Member Avatar for Chuc

Hi, my problem is probably the same as Steeko's (http://www.daniweb.com/forums/thread96071.html), where explorer.exe upon startup crashes and attempts to restart itself. I've tried manually closing it and restarting it, but to no avail.

I've tried running AVG, Adaware, SpybotS&D and ComboFix numerous times, but the problem still crept back.

I'll post a combofix log after I perform one more scan with it.

Hijackthis log
---------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:58 PM, on 16/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
D:\Program Files\Lexmark 8300 Series\lxcjmon.exe
D:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\WINDOWS\system32\lxcjcoms.exe
D:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\taskmgr.exe
D:\Documents and Settings\Sew Hoy\My Documents\Gozilla Downloads\HiJackThis.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "D:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GM_DevUpdate.lnk = D:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148547639109
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCF23E75-5455-470D-ABA1-E69861C11443}: NameServer = 192.168.1.1,4.2.2.2
O21 - SSODL: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - (no file)
O22 - SharedTaskScheduler: horologium - {7be183d2-a42d-4915-bf60-ec86fbf002cf} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - D:\Program Files\WinPcap\rpcapd.exe (file missing)

--
End of file - 7158 bytes

  • 2 Contributors
  • 9 Replies
  • 152 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by Chuc

Recommended Answers

All 9 Replies

Member Avatar for Chuc

Here's the combofix log.

-------------
ComboFix 07-11-08.1 - Alastair 2007-11-16 13:35:03.3 - NTFSx86 
Microsoft Windows XP Professional  5.1.2600.2.932.81.1033.18.1527 [GMT 11:00]
Running from: D:\Documents and Settings\Sew Hoy\My Documents\Gozilla Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2

.
(((((((((((((((((((((((((   Files Created from 2007-10-16 to 2007-11-16  )))))))))))))))))))))))))))))))
.

