Inactive [InActive] My computer is Infectred : I THINK !

zeeshanhashmi · 2008/12/02

the other one
-------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by Zeeshan at 2008-12-03 08:26:06
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (51%) free of 38 GB
Total RAM: 1013 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:26, on 2008-12-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
E:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\n\Desktop\Downloads\RSIT.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Zeeshan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.116.0.1:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: VS_IEHlprObj Class - {829CAB51-A4EA-4a15-87B6-4B7D0747939C} - C:\Program Files\Network Associates\VirusScan\bho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BitAccelerator module - {92860A02-4D69-48c1-82D7-EF6B2C609502} - C:\Program Files\BitAccelerator\BitAccelerator.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe "
O4 - HKLM\..\Run: [iKeyWorks] e:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [Prefs] D:\PROGRA~1\oDesk\oDeskLaunch.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe "
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9129 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{829CAB51-A4EA-4a15-87B6-4B7D0747939C}]
VS_IEHlprObj Class - C:\Program Files\Network Associates\VirusScan\bho.dll [2004-05-27 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92860A02-4D69-48c1-82D7-EF6B2C609502}]
BitAccelerator Class - C:\Program Files\BitAccelerator\BitAccelerator.dll [2007-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2005-04-06 94208]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2005-04-06 77824]
"Persistence "=C:\WINDOWS\system32\igfxpers.exe [2005-04-06 114688]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2007-03-13 16116224]
"SkyTel "=SkyTel.EXE []
"Alcmtr "=ALCMTR.EXE []
"AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-06-30 88203]
"ShStatEXE "=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-05-27 90112]
"McAfeeUpdaterUI "=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-05-21 135224]
"Network Associates Error Reporting Service "=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2003-10-07 147514]
" "= []
"iKeyWorks "=e:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe [2006-09-07 65536]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"iTunesHelper "=E:\Program Files\iTunes\iTunesHelper.exe [2007-09-07 267064]
"PCSuiteTrayApplication "=C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [2006-06-15 229376]
"Sony Ericsson PC Suite "=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"Acrobat Assistant 8.0 "=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"Prefs "=D:\PROGRA~1\oDesk\oDeskLaunch.exe [2008-06-21 357856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
"Aim6 "= []
"H/PC Connection Agent "=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Skype "=C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]
"Google Update "=C:\Documents and Settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]
"Orb "=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-04-06 131072]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"E:\Program Files\iTunes\iTunes.exe "= "E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger "
"C:\Program Files\Yahoo!\Messenger\YServer.exe "= "C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "
"C:\Program Files\WinSCP\WinSCP.exe "= "C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:Windows SFTP, FTP and SCP client "
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe "= "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*isabled:Framework Service "
"C:\Program Files\Winamp Remote\bin\Orb.exe "= "C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb "
"C:\Program Files\Winamp Remote\bin\OrbTray.exe "= "C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray "
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe "= "C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client "
"D:\Program Files\SPSSInc\Statistics17\statistics.exe "= "D:\Program Files\SPSSInc\Statistics17\statistics.exe:*isabled:Statistics17:exe "
"D:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe "= "D:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*isabled:SPSS Basic Script Editor "
"D:\Program Files\SPSSInc\Statistics17\statistics.com "= "D:\Program Files\SPSSInc\Statistics17\statistics.com:*isabled:Statistics17:com "
"C:\Program Files\Skype\Phone\Skype.exe "= "C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\MSN Messenger\msnmsgr.exe "= "C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\Program Files\MSN Messenger\livecall.exe "= "C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe "= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe "= "C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe "= "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\AutoRun\command - M:\WD_Windows_Tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e656f16c-5fbd-11dc-a299-0019d19d4b36}]
shell\AutoRun\command - K:\LaunchU3.exe

======File associations======

.js - edit - "D:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1 "
.js - open -

