1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

trojan blockks system repair, startup

Discussion in 'Malware and Virus Removal Archive' started by janhelpseeker, 2008/07/21.

Page 2 of 2
  1. 2008/08/22
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Jan
    OK that didn't delete it.

    Lets get a new version of Combofix.

    Please delete the combofix.exe you have and download the new version.
    Make sure you disable any real time protections you have running brfore running combofix.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post the Combofix log
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the new combofix log.

    Thanks
    Geri
     
    Geri,
    #21
  2. 2008/08/25
    janhelpseeker

    janhelpseeker Inactive Thread Starter

    Joined:
    2008/07/19
    Messages:
    16
    Likes Received:
    0
    comfix log

    Geri, hier het logje

    ComboFix 08-08-24.02 - quasimodo 2008-08-25 14:23:37.6 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.552 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\quasimodo\Bureaublad\ComboFix.exe
    * Nieuw herstelpunt werd aangemaakt

    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\quasimodo\Cookies\quasimodo@peach.bskyb[2].txt

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-07-25 to 2008-08-25 ))))))))))))))))))))))))))))))
    .

    2008-08-23 19:11 . 2008-08-24 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-23 17:46 . 2008-08-23 17:46 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILIEVERBOVEN.004\Application Data\Malwarebytes
    2008-08-17 02:17 . 2008-08-17 02:17 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-08-17 02:10 . 2008-08-17 02:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-08-16 21:18 . 2008-08-23 17:20 <DIR> d-------- C:\Program Files\EasyZip
    2008-08-16 21:18 . 1999-05-21 21:10 129,024 --a------ C:\WINDOWS\system32\ZipDll.dll
    2008-08-16 21:18 . 1999-05-21 21:10 115,712 --a------ C:\WINDOWS\system32\UnzDll.dll
    2008-08-16 21:18 . 1997-02-17 16:23 53,248 --a------ C:\WINDOWS\system32\UNRAR.DLL
    2008-08-16 21:17 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
    2008-08-13 15:22 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-13 15:21 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-12 13:53 . 2008-08-12 14:23 <DIR> d-------- C:\Documents and Settings\nick\Application Data\Mijn Battle for Middle-earth bestanden
    2008-08-11 14:46 . 2008-08-11 22:11 <DIR> d-------- C:\Documents and Settings\nick\Application Data\F-Secure
    2008-08-10 00:45 . 2008-08-25 13:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-10 00:45 . 2008-08-10 00:45 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-07 01:58 . 2008-08-07 01:58 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-08-02 12:36 . 2008-08-03 00:18 <DIR> d-------- C:\Documents and Settings\quasimodo\Application Data\F-Secure
    2008-08-02 12:35 . 2008-08-02 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
    2008-08-02 12:20 . 2008-08-02 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-08-02 12:20 . 2008-08-02 12:37 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-08-02 12:20 . 2008-08-02 12:37 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-08-02 12:19 . 2008-08-02 12:41 <DIR> d-------- C:\Program Files\Scarlet Secure PC
    2008-08-02 12:17 . 2008-08-02 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2008-08-02 08:13 . 2008-08-02 08:13 685,056 --a------ C:\WINDOWS\is-ICEFL.exe
    2008-08-02 08:13 . 2008-08-02 08:13 11,729 --a------ C:\WINDOWS\is-ICEFL.msg
    2008-08-02 08:13 . 2008-08-02 08:13 460 --a------ C:\WINDOWS\is-ICEFL.lst
    2008-08-02 08:03 . 2008-08-25 13:26 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
    2008-08-01 14:13 . 2008-08-20 09:56 4,196,405 --a------ C:\WINDOWS\pfirewall.log.old
    2008-07-28 16:55 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-25 11:26 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2008-08-23 19:34 --------- d-----w C:\Program Files\Google
    2008-08-22 19:15 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-22 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
    2008-08-22 15:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-20 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-08-19 16:43 --------- d-----w C:\Program Files\Registry Easy
    2008-08-17 13:01 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-17 13:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-17 00:09 --------- d-----w C:\Program Files\Windows Media Connect
    2008-08-14 13:17 --------- d-----w C:\Documents and Settings\nick\Application Data\Ahead
    2008-08-12 15:56 4,906 ----a-w C:\Documents and Settings\nick\Application Data\wklnhst.dat
    2008-08-12 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-12 09:18 --------- d-----w C:\Program Files\Lavasoft
    2008-08-12 09:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-06 20:40 67,736 ----a-w C:\Documents and Settings\quasimodo\Application Data\GDIPFONTCACHEV1.DAT
    2008-08-02 07:16 103,424 ----a-w C:\WINDOWS\system32\idizphz.dll
    2008-07-28 14:55 --------- d-----w C:\Program Files\Java
    2008-07-22 20:34 19,530,621 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_22_21_03_46_full.dmp.zip
    2008-07-22 20:33 --------- d-----w C:\Program Files\BoontyGames
    2008-07-22 17:39 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\Malwarebytes
    2008-07-22 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-21 19:21 --------- d-----w C:\Program Files\Trend Micro
    2008-07-21 18:11 19,565,789 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_21_19_35_24_full.dmp.zip
    2008-07-21 17:34 19,701,328 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_21_16_34_59_full.dmp.zip
