massive problem on other computer!!

**Neal** · 18-02-2008

I still need findlop log.

If you have previously downloaded ComboFix,please delete that version now.

Now download ComboFix and save to your desktop:

Note:

It is IMPORTANT that it is saved directly to your desktop

Close any open browsers.

Disconnect from the Internet.

Please do not re-connect your machine back to the Internet until Combofix has completely finished.

Disable your antivirus program and any realtime malware scanners now

Double click on combofix.exe and follow the prompts.

When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.

Note:
Do not mouseclick combofix's window while it's running.

That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.

Re-enable your anti-virus and re-connect back to the internet and post the combofix log.

*Note*
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

New hijackthis log please.

**anil_ks** · 18-02-2008

hey sos, i thought i did copy and paste it but guess not. comboFix worked the first time i had ran it but it did not produce the file C:\Combofix.txt. i ran it again but it closes down after stating it may take 10 minutes to produce results...shall i keep trying?

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'A6F0F714918B7570.job'
[TRACE] Printing all job properties

ApplicationName: 'c:\docume~1\vikren~1\applic~1\grimlite\ByteAudioT hunk.exe'
Parameters: ''
WorkingDirectory: ''
Comment: ''
Creator: 'vikrensimraj'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 02/28/2006 21:00:00
NextRun: 02/18/2008 2:00:00
StartError: 0x80070002
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 10/18/1998
EndDate: 00/00/0000
StartTime: 00:00
MinutesDuration: 1440
MinutesInterval: 60
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 11/20/2007 20:34:00
NextRun: 02/19/2008 20:34:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ..T....
StartDate: 12/25/2006
EndDate: 00/00/0000
StartTime: 20:34
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0

**anil_ks** · 18-02-2008

hey heres the combofix.txt (got it to work):