======List of files/folders created in the last 1 months======

2008-12-03 08:26:06 ----D---- C:\rsit
2008-12-03 08:13:53 ----D---- C:\ComboFix
2008-12-03 08:13:53 ----A---- C:\WINDOWS\system32\CF26390.exe
2008-12-03 08:13:35 ----A---- C:\WINDOWS\system32\CF26331.exe
2008-12-03 08:13:04 ----A---- C:\WINDOWS\system32\CF26223.exe
2008-12-02 19:47:30 ----SHD---- C:\FOUND.033
2008-12-02 19:07:37 ----A---- C:\WINDOWS\zip.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\VFIND.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\SWSC.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\SWREG.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\sed.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\grep.exe
2008-12-02 19:07:37 ----A---- C:\WINDOWS\fdsv.exe
2008-12-02 19:07:18 ----D---- C:\Qoobox
2008-12-02 19:07:16 ----A---- C:\WINDOWS\system32\CF3333.exe
2008-11-30 17:46:02 ----SHD---- C:\FOUND.032
2008-11-29 23:50:36 ----SHD---- C:\FOUND.031
2008-11-26 10:07:24 ----A---- C:\WINDOWS\system32\prsgrc.dll
2008-11-26 10:07:24 ----A---- C:\WINDOWS\system32\grcauth2.dll
2008-11-26 10:07:24 ----A---- C:\WINDOWS\system32\grcauth1.dll
2008-11-26 10:06:03 ----D---- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
2008-11-26 10:05:19 ----D---- C:\Documents and Settings\All Users\Application Data\SPSS
2008-11-26 10:05:18 ----D---- C:\Program Files\Common Files\SPSS
2008-11-26 09:58:37 ----A---- C:\WINDOWS\system32\sysprs7.dll
2008-11-26 09:58:37 ----A---- C:\WINDOWS\system32\lsprst7.dll
2008-11-24 23:40:08 ----SHD---- C:\FOUND.030
2008-11-15 22:47:04 ----SHD---- C:\FOUND.029
2008-11-12 21:29:14 ----SHD---- C:\FOUND.028
2008-11-10 13:24:22 ----D---- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-11-10 13:24:18 ----D---- C:\Program Files\Winamp Remote
2008-11-10 13:23:20 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-10 13:05:49 ----D---- C:\Program Files\Winamp
2008-11-10 13:05:49 ----D---- C:\Documents and Settings\n\Application Data\Winamp
2008-11-06 23:58:46 ----D---- C:\Documents and Settings\n\Application Data\yoclient

======List of files/folders modified in the last 1 months======

2008-12-02 19:08:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-01 07:27:08 ----A---- C:\WINDOWS\DUMP5ef6.tmp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2004-05-27 55520]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-03-13 165760]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-04-06 830684]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-13 4474368]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2004-05-27 105664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2007-11-09 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2007-11-09 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2007-11-09 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2007-11-09 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2007-11-09 79488]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 Nokia USB Port;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2006-05-29 13312]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-04-04 35712]
S3 STHDA;High Definition Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\sthda.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-21 12800]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-05-21 102463]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [2004-05-27 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-05-27 27648]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 MySQL;MySQL; C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt --defaults-file=C:\Program Files\MySQL\MySQL Server 5.0\my.ini MySQL []
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2004-08-04 32768]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-05 24652]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-12-22 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-07 503608]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-09-10 72704]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-07-25 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2004-08-04 8704]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

Geri · 2008/12/02

Hi
OK we need to check for overheating (dust, working fans) You will need to open the tower case and make sure the fans are spinning.

Then remove all power going to the tower and use a can of compressed air to blow out any dust, do not blow on the fans so they spin, hold them in place with a tooth pick so they don't spin

Then run CF in safe mode and if CF reboots the machine, go back to safe mode for it to finish.
Post the log it creates

