . 2008-11-18 20:46 d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-18 18:15 . 2008-11-18 18:15 0 --a------ c:\windows\nsreg.dat
2008-11-18 17:32 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-18 17:32 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-17 23:37 . 2008-11-17 23:37 d-------- c:\documents and settings\Tracey\Application Data\Windows Search
2008-11-17 23:37 . 2008-11-17 23:37 d-------- c:\documents and settings\Tracey\Application Data\Windows Desktop Search
2008-11-17 23:30 . 2008-11-17 23:30 d-------- c:\documents and settings\NetworkService\Application Data\Intel
2008-11-17 20:46 . 2008-11-22 11:36 d-------- c:\documents and settings\Tracey\Application Data\uTorrent
2008-11-17 20:35 . 2008-11-17 20:35 d--hs---- c:\documents and settings\Tracey\UserData
2008-11-17 20:15 . 2008-11-17 20:15 d-------- c:\windows\system32\config\systemprofile\Application Data\Intel
2008-11-17 20:15 . 2008-11-17 20:15 d-------- c:\documents and settings\Tracey\Application Data\Intel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 02:37 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 12:37 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-17 12:36 --------- d-----w c:\program files\Windows Desktop Search
2008-11-17 11:56 --------- d-----w c:\program files\MSXML 4.0
2008-11-17 11:48 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-17 09:46 --------- d-----w c:\program files\uTorrent
2008-11-17 09:21 --------- d-----w c:\program files\Modem Helper
2008-11-17 09:21 --------- d-----w c:\program files\CONEXANT
2008-11-17 09:19 --------- d-----w c:\program files\SigmaTel
2008-11-17 09:15 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-17 09:15 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-11-17 09:14 --------- d-----w c:\program files\Intel
2008-11-17 09:09 --------- d-----w c:\program files\BlueTooth
2008-11-17 09:07 --------- d-----w c:\program files\Toshiba
2008-11-17 08:58 --------- d-----w c:\program files\DIFX
2008-11-17 08:58 --------- d-----w c:\program files\Broadcom
2008-11-17 08:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-17 08:36 --------- d-----w c:\program files\microsoft frontpage
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-18 136600]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-22 1234712]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 1724416]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2006-10-17 12:20 398944 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 07:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a------ 2005-12-28 11:56 602182 c:\program files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a------ 2005-12-28 11:55 667718 c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 11:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-11-18 21:11 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-22 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-22 231704]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2008-11-19 9049]
R3 IPSECSHM;Nortel IPSECSHM Adapter;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-11-19 115008]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-11-19 115008]
S3 ExtranetAccess;Contivity VPN Service;"c:\program files\Nortel Networks\Extranet_serv.exe" [2008-11-19 626688]
S3 Ndisprot;ArcNet NDIS Protocol Driver;\??\c:\windows\system32\drivers\Ndisprot.sys [2008-11-21 27904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{571b7674-b798-11dd-8e10-444553544200}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com e:
\Shell\Open\command - e:\resycled\boot.com e:
.
Contents of the 'Scheduled Tasks' folder

2008-11-22 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-ati5ryxx.sys



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, https://www.gmer.net
Rootkit scan 2008-11-22 12:11:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Defender\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\searchindexer.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\windows\system32\searchprotocolhost.exe
.
**************************************************************************
.
Completion time: 2008-11-22 12:13:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-22 01:13:46
ComboFix2.txt 2008-11-22 00:14:07
ComboFix3.txt 2008-11-21 15:59:34

Pre-Run: 64,148,922,368 bytes free
Post-Run: 64,171,745,280 bytes free

226
Posted 11/22/2008 3:50 AM
#68706
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
Please post fresh hijackthis log and tell how things are running ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/22/2008 6:40 AM
#68728
User avatar

traceyd31 Member

Date Joined Nov 2016
Total Posts: 5
I have just ran your Anti Virus and then the Hijackthis log is as follows

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:39:19 PM, on 22/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tracey\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226992342750
O17 - HKLM\System\CCS\Services\Tcpip\..\{C834437F-2424-436B-8FAF-04DFA85EDDF9}: NameServer = 192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 7446 bytes


My machine is going very slowly so I will reboot and fun your antiviris and see if this helps
Posted 11/22/2008 6:51 AM
#68729
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
The slowly computer can be because of you have two active antivirus programs running - >



"Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and will typically cause your computer to crash, and will provide less protection[3].
[/3]Not more."

Remove/uninstall from "add/remove programs" in controlpanel:

One of Your antivirus programs






Reboot, post new hijackthis log and tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/22/2008 1:54 PM
#68745
User avatar

traceyd31 Member

Date Joined Nov 2016
Total Posts: 5
Hello Touch

I think you are my God. I have installed Bullguard and scanned with this and all the others you advised. I have removed the other anti virus and I have attached the log. My system still seems a little slow but as long as it is fixed from trojan's well I will have to live with it. I cannot than you enough for all your help and would like to send you a gift if possible. This is the best forum on the web

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:02 AM, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tracey\Desktop\FIX\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226992342750
O17 - HKLM\System\CCS\Services\Tcpip\..\{C834437F-2424-436B-8FAF-04DFA85EDDF9}: NameServer = 192.168.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 6950 bytes
Posted 11/23/2008 8:31 AM
#68803
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
I´m glad to help, and to hear you like our forum :smile:


BTW. Clean log.




Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->

Uninstall ComboFix. Delete its related folders and files.

Reset your clock settings. Hide file extensions.

Hide the system/hidden files. And resets System Restore again.



Also, please read this article by Tony Klein: How I got Infected in the First Place



See if these tips can improve performance:

[color=#222222>[/color]

[color=#222222>

Start from Step 5[/color]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


Posted 11/24/2008 10:09 AM
#68887
User avatar

traceyd31 Member

Date Joined Nov 2016
Total Posts: 5
Hello Touch

I will run the above and hopefully that will make it faster.

I again thank you and I am not sure if you are related to Bullguard but I am going to buy this to say thank you and also because it works better than the others.

Tracey
Posted 11/24/2008 1:29 PM
#68893
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12974
My pleasure :smile:




Since this issue appears to be resolved ... this Topic has been closed.

If you need this topic reopened, please contact Me with the address of the thread.
Thank you !




[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, August 14, 2022, 11:09 AM (GMT +2)
There are a total of 61,974 posts in 13,697 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,573 registered members. Please welcome our newest member, iAwake.
60 Guest(s), 0 Registered Member(s) are currently online.