    2008-07-21 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-07-21 09:45 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-07-21 09:45 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\SUPERAntiSpyware.com
    2008-07-20 18:08 19,707,333 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_20_18_34_32_full.dmp.zip
    2008-07-20 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-19 22:07 --------- d-----w C:\Documents and Settings\sam\Application Data\Viewpoint
    2008-07-19 18:11 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-07-19 18:05 24 ----a-w C:\Documents and Settings\nick\filter.drv
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\sam\Application Data\Ventrilo
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\sam\Application Data\Pro Cycling Manager 2007
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\uTorrent
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\Pro Cycling Manager 2007
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\DVD Shrink
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\nick\Application Data\Ventrilo
    2008-07-11 18:12 --------- d-----w C:\Program Files\Ventrilo
    2008-07-11 11:45 24 ----a-w C:\Documents and Settings\sam\filter.drv
    2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-05 10:42 --------- d-----w C:\Program Files\CCleaner
    2008-07-05 09:12 2,575 ----a-w C:\Program Files\HBOFF.LOG
    2008-07-05 09:12 1,479 -c--a-w C:\Program Files\Hboff.ini
    2008-07-05 09:12 --------- d-----w C:\Program Files\Userdata
    2008-07-01 21:15 24 ----a-w C:\Documents and Settings\quasimodo\filter.drv
    2008-06-30 16:24 4,222 ----a-w C:\Documents and Settings\sam\Application Data\wklnhst.dat
    2008-06-30 16:18 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-06-30 10:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-30 06:12 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\PC Tools
    2008-06-27 20:35 20,708 ----a-w C:\Documents and Settings\quasimodo\Application Data\wklnhst.dat
    2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 15:12 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-03-29 14:08 67,736 ----a-w C:\Documents and Settings\sam\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-28 20:47 1 ----a-w C:\Documents and Settings\quasimodo\SI.bin
    2007-11-10 14:38 67,736 ----a-w C:\Documents and Settings\nick\Application Data\GDIPFONTCACHEV1.DAT
    2007-07-05 09:11 6,004,736 ----a-w C:\Program Files\HBOFF.EXE
    2007-07-05 09:11 275,968 ----a-w C:\Program Files\HomeBank.exe
    2007-07-05 08:57 180,736 ----a-w C:\Program Files\HBMSG00.dll
    2007-07-05 08:57 176,640 ----a-w C:\Program Files\HBMSG02.dll
    2007-07-05 08:57 175,104 ----a-w C:\Program Files\HBMSG01.dll
    2007-07-05 08:57 164,352 ----a-w C:\Program Files\HBMSG03.dll
    2007-06-25 08:24 84,480 ----a-w C:\Program Files\HBConnMon.exe
    2007-06-25 08:24 744 -c--a-w C:\Program Files\hboff.exe.manifest
    2007-06-25 08:24 71,168 ----a-w C:\Program Files\HbCalc.exe
    2007-06-25 08:24 25,690 -c--a-w C:\Program Files\HBERRORINI.DE
    2007-06-25 08:24 25,298 -c--a-w C:\Program Files\HBERRORINI.FR
    2007-06-25 08:24 24,620 -c--a-w C:\Program Files\HBERRORINI.NL
    2007-06-25 08:24 23,001 -c--a-w C:\Program Files\HBERRORINI.EN
    2005-01-27 13:59 8 --sha-r C:\WINDOWS\system32\62A95D688F.sys
    2007-12-14 13:25 6,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-08-22_20.29.37.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-08-23 18:14:06 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
    + 2008-08-23 18:14:06 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    + 2008-08-23 18:14:06 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
    + 2008-08-23 18:14:06 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2008-08-23 18:14:06 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
    + 2008-08-23 18:14:06 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FFF4FC7-2079-4F05-99C9-3EBE00795F4F}]
    2008-08-02 09:16 103424 --a------ c:\windows\system32\cvxsmzj.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS SmartDoctor "= "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-07-18 16:20 1114112]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 10:10 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status "= "C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03 411648]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 20:15 271672]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 20:34 188416]
    "GameFace Messenger "= "C:\Program Files\GameFace Messenger\GameFace.exe" [2006-11-01 15:50 2154496]
    "Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
    "ISTray "= "C:\Program Files\Spyware Doctor\pctsTray.exe" [BU]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "F-Secure Manager "= "C:\Program Files\Scarlet Secure PC\Common\FSM32.EXE" [2007-04-26 19:12 183208]
    "F-Secure TNB "= "C:\Program Files\Scarlet Secure PC\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
    "AGRSMMSG "= "AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
    "Dit "= "Dit.exe" [2004-07-20 19:18 90112 C:\WINDOWS\Dit.exe]
    "GSICONEXE "= "GSICON.EXE" [2001-05-18 19:29 90112 C:\WINDOWS\system32\gsicon.exe]
    "nwiz "= "nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
    "DSLAGENTEXE "= "dslagent.exe" [2001-05-18 19:29 16384 C:\WINDOWS\system32\DSLAGENT.EXE]
    "GsiFinal "= "gspndll.dll" [2001-05-18 19:28 81920 C:\WINDOWS\system32\gspnDll.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 10:10 68856]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-22 15:46:17 67128]
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-22 15:43:38 692224]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.asv2 "= asusasv2.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=" "