Thanks
Geri

zeeshanhashmi · 2008/12/03

ComboFix 08-12-01.01 - Zeeshan 2008-12-03 16:23:31.1 - FAT32x86
Running from: c:\documents and settings\n\Desktop\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Video Add-on
c:\windows\system32\Cache
c:\windows\system32\lsprst7.dll
c:\windows\system32\prsgrc.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 08:26 . 2008-12-03 08:26 <DIR> d-------- C:\rsit
2008-12-02 19:47 . 2008-12-02 19:47 <DIR> d--hs---- C:\FOUND.033
2008-11-30 21:18 . 2008-11-30 21:24 8,192 --a------ c:\windows\system32\edb.chk
2008-11-30 17:46 . 2008-11-30 17:46 <DIR> d--hs---- C:\FOUND.032
2008-11-29 23:50 . 2008-11-29 23:50 <DIR> d--hs---- C:\FOUND.031
2008-11-26 10:10 . 2008-11-26 10:10 <DIR> d-------- c:\documents and settings\n\.spss
2008-11-26 10:07 . 2008-11-26 10:07 1,024 --a------ c:\windows\system32\grcauth2.dll
2008-11-26 10:07 . 2008-11-26 10:07 1,024 --a------ c:\windows\system32\grcauth1.dll
2008-11-26 10:07 . 2008-11-26 10:07 114 --a------ c:\windows\system32\prsgrc.tgz
2008-11-26 10:06 . 2008-11-26 10:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2008-11-26 10:05 . 2008-11-26 10:05 <DIR> d-------- c:\program files\Common Files\SPSS
2008-11-26 10:05 . 2008-11-26 10:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\SPSS
2008-11-26 09:58 . 2008-11-26 09:58 1,025 --a------ c:\windows\system32\sysprs7.tgz
2008-11-26 09:58 . 2008-11-26 09:58 1,025 --a------ c:\windows\system32\sysprs7.dll
2008-11-26 09:58 . 2008-11-26 09:58 219 --a------ c:\windows\system32\lsprst7.tgz
2008-11-26 09:58 . 2008-11-26 09:58 16 ---h----- c:\windows\system32\servdat.slm
2008-11-26 09:24 . 2008-11-26 09:24 244 --ah----- C:\sqmnoopt02.sqm
2008-11-26 09:24 . 2008-11-26 09:24 232 --ah----- C:\sqmdata02.sqm
2008-11-24 23:40 . 2008-11-24 23:40 <DIR> d--hs---- C:\FOUND.030
2008-11-15 22:47 . 2008-11-15 22:47 <DIR> d--hs---- C:\FOUND.029
2008-11-12 21:29 . 2008-11-12 21:29 <DIR> d--hs---- C:\FOUND.028
2008-11-10 13:24 . 2008-11-10 13:24 <DIR> d-------- c:\program files\Winamp Remote
2008-11-10 13:24 . 2008-11-10 13:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\OrbNetworks
2008-11-10 13:05 . 2008-11-10 13:05 <DIR> d-------- c:\program files\Winamp
2008-11-10 13:05 . 2008-11-10 13:05 <DIR> d-------- c:\documents and settings\n\Application Data\Winamp
2008-11-06 23:58 . 2008-11-06 23:58 <DIR> d-------- c:\documents and settings\n\Application Data\yoclient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 02:27 90,112 ----a-w c:\windows\DUMP5ef6.tmp
2008-10-25 19:26 --------- d-----w c:\documents and settings\n\Application Data\Viewpoint
2008-10-20 17:16 --------- d-----w c:\program files\ClearAllHistory
2007-12-01 12:57 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"Google Update "= "c:\documents and settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Orb "= "c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ShStatEXE "= "c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-05-27 90112]
"McAfeeUpdaterUI "= "c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-05-21 135224]
"Network Associates Error Reporting Service "= "c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"iKeyWorks "= "e:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 65536]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper "= "e:\program files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"PCSuiteTrayApplication "= "c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"Sony Ericsson PC Suite "= "c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Prefs "= "d:\progra~1\oDesk\oDeskLaunch.exe" [2008-06-21 357856]
"RTHDCPL "= "RTHDCPL.EXE" [2007-03-13 c:\windows\RTHDCPL.exe]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-06-30 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MFZ0 "= MyFlashZip0.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"e:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\WinSCP\\WinSCP.exe "=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe "=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe "=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe "=
"d:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe "=
"d:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe "=
"d:\\Program Files\\SPSSInc\\Statistics17\\statistics.com "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - m:\wd_windows_tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e656f16c-5fbd-11dc-a299-0019d19d4b36}]
\Shell\AutoRun\command - K:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-03 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 22:22]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-SkyTel - SkyTel.EXE

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\n\Application Data\Mozilla\Firefox\Profiles\sxalfbrl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF -: plugin - c:\documents and settings\n\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
FF -: plugin - e:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 16:24:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL "
.
Completion time: 2008-12-03 16:25:01
ComboFix-quarantined-files.txt 2008-12-03 11:25:00