ComboFix 08-02-18.1 - vikrensimraj 2008-02-18 13:25:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.194 [GMT 0:00]
Running from: C:\Documents and Settings\vikrensimraj\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 03:38 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-18 03:38 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-18 03:38 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-18 03:38 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-18 01:07 . 2008-02-18 02:54 <DIR> d-------- C:\VundoFix Backups
2008-02-17 22:47 . 2008-02-17 22:47 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-17 04:59 . 2008-02-18 12:22 <DIR> d-------- C:\Documents and Settings\vikrensimraj\Application Data\AVG7
2008-02-17 04:58 . 2008-02-17 04:58 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-17 04:58 . 2008-02-17 04:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-17 04:58 . 2008-02-17 05:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-14 22:24 . 2008-02-14 22:24 10,752 --a------ C:\WINDOWS\system32\worsock.dll
2008-02-14 22:10 . 2008-02-14 22:10 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-14 22:10 . 2008-02-14 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-14 16:59 . 2008-02-14 16:59 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-14 16:57 . 2008-02-14 16:57 259,336 --a------ C:\Documents and Settings\vikrensimraj\Application Data\setup_en[1].exe
2008-02-14 16:54 . 2008-02-14 17:00 <DIR> d-------- C:\Documents and Settings\vikrensimraj\.housecall6.6
2008-02-14 16:33 . 2008-02-17 22:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-14 15:38 . 2008-02-14 15:38 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-01-21 14:24 . 2008-01-21 14:24 <DIR> d-------- C:\Documents and Settings\vikrensimraj\Application Data\Uniblue
2008-01-19 14:08 . 2008-01-19 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-19 14:03 . 2007-12-05 01:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-19 14:03 . 2008-01-19 14:08 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-19 14:03 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-19 14:02 . 2003-05-02 07:19 4,640,768 -ra------ C:\WINDOWS\system32\nvcpl.dll
2008-01-19 14:02 . 2003-05-02 07:19 3,764,224 -ra------ C:\WINDOWS\system32\nvoglnt.dll
2008-01-19 14:02 . 2003-05-02 07:19 3,180,171 -ra------ C:\WINDOWS\system32\nv4_disp.dll
2008-01-19 14:02 . 2003-05-02 07:19 1,323,008 -ra------ C:\WINDOWS\system32\dmcpl.exe
2008-01-19 14:02 . 2003-05-02 07:19 1,312,555 -ra------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-01-19 14:02 . 2003-05-02 07:19 512,000 -ra------ C:\WINDOWS\system32\nviewimg.dll
2008-01-19 14:02 . 2007-12-05 02:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-19 14:02 . 2003-05-02 07:19 126,976 -ra------ C:\WINDOWS\system32\nvinstnt.dll
2008-01-19 14:02 . 2003-05-02 07:19 69,632 -ra------ C:\WINDOWS\system32\nvsvc32.exe
2008-01-19 14:02 . 2003-05-02 07:19 49,152 -ra------ C:\WINDOWS\system32\nvmctray.dll
2008-01-19 14:01 . 2008-01-19 14:01 <DIR> d-------- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-14 22:32 --------- d-----w C:\Program Files\EPSON
2008-02-14 22:31 --------- d-----w C:\Program Files\Driving Test Success 2003
2008-01-20 14:53 --------- d-----w C:\Documents and Settings\vikrensimraj\Application Data\AdobeUM
2008-01-03 12:06 --------- d-----w C:\Documents and Settings\vikrensimraj\Application Data\U3
2007-12-29 16:05 --------- d-----w C:\Program Files\SopCast
2007-12-29 15:36 --------- d-----w C:\Program Files\TVAnts
2007-12-26 13:38 --------- d-----w C:\Documents and Settings\vikrensimraj\Application Data\SopCast
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-04-27 18:42 17,336 ----a-w C:\Documents and Settings\LocalService\Application Data\GDIPFONTCACHEV1.DAT
2005-12-13 16:11 17,336 ----a-w C:\Documents and Settings\vikrensimraj\Application Data\GDIPFONTCACHEV1.DAT
2004-04-27 13:26 590,336 ----a-w C:\Program Files\kmd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465047D5-856C-66A1-625E-6C9A6AE9514E}]
C:\DOCUME~1\VIKREN~1\APPLIC~1\filelies\popdupe.exe

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DD4019-81B2-42A3-B76F-5D8E8EBD8A05}]
C:\WINDOWS\System32\awtqn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba67046f-0ff1-464d-a9e1-6ecfa1ecce2e}]
C:\WINDOWS\System32\hyafflgi.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-23 15:00 13312]
"WinFixer2005"="C:\Program Files\WinFixer_2005\uwfx5.exe" [ ]
"DefySeek"="C:\DOCUME~1\VIKREN~1\APPLIC~1\grimlite \Corn does active.exe" [ ]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0S2.exe" [2003-11-27 02:00 99840]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"Workflow"="D:\Workflow.exe" [ ]
"NI.UWFX5LP_0001_0802"="C:\Documents and Settings\vikrensimraj\Local Settings\Temporary Internet Files\Content.IE5\CF9JYEVP\WFI[1].exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-02 17:55 180269]
"EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\ 3\E_S4I0S2.exe" [2003-11-27 02:00 99840]
"McafWelcome"="C:\Program Files\McAfee.com\Agent\mcwelcom.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent .exe" [2005-09-22 17:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupda te.exe" [2006-01-11 11:05 212992]
"MPSExe"="c:\PROGRA~1\mcafee.com\mps\mscifapp. exe" [2006-03-30 13:31 296488]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdl r.exe" [2005-07-08 17:18 151552]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 11:49 163840]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-11 21:02 53248]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray. exe" [2005-11-11 16:00 1005096]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgen t.exe" [2005-09-26 09:26 110592]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKD etct.exe" [2006-11-07 14:49 1121280]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2004-11-12 17:24 106557]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 02:48 36975]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 07:19 4640768]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray. dll" [2003-05-02 07:19 49152]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-17 04:58 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-23 15:00 13312]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-17 04:58 219136]