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
    cmicnfg.cpl [BU]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "SpybotSD TeaTimer "=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "C:\\WINDOWS\\system32\\sessmgr.exe "=
    "C:\\WINDOWS\\system32\\fxsclnt.exe "=
    "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe "=
    "D:\\Valve\\Condition Zero\\czero.exe "=
    "F:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe "=
    "F:\\Program Files\\Warcraft III\\Warcraft III.exe "=
    "C:\\Program Files\\Messenger\\msmsgs.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "F:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\MSN Messenger\\livecall.exe "=
    "D:\\program files\\EA GAMES\\The Battle for Middle-earth(tm)\\game.dat "=
    "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe "=
    "C:\\Program Files\\iTunes\\iTunes.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
    "1723:TCP "= 1723:TCP:mad:xpsp2res.dll,-22015
    "1701:UDP "= 1701:UDP:mad:xpsp2res.dll,-22016
    "500:UDP "= 500:UDP:mad:xpsp2res.dll,-22017

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest "= 1 (0x1)

    R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-08-02 12:37]
    R0 rnsjbbou;rnsjbbou;C:\WINDOWS\system32\drivers\rnsjbbou.sys [2004-08-04 13:59]
    R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Scarlet Secure PC\HIPS\fshs.sys [2008-08-02 12:36]
    R2 CA_LIC_CLNT;CA License Client;c:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2003-04-07 12:46]
    R2 LogWatch;Event Log Watch;c:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 12:29]
    R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-02-09 18:02]
    R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINDOWS\system32\DRIVERS\AsusVRC.sys [2007-01-29 18:12]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 14:58]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Scarlet Secure PC\Anti-Virus\minifilter\fsgk.sys [2007-04-26 19:07]
    R3 wbscr;Winbond Smartcard Reader for I/O;C:\WINDOWS\system32\drivers\wbscr.sys [2002-04-24 13:07]
    S2 gafwload;Webr@cer 850 USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2001-05-18 19:35]
    S3 Boonty Games;Boonty Games;C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe [2006-05-20 21:16]
    S3 CA_LIC_SRVR;CA License Server;c:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2003-04-07 12:45]
    S3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-08-25 13:26]
    S3 gkmixern;gkmixern;C:\DOCUME~1\QUASIM~1\LOCALS~1\Temp\gkmixern.sys []
    S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01]
    S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Scarlet Secure PC\Anti-Virus\Win2K\FSfilter.sys [2007-04-26 19:08]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Scarlet Secure PC\Anti-Virus\Win2K\FSrec.sys [2007-04-26 19:08]