Pre-Run: 20,409,122,816 bytes free
Post-Run: 20,977,516,544 bytes free

151

zeeshanhashmi · 2008/12/03

Hi
now i can run the complete online virus scan. and here is the report.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 3, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 03, 2008 10:22:18
Records in database: 1434527
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 119091
Threat name: 10
Infected objects: 16
Suspicious objects: 0
Duration of the scan: 04:03:11

File name / Threat name / Threats count
C:\Program Files\BitAccelerator\BitAccelerator.dll Infected: not-a-virus:WebToolbar.Win32.BitAccelerator.e 1
C:\Program Files\BitAccelerator\BitAccelerator.exe Infected: Trojan.Win32.ConnectionServices.e 1
C:\quarantine\a0189135.dll.Vir Infected: Trojan.Win32.ConnectionServices.w 1
C:\Deckard\System Scanner\20080113211748\backup\DOCUME~1\n\LOCALS~1\Temp\59.tmp Infected: Trojan.Win32.ConnectionServices.n 1
C:\Deckard\System Scanner\20080113211748\backup\DOCUME~1\n\LOCALS~1\Temp\54.tmp Infected: Trojan.Win32.ConnectionServices.n 1
G:\TLifeEssentials.zip Infected: not-a-virus:AdWare.Win32.BHO.byo 1
I:\Program Files\Norton AntiVirus\Quarantine\07CC71DF.EXE Infected: Trojan-Downloader.Win32.Harnig.cu 1
I:\Program Files\Norton AntiVirus\Quarantine\07CF1BDC.EXE Infected: Trojan-Downloader.Win32.Tibs.if 1
I:\Program Files\Norton AntiVirus\Quarantine\10F85DC7.TMP Infected: Trojan.Java.ClassLoader.ao 1
I:\Program Files\Norton AntiVirus\Quarantine\22E37E24.TMP Infected: Trojan.Java.ClassLoader.ao 1
I:\Program Files\Norton AntiVirus\Quarantine\25171CCC.TMP Infected: Trojan.Java.ClassLoader.ao 1
I:\Program Files\Norton AntiVirus\Quarantine\5F2962E0.EXE Infected: Email-Worm.Win32.Runouce.b 1
I:\Program Files\Norton AntiVirus\Quarantine\5F2C0CDD.EXE Infected: Email-Worm.Win32.Runouce.b 1
I:\Program Files\Norton AntiVirus\Quarantine\7B9F68CE.exe Infected: Net-Worm.Win32.Nimda 1
I:\Program Files\Norton AntiVirus\Quarantine\5F2F36D9.exe Infected: Email-Worm.Win32.Runouce.b 1
I:\Program Files\Norton AntiVirus\Quarantine\416746CE.exe Infected: Email-Worm.Win32.Runouce.b 1

The selected area was scanned.

zeeshanhashmi · 2008/12/03

Hello Sir,

When i open my PC's side, i see that the fan was moving, but, there was a lot of dust and that preventing the fan to give sufficient air to the processor. So after the air blow, it has not as clean as a new one. And the first change I noticed is that, I run kaspersky antivirus online and it completed all the files in 4 hours without any problems.

Is there any indication of something wrong in the logs or the Kasperskry results?

Geri · 2008/12/03

Hi
OK I need to know if you know what these are.
c:\documents and settings\All Users\Application Data\SPSS
c:\documents and settings\n\.spss

I would like some files scanned. Please do the following.

Jotti File Submission:

Please go to Jotti's malware scan

Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time

c:\windows\system32\grcauth1.dll
c:\windows\system32\sysprs7.tgz
c:\windows\system32\sysprs7.dll
c:\windows\system32\lsprst7.tgz
c:\documents and settings\All Users\Application Data\ezsid.dat

Click on the submit button

Please post the results in your next reply.

Thanks
Geri

zeeshanhashmi · 2008/12/04

Here are the notes:

c:\documents and settings\All Users\Application Data\SPSS
This folder is NO MORE, as I have Uninstalled SPSS

c:\documents and settings\n\.spss
This folder is STILL THERE, even I have uninstalled SPSS. The folder is Empty too.