R3 Intels51;Intel(R) Ham 5628 V.92 Modem;C:\WINDOWS\System32\DRIVERS\Intels51.sys [2002-03-02 02:00]
S3 efipsk;efipsk;C:\DOCUME~1\VIKREN~1\LOCALS~1\Temp\e fipsk.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 13:00:00 C:\WINDOWS\Tasks\A6F0F714918B7570.job"
- c:\docume~1\vikren~1\applic~1\grimlite\ByteAudioTh unk.exe
"2007-11-20 20:34:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 13:27:15
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
EPSON Stylus C66 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU"???????%? ??=??????G????????????I?w????????????????`???????? ????????????d?w????`???????????8???????????w??w??? ?`??????????w`??????????????w???????

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> C:\WINDOWS\system32\worsock.dll
.
Completion time: 2008-02-18 13:28:35
.
2008-01-11 12:16:47 --- E O F ---

hope to hear from you soon!

**Neal** · 18-02-2008

Download LSPfix here:
http://www.cexx.org/lspfix.htm
Or here:
http://www.snapfiles.com/get/lspfix.html
or here:
http://majorgeeks.com/download625.html

To run it be sure you are NOT connected to the Internet.

Launch the application, and click the "I know what I'm doing" checkbox.

Check all instances of worsock.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.
Go to c:\windows\system32\worsock.dll(could be at a different location) and delete worsock.dll< file
Reboot your computer. A full power down reboot.

to find and delete worsock.dll:

Navigate to this file using Windows Explorer (OR Start -> Search) and delete (if present):

Spybot - Search & Destroy 1.3

Spybot is way out of date.

Open notepad(Must be NotePad) and copy/paste the text in the quotebox below into it:NOT THE WORD QUOTE

File::
C:\WINDOWS\System32\awtqn.dll
C:\WINDOWS\System32\hyafflgi.dll
C:\WINDOWS\Tasks\A6F0F714918B7570.job

Folder::
C:\VundoFix Backups
C:\DOCUME~1\VIKREN~1\APPLIC~1\filelies
C:\Program Files\WinFixer_2005
C:\DOCUME~1\VIKREN~1\APPLIC~1\grimlite

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{465047D5-856C-66A1-625E-6C9A6AE9514E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B0DD4019-81B2-42A3-B76F-5D8E8EBD8A05}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba67046f-0ff1-464d-a9e1-6ecfa1ecce2e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"WinFixer2005"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DefySeek"=-

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

**anil_ks** · 29-02-2008

hey....sorry for the big delay in my reply but i have had problems with my internet provider!

i have downloaded the LSPFix and done what you had asked.

'Go to c:\windows\system32\worsock.dll(could be at a different location) and delete worsock.dll< file
Reboot your computer. A full power down reboot.'

i have tried doing this but when i try deleting worsock.dll a window pops up stating:

cannot delete worsock:acces is denied.

make sure the disk is not full or write-protected and that the file is not currently in use.

should i reboot or just leave the computer on to do something else?

**anil_ks** · 29-02-2008

hi it deleted eventually and i proceeded to do as you said.

hee is the combofix.txt:

Start Time= 29/02/2008 2:15:27.62

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))

2008-02-18 12:30:18 ( .D... ) "C:\Program Files\Common Files"
2008-02-17 04:59:04 ( .D... ) "C:\Documents and Settings\vikrensimraj\Application Data\AVG7"
2008-02-17 04:58:04 ( .D... ) "C:\Program Files\Grisoft"
2008-02-14 16:57:14 259336 ( A.... ) "C:\Documents and Settings\vikrensimraj\Application Data\setup_en[1].exe"
2008-02-14 15:38:02 147456 ( A.... ) "C:\WINDOWS\system32\vbzip10.dll"
2008-01-21 14:24:24 ( .D... ) "C:\Documents and Settings\vikrensimraj\Application Data\Uniblue"
2008-01-02 18