    *Newly Created Service* - CATCHME
    .
    Inhoud van de 'Gedeelde Taken' map

    2008-08-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

    2008-08-25 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

    2008-08-15 C:\WINDOWS\Tasks\Schedule Task Weekly.job
    - C:\Program Files\Registry Easy\RE.exe [2008-07-17 15:49]

    2008-08-25 C:\WINDOWS\Tasks\Scheduled scanning task.job
    - C:\PROGRA~1\SCARLE~1\ANTI-V~1\fsav.exe [2007-04-26 13:42]
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-PC Pitstop Optimize Reminder - C:\Program Files\PCPitstop\Optimize2\Reminder.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.be/
    R0 -: HKCU-Main,Search Page = hxxp://www.google.com
    R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
    R0 -: HKLM-Main,Start Page = hxxp://www.logogle.com/ggl.php?hl=ja&lo=Ik%20HOUDT%20VAN%20PAPA%20(EN%20NICK%20OOK)
    R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
    O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O16 -: {4EE87D5D-654F-11D7-828F-B1119AEC2423} - hxxp://www.wiskundeonline.nl/ActiveX/ParCurv/Package/ParCurvCtrl.CAB
    C:\WINDOWS\Downloaded Program Files\ParCurvCtrl.INF
    C:\WINDOWS\system32\Comdlg32.ocx
    C:\WINDOWS\system32\MSVBVM60.DLL
    C:\WINDOWS\system32\OLEAUT32.DLL
    C:\WINDOWS\system32\OLEPRO32.DLL
    C:\WINDOWS\system32\ASYCFILT.DLL
    C:\WINDOWS\system32\STDOLE2.TLB
    C:\WINDOWS\system32\COMCAT.DLL
    C:\WINDOWS\system32\Objsafe.tlb
    C:\WINDOWS\Downloaded Program Files\ParCurvCtrl.ocx
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-25 14:26:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scannen van verborgen processen ...

    scannen van verborgen autostart items ...

    scannen van verborgen bestanden ...

    Scan succesvol afgerond
    verborgen bestanden: 0

    **************************************************************************
    .
    Voltooingstijd: 2008-08-25 14:28:09
    ComboFix-quarantined-files.txt 2008-08-25 12:27:43
    ComboFix2.txt 2008-08-22 18:32:14
    ComboFix3.txt 2008-08-16 00:15:29
    ComboFix4.txt 2008-08-13 00:49:51
    ComboFix5.txt 2008-08-25 12:22:45

    Pre-Run: 43,881,897,984 bytes beschikbaar
    Post-Run: 43,865,853,952 bytes beschikbaar

    280 --- E O F --- 2008-08-21 20:03:39

    Volgens MBAM ben ik geïnfecteerd met het Trojan.BHO.H virus (2 entries in het register en 1 file):
    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8fff4fc7-2079-4f05-99c9-3ebe00795f4f} (Trojan.BHO.H) -> No action taken.

    HKEY_CLASSES_ROOT\CLSID\{8fff4fc7-2079-4f05-99c9-3ebe00795f4f}
    (Trojan.BHO.H) -> No action taken.

    Bestanden geïnfecteerd:
    c:\WINDOWS\system32\cvxsmzj.dll (Trojan.BHO.H) -> No action taken.

    Verwijderen/wijzigen gaat niet -> geblokkeerd.
     
    janhelpseeker,
    #22


  3. to hide this advert.

  4. 2008/08/25
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    OK run MBAM again only this time make sure to have it fix what it finds. see you last run...
    c:\WINDOWS\system32\cvxsmzj.dll (Trojan.BHO.H) -> No action taken

    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Post the entire report in your next reply along with a fresh HijackThis log.

    Now do this.

    Enable the 'Show Hidden Files/Folders' option, like this:
    Click Start.
    Open My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Click OK.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these files (if present):

    C:\WINDOWS\system32\idizphz.dll

    After that, Reboot.

    Then run combofix this way.

    • Close all open programs and windows
    • Click Start>Run and type or paste the following command.