Here are the scanning results
c:\windows\system32\grcauth1.dll = all found nothing / status = OK
c:\windows\system32\sysprs7.tgz = all found nothing / status = OK
c:\windows\system32\sysprs7.dll = all found nothing / status = OK
c:\windows\system32\lsprst7.tgz = all found nothing / status = OK
c:\documents and settings\All Users\Application Data\ezsid.dat = all found nothing / status = OK

Geri · 2008/12/04

Hi
Please do this.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.
Code:
KillAll::

File::
C:\quarantine\a0189135.dll.
G:\TLifeEssentials.zip 

Folder::
C:\Program Files\BitAccelerator
C:\Deckard\System Scanner\20080113211748\backup
c:\documents and settings\All Users\Application Data\SPSS
c:\documents and settings\n\.spss 
Thanks
Geri

zeeshanhashmi · 2008/12/06

ComboFix 08-12-01.01 - Zeeshan 2008-12-06 16:15:14.2 - FAT32x86
Running from: c:\documents and settings\n\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\n\Desktop\Downloads\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\quarantine\a0189135.dll.
G:\TLifeEssentials.zip
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\n\.spss
G:\TLifeEssentials.zip
M:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2008-12-06 07:54 . 2008-12-06 07:54 <DIR> d--hs---- C:\FOUND.035
2008-12-04 09:07 . 2008-12-04 09:07 <DIR> d--hs---- C:\FOUND.034
2008-12-03 22:03 . 2008-12-03 22:03 <DIR> d-------- c:\program files\Wisdom-soft
2008-12-03 21:47 . 2008-12-03 21:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
2008-12-03 08:26 . 2008-12-03 08:26 <DIR> d-------- C:\rsit
2008-12-02 19:47 . 2008-12-02 19:47 <DIR> d--hs---- C:\FOUND.033
2008-11-30 21:18 . 2008-11-30 21:24 8,192 --a------ c:\windows\system32\edb.chk
2008-11-30 17:46 . 2008-11-30 17:46 <DIR> d--hs---- C:\FOUND.032
2008-11-29 23:50 . 2008-11-29 23:50 <DIR> d--hs---- C:\FOUND.031
2008-11-26 10:07 . 2008-11-26 10:07 1,024 --a------ c:\windows\system32\grcauth2.dll
2008-11-26 10:07 . 2008-11-26 10:07 1,024 --a------ c:\windows\system32\grcauth1.dll
2008-11-26 10:07 . 2008-11-26 10:07 114 --a------ c:\windows\system32\prsgrc.tgz
2008-11-26 10:06 . 2008-11-26 10:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\SafeNet Sentinel
2008-11-26 10:05 . 2008-11-26 10:05 <DIR> d-------- c:\program files\Common Files\SPSS
2008-11-26 09:58 . 2008-11-26 09:58 1,025 --a------ c:\windows\system32\sysprs7.tgz
2008-11-26 09:58 . 2008-11-26 09:58 1,025 --a------ c:\windows\system32\sysprs7.dll
2008-11-26 09:58 . 2008-11-26 09:58 219 --a------ c:\windows\system32\lsprst7.tgz
2008-11-26 09:58 . 2008-11-26 09:58 16 ---h----- c:\windows\system32\servdat.slm
2008-11-26 09:24 . 2008-11-26 09:24 244 --ah----- C:\sqmnoopt02.sqm
2008-11-26 09:24 . 2008-11-26 09:24 232 --ah----- C:\sqmdata02.sqm
2008-11-24 23:40 . 2008-11-24 23:40 <DIR> d--hs---- C:\FOUND.030
2008-11-15 22:47 . 2008-11-15 22:47 <DIR> d--hs---- C:\FOUND.029
2008-11-12 21:29 . 2008-11-12 21:29 <DIR> d--hs---- C:\FOUND.028
2008-11-10 13:05 . 2008-11-10 13:05 <DIR> d-------- c:\program files\Winamp
2008-11-10 13:05 . 2008-11-10 13:05 <DIR> d-------- c:\documents and settings\n\Application Data\Winamp
2008-11-06 23:58 . 2008-11-06 23:58 <DIR> d-------- c:\documents and settings\n\Application Data\yoclient

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 02:27 90,112 ----a-w c:\windows\DUMP5ef6.tmp
2007-12-01 12:57 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-03_16.24.47.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-27 02:08:36 201,736 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-04 04:07:52 194,568 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-12-03 11:18:12 222,423 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-06 11:33:12 222,417 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2008-12-06 11:33:12 16,384 ----a-w c:\windows\temp\Perflib_Perfdata_79c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58} "= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2007-07-17 15:59 1379352 --a------ c:\program files\Wisdom-soft\tbWisd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58} "= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58} "= "c:\program files\Wisdom-soft\tbWisd.dll" [2007-07-17 1379352]