36 17642616 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2007-12-29 15:36:14 ( .D... ) "C:\Program Files\TVAnts"
2007-12-05 02:53:08 356352 ( A.... ) "C:\WINDOWS\system32\NVUNINST.EXE"
2007-12-05 01:41:00 6549504 ( A.... ) "C:\WINDOWS\system32\nvdisps.dll"
2007-12-05 01:41:00 5611520 ( A.... ) "C:\WINDOWS\system32\nvdispsr.dll"
2007-12-05 01:41:00 3715072 ( A.... ) "C:\WINDOWS\system32\nvvitvsr.dll"
2007-12-05 01:41:00 3710976 ( A.... ) "C:\WINDOWS\system32\nvvitvs.dll"
2007-12-05 01:41:00 3420160 ( A.... ) "C:\WINDOWS\system32\nvgames.dll"
2007-12-05 01:41:00 3334144 ( A.... ) "C:\WINDOWS\system32\nvgamesr.dll"
2007-12-05 01:41:00 2854912 ( A.... ) "C:\WINDOWS\system32\nvmoblsr.dll"
2007-12-05 01:41:00 2519040 ( A.... ) "C:\WINDOWS\system32\nvwssr.dll"
2007-12-05 01:41:00 2498560 ( A.... ) "C:\WINDOWS\system32\nvwss.dll"
2007-12-05 01:41:00 1703936 ( A.... ) "C:\WINDOWS\system32\nvwdmcpl.dll"
2007-12-05 01:41:00 1626112 ( A.... ) "C:\WINDOWS\system32\nwiz.exe"
2007-12-05 01:41:00 1474560 ( A.... ) "C:\WINDOWS\system32\nview.dll"
2007-12-05 01:41:00 1339392 ( A.... ) "C:\WINDOWS\system32\nvdspsch.exe"
2007-12-05 01:41:00 1228800 ( A.... ) "C:\WINDOWS\system32\nvmobls.dll"
2007-12-05 01:41:00 1089536 ( A.... ) "C:\WINDOWS\system32\nvcuda.dll"
2007-12-05 01:41:00 1073152 ( A.... ) "C:\WINDOWS\system32\nvcpluir.dll"
2007-12-05 01:41:00 1019904 ( A.... ) "C:\WINDOWS\system32\nvwimg.dll"
2007-12-05 01:41:00 753664 ( A.... ) "C:\WINDOWS\system32\nvcplui.exe"
2007-12-05 01:41:00 466944 ( A.... ) "C:\WINDOWS\system32\nvshell.dll"
2007-12-05 01:41:00 458752 ( A.... ) "C:\WINDOWS\system32\nvmccssr.dll"
2007-12-05 01:41:00 442368 ( A.... ) "C:\WINDOWS\system32\nvappbar.exe"
2007-12-05 01:41:00 425984 ( A.... ) "C:\WINDOWS\system32\keystone.exe"
2007-12-05 01:41:00 385024 ( A.... ) "C:\WINDOWS\system32\nvapi.dll"
2007-12-05 01:41:00 356352 ( A.... ) "C:\WINDOWS\system32\nvudisp.exe"
2007-12-05 01:41:00 335872 ( A.... ) "C:\WINDOWS\system32\nvwrses.dll"
2007-12-05 01:41:00 335872 ( A.... ) "C:\WINDOWS\system32\nvwrsel.dll"
2007-12-05 01:41:00 327680 ( A.... ) "C:\WINDOWS\system32\nvwrsfr.dll"
2007-12-05 01:41:00 327680 ( A.... ) "C:\WINDOWS\system32\nvwrsesm.dll"
2007-12-05 01:41:00 327680 ( A.... ) "C:\WINDOWS\system32\nvrshe.dll"
2007-12-05 01:41:00 327680 ( A.... ) "C:\WINDOWS\system32\nvrsar.dll"
2007-12-05 01:41:00 323584 ( A.... ) "C:\WINDOWS\system32\nvwrspt.dll"
2007-12-05 01:41:00 323584 ( A.... ) "C:\WINDOWS\system32\nvwrsit.dll"
2007-12-05 01:41:00 319488 ( A.... ) "C:\WINDOWS\system32\nvwrsptb.dll"
2007-12-05 01:41:00 319488 ( A.... ) "C:\WINDOWS\system32\nvwrsnl.dll"
2007-12-05 01:41:00 315392 ( A.... ) "C:\WINDOWS\system32\nvwrsru.dll"
2007-12-05 01:41:00 315392 ( A.... ) "C:\WINDOWS\system32\nvwrshu.dll"
2007-12-05 01:41:00 311296 ( A.... ) "C:\WINDOWS\system32\nvwrsde.dll"
2007-12-05 01:41:00 307200 ( A.... ) "C:\WINDOWS\system32\nvexpbar.dll"
2007-12-05 01:41:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrstr.dll"
2007-12-05 01:41:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrssl.dll"
2007-12-05 01:41:00 303104 ( A.... ) "C:\WINDOWS\system32\nvwrsfi.dll"
2007-12-05 01:41:00 299008 ( A.... ) "C:\WINDOWS\system32\nvwrssk.dll"
2007-12-05 01:41:00 299008 ( A.... ) "C:\WINDOWS\system32\nvwrsno.dll"
2007-12-05 01:41:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrssv.dll"