      "%userprofile%\desktop\combofix.exe" /skipfix

    • ComboFix will run ..... follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Please post the MBAM log and the combofix log.

    Thanks
    Geri
     
    Geri,
    #23
  5. 2008/08/28
    janhelpseeker

    janhelpseeker Inactive Thread Starter

    Joined:
    2008/07/19
    Messages:
    16
    Likes Received:
    0
    Sorry Geri,

    Have tried to follow your instructions till my head went blue,so fist MBAM,
    went allright, but then in explorer(as ordered by you) :

    idizphz.dll is GEBLOKKEERD (in use by another program etc...)

    So I can't delete or rename it.

    Rebooting before or after doesn't do a thing to alter this. (MBAM is updated to the last definition)

    Furthermore, alas, with run "uitvoeren" the system says it cant find the program.

    Tried every combination. Didn't work.

    Finally, made a CFSript and put it into Combo. Here are the results:

    MBAM cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc

    Malwarebytes' Anti-Malware 1.25
    Database versie: 1093
    Windows 5.1.2600 Service Pack 3

    1:54:00 29/08/2008
    mbam-log-08-29-2008 (01-53-49).txt

    Scan type: Snelle Scan
    Objecten gescand: 59996
    Verstreken tijd: 5 minute(s), 57 second(s)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 2
    Registerwaarden geïnfecteerd: 0
    Registerdata bestanden geïnfecteerd: 0
    Mappen geïnfecteerd: 0
    Bestanden geïnfecteerd: 1

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registersleutels geïnfecteerd:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8fff4fc7-2079-4f05-99c9-3ebe00795f4f} (Trojan.BHO.H) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{8fff4fc7-2079-4f05-99c9-3ebe00795f4f} (Trojan.BHO.H) -> No action taken.

    Registerwaarden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Registerdata bestanden geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Mappen geïnfecteerd:
    (Geen kwaadaardige items gevonden)

    Bestanden geïnfecteerd:
    c:\WINDOWS\system32\cvxsmzj.dll (Trojan.BHO.H) -> No action taken.

    COMBOLOG ccccccccccccccccccccccccccccccccccccccccccccccccccccccccc

    ComboFix 08-08-28.04 - quasimodo 2008-08-29 2:42:51.7 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.533 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\quasimodo\Bureaublad\ComboFix.exe
    Command switches used :: C:\Documents and Settings\quasimodo\Bureaublad\CFScript
    * Nieuw herstelpunt werd aangemaakt
    * Resident AV is active


    WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\quasimodo\Application Data\macromedia\Flash Player\#SharedObjects\6WTCT5Q5\interclick.com
    C:\Documents and Settings\quasimodo\Application Data\macromedia\Flash Player\#SharedObjects\6WTCT5Q5\interclick.com\ud.sol
    C:\Documents and Settings\quasimodo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
    C:\Documents and Settings\quasimodo\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
    C:\Documents and Settings\sam\Application Data\macromedia\Flash Player\#SharedObjects\UXGMG9RW\bin.clearspring.com
    C:\Documents and Settings\sam\Application Data\macromedia\Flash Player\#SharedObjects\UXGMG9RW\bin.clearspring.com\clearspring.sol
    C:\Documents and Settings\sam\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
    C:\Documents and Settings\sam\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

    .
    (((((((((((((((((((( Bestanden Gemaakt van 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))
    .