[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2008-05-30 21718312]
"Google Update "= "c:\documents and settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2005-04-06 94208]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2005-04-06 77824]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2005-04-06 114688]
"ShStatEXE "= "c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-05-27 90112]
"McAfeeUpdaterUI "= "c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-05-21 135224]
"Network Associates Error Reporting Service "= "c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"iKeyWorks "= "e:\progra~1\A4Tech\Keyboard\Ikeymain.exe" [2006-09-07 65536]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper "= "e:\program files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"RTHDCPL "= "RTHDCPL.EXE" [2007-03-13 c:\windows\RTHDCPL.exe]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-06-30 c:\windows\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MFZ0 "= MyFlashZip0.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=
"e:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\WinSCP\\WinSCP.exe "=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - m:\wd_windows_tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e656f16c-5fbd-11dc-a299-0019d19d4b36}]
\Shell\AutoRun\command - K:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-06 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\n\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 22:22]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 16:33:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath "= "\ "c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\ "c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL "
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\locator.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2008-12-06 16:49:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 11:49:04
ComboFix2.txt 2008-12-03 11:25:02

Pre-Run: 20,767,539,200 bytes free
Post-Run: 20,574,568,448 bytes free

163

Geri · 2008/12/07

Hi
OK please do this.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

c:\program files\Common Files\SPSS

Run ATF Cleaner again.

Now do another Kaspersky scan and post the results.

Thanks
Geri

redbeard · 2008/12/07

He may wish to upgrade the Macaffe to version 8.5. We have noted a great deal of problems using 8.0.

Geri · 2008/12/07

Hi

We have noted a great deal of problems using 8.0.
Click to expand...

Who is we? I don't beleave you are a Rep. of McAfee, seeings how you did not spell it correctly.

Geri

Geri · 2008/12/07

Hi zeeshanhashmi
The advice from redbeard would be a good idea, But please wait until we make sure you are clear of any malware before doing so.

Thanks
Geri

zeeshanhashmi · 2008/12/07

Hello

I do not agree with the advice to upgrade McAfee, because, I have this version for 1 and half years and the problem just arise now.

Had McAfee have any problem, I would have faced the problem earlier .

Geri · 2008/12/07

Hi
OK, that is up to you.

Can I see the Kaspersky report?

Let me know of any remaining issues.

Thanks

zeeshanhashmi · 2008/12/07

Yes Sir

My computer still acting up. Occasionally hanged, and increased delay in responses. Even of a keyboard response.

I tried to run kaspersky, but browser closed automatically.

Yesterday, my computer HANGED and after 5 minutes it shows the blue screen with full of data from top to bottom, but it was quick so I could not read that.

Then I had to restart the computer, and then i see "Error Loading OS"

Is this a symptom of problems with Memory and/or Processor ?
Is there a tool available to check the memory and processor ? completely ?

Please guide

Thanks
Zeeshan

zeeshanhashmi · 2008/12/10

Dear Geri

Please guide me about my computer.

Thanks
Zeeshan

Geri · 2008/12/10

Hi
OK I talked to the other specialists here and they believe it may be a Hardware failure, Your Hard Drive.

They recommend to do these things first.

Restart to your safe boot screen.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option.

Choose "Last Known Good Configuration" and hit the enter Key on your Keyboard.

If that don't help, then they suggest a repair install of your OS.

Geri

zeeshanhashmi · 2008/12/11

Hi
thanks but I tried that Last Known thing, and it started the windows and then when the windows was loaded it was very very slow, and suddenly restarted again and then it says
DISK ERROR

zeeshanhashmi · 2008/12/11

Please guide me sir, i m in deep trouble.

Log in or Sign up

Inactive [InActive] My computer is Infectred : I THINK !

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

redbeard Inactive

Geri Inactive Alumni

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive [InActive] My computer is Infectred : I THINK !

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

redbeard Inactive

Geri Inactive Alumni

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

Geri Inactive Alumni

zeeshanhashmi Inactive Thread Starter

zeeshanhashmi Inactive Thread Starter

Share This Page

Useful Searches