2007-12-05 01:41:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrspl.dll"
2007-12-05 01:41:00 294912 ( A.... ) "C:\WINDOWS\system32\nvwrsda.dll"
2007-12-05 01:41:00 290816 ( A.... ) "C:\WINDOWS\system32\nvwrsth.dll"
2007-12-05 01:41:00 286720 ( A.... ) "C:\WINDOWS\system32\nvwrseng.dll"
2007-12-05 01:41:00 286720 ( A.... ) "C:\WINDOWS\system32\nvwrscs.dll"
2007-12-05 01:41:00 286720 ( A.... ) "C:\WINDOWS\system32\nvnt4cpl.dll"
2007-12-05 01:41:00 282624 ( A.... ) "C:\WINDOWS\system32\nvwrsar.dll"
2007-12-05 01:41:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrsfr.dll"
2007-12-05 01:41:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrses.dll"
2007-12-05 01:41:00 282624 ( A.... ) "C:\WINDOWS\system32\nvrsel.dll"
2007-12-05 01:41:00 278528 ( A.... ) "C:\WINDOWS\system32\nvwrshe.dll"
2007-12-05 01:41:00 278528 ( A.... ) "C:\WINDOWS\system32\nvrsit.dll"
2007-12-05 01:41:00 278528 ( A.... ) "C:\WINDOWS\system32\nvrsde.dll"
2007-12-05 01:41:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrspt.dll"
2007-12-05 01:41:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrsnl.dll"
2007-12-05 01:41:00 274432 ( A.... ) "C:\WINDOWS\system32\nvrsesm.dll"
2007-12-05 01:41:00 270336 ( A.... ) "C:\WINDOWS\system32\nvrsru.dll"
2007-12-05 01:41:00 266240 ( A.... ) "C:\WINDOWS\system32\nvrsptb.dll"
2007-12-05 01:41:00 266240 ( A.... ) "C:\WINDOWS\system32\nvrsja.dll"
2007-12-05 01:41:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrstr.dll"
2007-12-05 01:41:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrssl.dll"
2007-12-05 01:41:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrssk.dll"
2007-12-05 01:41:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrsko.dll"
2007-12-05 01:41:00 258048 ( A.... ) "C:\WINDOWS\system32\nvrshu.dll"
2007-12-05 01:41:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsth.dll"
2007-12-05 01:41:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrssv.dll"
2007-12-05 01:41:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrspl.dll"
2007-12-05 01:41:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsno.dll"
2007-12-05 01:41:00 253952 ( A.... ) "C:\WINDOWS\system32\nvrsda.dll"
2007-12-05 01:41:00 249856 ( A.... ) "C:\WINDOWS\system32\nvrsfi.dll"
2007-12-05 01:41:00 249856 ( A.... ) "C:\WINDOWS\system32\nvrscs.dll"
2007-12-05 01:41:00 245760 ( A.... ) "C:\WINDOWS\system32\nvrseng.dll"
2007-12-05 01:41:00 229376 ( A.... ) "C:\WINDOWS\system32\nvmccs.dll"
2007-12-05 01:41:00 225280 ( A.... ) "C:\WINDOWS\system32\nvrszhc.dll"
2007-12-05 01:41:00 212992 ( A.... ) "C:\WINDOWS\system32\nvwrsja.dll"
2007-12-05 01:41:00 196608 ( A.... ) "C:\WINDOWS\system32\nvwrsko.dll"
2007-12-05 01:41:00 188416 ( A.... ) "C:\WINDOWS\system32\nvmccss.dll"
2007-12-05 01:41:00 167936 ( A.... ) "C:\WINDOWS\system32\nvwrszht.dll"
2007-12-05 01:41:00 163840 ( A.... ) "C:\WINDOWS\system32\nvwrszhc.dll"
2007-12-05 01:41:00 147456 ( A.... ) "C:\WINDOWS\system32\nvcolor.exe"
2007-12-05 01:41:00 126976 ( A.... ) "C:\WINDOWS\system32\nvrszht.dll"
2007-12-05 01:41:00 81920 ( A.... ) "C:\WINDOWS\system32\nvwddi.dll"
2007-12-05 01:41:00 45056 ( A.... ) "C:\WINDOWS\system32\nvmccsrs.dll"
2007-12-05 01:41:00 35328 ( A.... ) "C:\WINDOWS\system32\nvcodins.dll"
2007-12-05 01:41:00 35328 ( A.... ) "C:\WINDOWS\system32\nvcod.dll"
2004-04-27 13:26:12 590336 ( A.... ) "C:\Program Files\kmd.exe"