    2008-08-29 01:19 . 2008-08-29 01:19 0 --a------ C:\infect.htm
    2008-08-29 01:19 . 2008-08-29 01:19 0 --a------ C:\error.htm
    2008-08-27 04:36 . 2008-08-27 04:36 <DIR> d-------- C:\Documents and Settings\quasimodo\Application Data\DivX
    2008-08-26 18:40 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui
    2008-08-23 19:11 . 2008-08-29 01:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-23 17:46 . 2008-08-23 17:46 <DIR> d-------- C:\Documents and Settings\Administrator.FAMILIEVERBOVEN.004\Application Data\Malwarebytes
    2008-08-17 02:17 . 2008-08-17 02:17 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2008-08-17 02:10 . 2008-08-17 02:12 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2008-08-16 21:18 . 2008-08-23 17:20 <DIR> d-------- C:\Program Files\EasyZip
    2008-08-16 21:18 . 1999-05-21 21:10 129,024 --a------ C:\WINDOWS\system32\ZipDll.dll
    2008-08-16 21:18 . 1999-05-21 21:10 115,712 --a------ C:\WINDOWS\system32\UnzDll.dll
    2008-08-16 21:18 . 1997-02-17 16:23 53,248 --a------ C:\WINDOWS\system32\UNRAR.DLL
    2008-08-16 21:17 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
    2008-08-13 15:22 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
    2008-08-13 15:21 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
    2008-08-12 13:53 . 2008-08-12 14:23 <DIR> d-------- C:\Documents and Settings\nick\Application Data\Mijn Battle for Middle-earth bestanden
    2008-08-11 14:46 . 2008-08-11 22:11 <DIR> d-------- C:\Documents and Settings\nick\Application Data\F-Secure
    2008-08-10 00:45 . 2008-08-26 18:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-08-10 00:45 . 2008-08-10 00:45 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-08-07 01:58 . 2008-08-07 01:58 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
    2008-08-02 12:36 . 2008-08-03 00:18 <DIR> d-------- C:\Documents and Settings\quasimodo\Application Data\F-Secure
    2008-08-02 12:35 . 2008-08-02 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Bureaublad
    2008-08-02 12:20 . 2008-08-02 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
    2008-08-02 12:20 . 2008-08-02 12:37 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
    2008-08-02 12:20 . 2008-08-02 12:37 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
    2008-08-02 12:19 . 2008-08-02 12:41 <DIR> d-------- C:\Program Files\Scarlet Secure PC
    2008-08-02 12:17 . 2008-08-02 12:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
    2008-08-02 08:13 . 2008-08-02 08:13 685,056 --a------ C:\WINDOWS\is-ICEFL.exe
    2008-08-02 08:13 . 2008-08-02 08:13 11,729 --a------ C:\WINDOWS\is-ICEFL.msg
    2008-08-02 08:13 . 2008-08-02 08:13 460 --a------ C:\WINDOWS\is-ICEFL.lst
    2008-08-02 08:03 . 2008-08-29 02:39 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
    2008-08-01 14:13 . 2008-08-26 16:55 4,166,554 --a------ C:\WINDOWS\pfirewall.log.old

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-27 03:32 --------- d-----w C:\Program Files\DivX
    2008-08-26 17:22 --------- d-----w C:\Program Files\Registry Easy
    2008-08-26 16:09 17,408 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
    2008-08-23 19:34 --------- d-----w C:\Program Files\Google
    2008-08-22 19:15 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
    2008-08-22 17:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
    2008-08-22 15:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-20 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
    2008-08-17 13:01 38,472 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-08-17 13:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
    2008-08-17 00:09 --------- d-----w C:\Program Files\Windows Media Connect
    2008-08-14 13:17 --------- d-----w C:\Documents and Settings\nick\Application Data\Ahead
    2008-08-12 15:56 4,906 ----a-w C:\Documents and Settings\nick\Application Data\wklnhst.dat
    2008-08-12 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-12 09:18 --------- d-----w C:\Program Files\Lavasoft
    2008-08-12 09:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-08-06 20:40 67,736 ----a-w C:\Documents and Settings\quasimodo\Application Data\GDIPFONTCACHEV1.DAT
    2008-08-02 07:16 103,424 ----a-w C:\WINDOWS\system32\idizphz.dll
    2008-07-28 14:55 --------- d-----w C:\Program Files\Java
    2008-07-25 08:34 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-07-22 20:34 19,530,621 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_22_21_03_46_full.dmp.zip
    2008-07-22 20:33 --------- d-----w C:\Program Files\BoontyGames
    2008-07-22 17:39 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\Malwarebytes
    2008-07-22 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-21 19:21 --------- d-----w C:\Program Files\Trend Micro
    2008-07-21 18:11 19,565,789 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_21_19_35_24_full.dmp.zip
    2008-07-21 17:34 19,701,328 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_21_16_34_59_full.dmp.zip
    2008-07-21 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-07-21 09:45 --------- d-----w C:\Program Files\SUPERAntiSpyware
    2008-07-21 09:45 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\SUPERAntiSpyware.com
    2008-07-20 18:08 19,707,333 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_07_20_18_34_32_full.dmp.zip
    2008-07-20 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
    2008-07-19 22:07 --------- d-----w C:\Documents and Settings\sam\Application Data\Viewpoint
    2008-07-19 18:11 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2008-07-19 18:05 24 ----a-w C:\Documents and Settings\nick\filter.drv
    2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
    2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
    2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
    2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
    2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
    2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\sam\Application Data\Ventrilo
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\sam\Application Data\Pro Cycling Manager 2007
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\uTorrent
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\Pro Cycling Manager 2007
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\DVD Shrink
    2008-07-18 07:16 --------- d-----w C:\Documents and Settings\nick\Application Data\Ventrilo
    2008-07-11 18:12 --------- d-----w C:\Program Files\Ventrilo
    2008-07-11 11:45 24 ----a-w C:\Documents and Settings\sam\filter.drv
    2008-07-07 20:30 253,952 ----a-w C:\WINDOWS\system32\es.dll
    2008-07-05 10:42 --------- d-----w C:\Program Files\CCleaner
    2008-07-05 09:12 2,575 ----a-w C:\Program Files\HBOFF.LOG
    2008-07-05 09:12 1,479 -c--a-w C:\Program Files\Hboff.ini
    2008-07-05 09:12 --------- d-----w C:\Program Files\Userdata
    2008-07-01 21:15 24 ----a-w C:\Documents and Settings\quasimodo\filter.drv
    2008-06-30 16:24 4,222 ----a-w C:\Documents and Settings\sam\Application Data\wklnhst.dat
    2008-06-30 16:18 --------- d-----w C:\Program Files\Common Files\Logitech
    2008-06-30 10:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-30 06:12 --------- d-----w C:\Documents and Settings\quasimodo\Application Data\PC Tools
    2008-06-27 20:35 20,708 ----a-w C:\Documents and Settings\quasimodo\Application Data\wklnhst.dat
    2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
    2008-06-23 15:12 669,184 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-06-20 17:49 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-03-29 14:08 67,736 ----a-w C:\Documents and Settings\sam\Application Data\GDIPFONTCACHEV1.DAT
    2008-03-28 20:47 1 ----a-w C:\Documents and Settings\quasimodo\SI.bin
    2007-11-10 14:38 67,736 ----a-w C:\Documents and Settings\nick\Application Data\GDIPFONTCACHEV1.DAT
    2007-07-05 09:11 6,004,736 ----a-w C:\Program Files\HBOFF.EXE
    2007-07-05 09:11 275,968 ----a-w C:\Program Files\HomeBank.exe
    2007-07-05 08:57 180,736 ----a-w C:\Program Files\HBMSG00.dll
    2007-07-05 08:57 176,640 ----a-w C:\Program Files\HBMSG02.dll
    2007-07-05 08:57 175,104 ----a-w C:\Program Files\HBMSG01.dll
    2007-07-05 08:57 164,352 ----a-w C:\Program Files\HBMSG03.dll
    2007-06-25 08:24 84,480 ----a-w C:\Program Files\HBConnMon.exe
    2007-06-25 08:24 744 -c--a-w C:\Program Files\hboff.exe.manifest
    2007-06-25 08:24 71,168 ----a-w C:\Program Files\HbCalc.exe
    2007-06-25 08:24 25,690 -c--a-w C:\Program Files\HBERRORINI.DE
    2007-06-25 08:24 25,298 -c--a-w C:\Program Files\HBERRORINI.FR
    2007-06-25 08:24 24,620 -c--a-w C:\Program Files\HBERRORINI.NL
    2007-06-25 08:24 23,001 -c--a-w C:\Program Files\HBERRORINI.EN
    2005-01-27 13:59 8 --sha-r C:\WINDOWS\system32\62A95D688F.sys
    2007-12-14 13:25 6,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FFF4FC7-2079-4F05-99C9-3EBE00795F4F}]
    2008-08-02 09:16 103424 --a------ c:\windows\system32\cvxsmzj.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ASUS SmartDoctor "= "C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-07-18 16:20 1114112]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:02 15360]
    "WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 22:53 204288]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 10:10 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Keyboard Status "= "C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe" [2005-01-25 12:03 411648]
    "NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-06-28 18:43 8466432]
    "NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-06-28 18:43 81920]
    "Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
    "HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-05 20:34 188416]
    "GameFace Messenger "= "C:\Program Files\GameFace Messenger\GameFace.exe" [2006-11-01 15:50 2154496]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "F-Secure Manager "= "C:\Program Files\Scarlet Secure PC\Common\FSM32.EXE" [2007-04-26 19:12 183208]
    "F-Secure TNB "= "C:\Program Files\Scarlet Secure PC\FSGUI\TNBUtil.exe" [2007-04-26 19:10 740208]
    "AGRSMMSG "= "AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
    "nwiz "= "nwiz.exe" [2007-06-28 18:43 1626112 C:\WINDOWS\system32\nwiz.exe]
    "Kernel and Hardware Abstraction Layer "= "KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 19:02 15360]
    "DWQueuedReporting "= "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-30 10:10 68856]