((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) )

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"Workflow"="D:\\Workflow.exe"
"NI.UWFX5LP_0001_0802"="\"C:\\Documents and Settings\\vikrensimraj\\Local Settings\\Temporary Internet Files\\Content.IE5\\CF9JYEVP\\WFI[1].exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0S2.EXE /P23 \"EPSON Stylus C66 Series\" /O6 \"USB001\" /M \"Stylus C66\""
"McafWelcome"="C:\\Program Files\\McAfee.com\\Agent\\mcwelcom.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mca gent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\Mc Update.exe"
"MPSExe"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp. exe /embedding"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\m cmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MPFExe"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfT ray.exe"
"MSKAGENTEXE"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\Msk Agent.exe"
"MSKDetectorExe"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\ MSKDetct.exe /startup"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc. exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:000000ff

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.ex e"
"WinFixer2005"="\"C:\\Program Files\\WinFixer_2005\\uwfx5.exe\" /min"
"DefySeek"="C:\\DOCUME~1\\VIKREN~1\\APPLIC~1\\grim lite\\Corn does active.exe"
"EPSON Stylus C66 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W3 2X86\\3\\E_S4I0S2.EXE /P23 \"EPSON Stylus C66 Series\" /M \"Stylus C66\" /EF \"HKCU\""
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EX E"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EX E"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw. exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A6F0F714918B7570.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 29/02/2008 2:18:19.15
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt

heres the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:19:56, on 29/02/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\Documents and Settings\vikrensimraj\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {465047D5-856C-66A1-625E-6C9A6AE9514E} - C:\DOCUME~1\VIKREN~1\APPLIC~1\filelies\popdupe.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B0DD4019-81B2-42A3-B76F-5D8E8EBD8A05} - C:\WINDOWS\System32\awtqn.dll (file missing)
O2 - BHO: {e2ecce1a-fce6-1e9a-d464-1ff0f64076ab} - {ba67046f-0ff1-464d-a9e1-6ecfa1ecce2e} - C:\WINDOWS\System32\hyafflgi.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\Documents and Settings\vikrensimraj\Local Settings\Temporary Internet Files\Content.IE5\CF9JYEVP\WFI[1].exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [DefySeek] C:\DOCUME~1\VIKREN~1\APPLIC~1\grimlite\Corn does active.exe
O4 - HKCU\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/sel...g/ESTPTest.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/VIKREN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/VIKREN~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif

--
End of file - 10942 bytes

**Neal** · 29-02-2008

Run hijackthis and click on "scan system only" button and put checks next to these:

O2 - BHO: (no name) - {465047D5-856C-66A1-625E-6C9A6AE9514E} - C:\DOCUME~1\VIKREN~1\APPLIC~1\filelies\popdupe.exe (file missing)
O2 - BHO: (no name) - {B0DD4019-81B2-42A3-B76F-5D8E8EBD8A05} - C:\WINDOWS\System32\awtqn.dll (file missing)
O2 - BHO: {e2ecce1a-fce6-1e9a-d464-1ff0f64076ab} - {ba67046f-0ff1-464d-a9e1-6ecfa1ecce2e} - C:\WINDOWS\System32\hyafflgi.dll (file missing)

O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\Documents and Settings\vikrensimraj\Local Settings\Temporary Internet Files\Content.IE5\CF9JYEVP\WFI[1].exe"
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [DefySeek] C:\DOCUME~1\VIKREN~1\APPLIC~1\grimlite\Corn does active.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Please close ALL browser windows (including this one).

Everything closed out but hijackthis and click on "fix checked"

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):

DELETE FOLDERS

C:\DOCUME~1\VIKREN~1\APPLICATION DATA\filelies
"C:\Documents and Settings\vikrensimraj\Local Settings\Temporary Internet Files\Content.IE5\CF9JYEVP
C:\Program FilesWinFixer_2005
C:\DOCUME~1\VIKREN~1\APPLICATION DATA\grimlite

Reboot your PC and post a new hijackthis log plus tell me how are things doing now please.

**anil_ks** · 01-03-2008

hey ive deleted the files:

C:\Program FilesWinFixer_2005
C:\DOCUME~1\VIKREN~1\APPLICATION DATA\grimlite
C:\DOCUME~1\VIKREN~1\APPLICATION DATA\filelies

but i could not find the file:

"C:\Documents and Settings\vikrensimraj\Local Settings\Temporary Internet Files\Content.IE5\CF9JYEVP

should i still restart the computer and post a HijackThis log or do you suggest something else?

**anil_ks** · 01-03-2008

hey i decided to restart and send the hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:30:24, on 01/03/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\RUNDLL32.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee.com\PERSON~1\Mp***ent.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\vikrensimraj\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dial.blueyonder.co.uk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S 2.EXE /P23 "EPSON Stylus C66 Series" /M "Stylus C66" /EF "HKCU"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://dial.blueyonder.co.uk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/sel...g/ESTPTest.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/VIKREN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/VIKREN~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif

--
End of file - 10107 bytes

i have not tried connecting the computer to the internet just in case i get another virus. therefore i am not quite sure how or if it does run on the internet. everything seems to be working normally but i cannot be sure if everything works properly! i will connect it to the internet and let you know how it works!

**Neal** · 01-03-2008

Meant to ask sooner but forgot, do you know what these are in hijackthis:

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/VIKREN~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/VIKREN~1/LOCALS~1/Temp/msohtml1/01/clip_image001.gif

massive problem on other computer!!

Re: massive problem on other computer!!

Similar Threads

Kersal Massive RMX 2008

Massive Audio Dilema