    C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
    Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-22 15:43:38 692224]



    HIJACK cccccccccccccccccccccccccccccccccccccccccccccccccccccccccc

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:02:21, on 29/08/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    c:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    C:\Program Files\Scarlet Secure PC\Anti-Virus\fsgk32st.exe
    C:\Program Files\Scarlet Secure PC\Common\FSMA32.EXE
    C:\Program Files\Scarlet Secure PC\Anti-Virus\FSGK32.EXE
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Scarlet Secure PC\Common\FSMB32.EXE
    C:\WINDOWS\System32\svchost.exe
    c:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Scarlet Secure PC\Common\FCH32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Scarlet Secure PC\Anti-Virus\fsqh.exe
    C:\Program Files\Scarlet Secure PC\Common\FAMEH32.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Scarlet Secure PC\Common\FSM32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Scarlet Secure PC\FSGUI\fsguidll.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Scarlet Secure PC\FSAUA\program\fsaua.exe
    C:\Program Files\Scarlet Secure PC\Anti-Virus\fssm32.exe
    C:\Program Files\Scarlet Secure PC\FWES\Program\fsdfwd.exe
    C:\Program Files\Scarlet Secure PC\FSAUA\program\fsus.exe
    C:\Program Files\Scarlet Secure PC\Anti-Virus\fsav32.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.logogle.com/ggl.php?hl=ja&lo=Ik HOUDT VAN PAPA (EN NICK OOK)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {8FFF4FC7-2079-4F05-99C9-3EBE00795F4F} - c:\windows\system32\cvxsmzj.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.509.6972\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Keyboard Status] C:\PROGRA~1\Medion Tools\KeyStat\KeyStat.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Scarlet Secure PC\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Scarlet Secure PC\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4EE87D5D-654F-11D7-828F-B1119AEC2423} (ParCurvCtrl.PCurvCtrl) - http://www.wiskundeonline.nl/ActiveX/ParCurv/Package/ParCurvCtrl.CAB
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120044746250
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1120044715890
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - c:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - c:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Scarlet Secure PC\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Scarlet Secure PC\FSAUA\program\fsaua.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Scarlet Secure PC\FWES\Program\fsdfwd.exe
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Scarlet Secure PC\Common\FSMA32.EXE
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - c:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    --
    End of file - 10578 bytes



    Oef, hope this is readable to you. I certainly isn't to me :)

    Jan
     
    janhelpseeker,
    #24
  6. 2008/08/28
    janhelpseeker

    janhelpseeker Inactive Thread Starter

    Joined:
    2008/07/19
    Messages:
    16
    Likes Received:
    0
    P.S.: with hijack open (I probably am doing the wrong thing) the IDIZPHZ.DLL is refusing to be deleted. It has it's hooks and claws firmly attached to ... whatever.

    Jan
     
    janhelpseeker,
    #25
  7. 2008/08/28
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi Jan

    Hi
    OK you need to run MBAM again, you did not let it delete what it found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{8fff4fc7-2079-4f05-99c9-3ebe00795f4f} (Trojan.BHO.H) -> No action taken.

    Follow these instructions.

    When the scan is complete, click OK, then Show Results to view the results.
    Make sure that everything is checked, and click Remove Selected.
    When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note below)
    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Post the entire report in your next reply along with a fresh HijackThis log.


    Now Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    KillAll::
File::
C:\WINDOWS\system32\idizphz.dll
C:\infect.htm
C:\error.htm
    Please post the MBAM log and the combofix log.

    Geri
     
    Geri,
    #26
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...