2007-11-16 13:15    <DIR>    d--------   C:\VundoFix Backups
2007-11-16 09:39    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-11-15 23:03    104,960 --a------   C:\WINDOWS\system32\drvtih.dll
2007-11-15 23:03    36,352  --a------   C:\WINDOWS\system32\iifgddb.dll
2007-11-15 16:56    36,352  --a------   C:\WINDOWS\system32\cbxwwtt.dll
2007-11-06 20:55    <DIR>    d--------   D:\Program Files\NVIDIA Corporation
2007-11-06 20:54    151,552 --a------   C:\WINDOWS\system32\nvRegDev.dll
2007-10-23 16:31    <DIR>    d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2007-10-23 16:28    <DIR>    d--------   D:\Program Files\Autodesk
2007-10-23 16:28    <DIR>    d--------   C:\Program Files\Common Files\Autodesk Shared
2007-10-17 19:21    <DIR>    d--------   D:\Program Files\TechSmith
2007-10-17 19:21    <DIR>    d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-15 23:26    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\AVG7
2007-11-15 23:08    ---------   d-----w D:\Program Files\Lx_cats
2007-11-15 00:07    ---------   d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-14 22:19    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\teamspeak2
2007-11-14 11:09    22,328  -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-14 11:08    107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-11-12 23:06    ---------   d--h--w D:\Program Files\InstallShield Installation Information
2007-11-09 09:41    22,328  -c--a-w C:\Documents and Settings\Alastair\Application Data\PnkBstrK.sys
2007-11-09 09:39    674,600 -c--a-w C:\WINDOWS\system32\pbsvc.exe
2007-11-09 09:39    66,872  ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-11-08 19:44    ---------   d-----w C:\Documents and Settings\Guest\Application Data\AVG7
2007-11-06 02:14    ---------   d-----w D:\Program Files\CNC3
2007-11-04 00:58    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-11-01 06:23    499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-11-01 06:23    348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-10-23 04:56    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\uTorrent
2007-10-23 04:55    ---------   d-----w D:\Program Files\MagicISO
2007-10-14 00:43    ---------   d-----w D:\Program Files\Vstplugins
2007-10-14 00:37    ---------   d-----w D:\Program Files\Sony
2007-10-11 07:21    451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.413 Uninstall.exe
2007-10-11 07:21    ---------   d-----w D:\Program Files\Radeon Omega Drivers
2007-10-11 07:13    ---------   d-----w D:\Program Files\ATI Tray Tools
2007-10-11 07:11    ---------   d-----w D:\Program Files\ATI Technologies
2007-10-10 11:47    ---------   d-----w D:\Program Files\Java
2007-10-09 09:23    7,680   ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-10-07 00:39    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\Publish Providers
2007-10-07 00:38    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\Sony
2007-10-07 00:34    ---------   d-----w D:\Program Files\Sony Setup
2007-10-06 23:45    ---------   d-----w D:\Program Files\MP3 Converter Simple
2007-10-05 06:39    ---------   d-----w D:\Program Files\Windows Media Connect 2
2007-09-27 22:31    46,480  ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-27 22:08    352,256 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-09-27 22:06    268,800 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-09-27 22:06    2,418,688   ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-27 22:04    307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-09-27 21:58    43,520  ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-09-27 21:58    26,112  ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-09-27 21:58    143,360 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-09-27 21:58    122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-09-27 21:58    122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-09-27 21:56    483,328 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-09-27 21:55    53,248  ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-09-27 21:49    8,306,688   ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-09-27 21:47    3,091,808   ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-09-27 21:36    1,586,816   ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-09-27 21:23    5,435,392   ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-09-27 21:23    266,240 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-09-27 21:21    17,408  ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-09-27 21:20    49,152  ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-27 21:19    172,032 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-09-27 21:15    450,560 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-09-09 00:46    108,144 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-08-21 06:15    683,520 -c--a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 00:26    81,920  ----a-w C:\WINDOWS\system32\dpl100.dll
2007-08-21 00:26    196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-06-28 20:25    8,612   -c--a-w D:\Program Files\QuickTime Read Me.htm
2007-06-28 20:25    749,568 -c--a-w D:\Program Files\QTOControl.dll
2007-06-28 20:25    684,032 -c--a-w D:\Program Files\QTOLibrary.dll
2007-06-28 20:25    618,496 -c--a-w D:\Program Files\QTInfo.exe
2007-06-28 20:25    6,124,864   -c--a-w D:\Program Files\QuickTimePlayer.exe
2007-06-28 20:25    574,784 -c--a-w D:\Program Files\QTPlugin.ocx
2007-06-28 20:25    303,104 -c--a-w D:\Program Files\QTUIPanelControl.dll
2007-06-28 20:24    55,622  -c--a-w D:\Program Files\Sample.mov
2007-06-28 20:24    483,328 -c--a-w D:\Program Files\PictureViewer.exe
2007-06-28 20:24    286,720 -c--a-w D:\Program Files\QTTask.exe
2007-06-28 20:24    18,663  -c--a-w D:\Program Files\Sample.qtif
2007-05-31 07:32    50,704  -c--a-w C:\Documents and Settings\Alastair\Start.exe
2006-12-03 00:16    8,920   -c--a-w D:\Program Files\CinemaForgethumbnail.jpg
2006-08-31 11:54    28  -c--a-w D:\Program Files\deviceinfo
2006-03-27 07:47    2,023,424   -c--a-w C:\Documents and Settings\mIRC\mirc.exe
2006-01-28 23:59    3,890,462   -c--a-w D:\Program Files\CinemaForgecinemaforge.xmfg
2006-01-11 06:09    2,162,688   -c--a-r D:\Program Files\CoolType.dll
2006-01-03 07:04    13  -c--a-w D:\Program Files\dfx_skin.txt
2006-01-02 08:18    3,289   -c--a-w D:\Program Files\OperaDef6.ini
2006-01-02 08:06    67  -c--a-w D:\Program Files\spellcheck.ini
2006-01-01 10:40    719,360 -c--a-w D:\Program Files\dbghelp.dll
2006-01-01 10:40    667,689 -c--a-w D:\Program Files\rjbres.dll
2006-01-01 10:40    61,485  -c--a-w D:\Program Files\rjwmapln.dll
2006-01-01 10:40    57,762  -c--a-w D:\Program Files\howto.chm
2006-01-01 10:40    57,385  -c--a-w D:\Program Files\tpasdk.dll
2006-01-01 10:40    568 -c--a-w D:\Program Files\fpsectbl
2006-01-01 10:40    51,093  -c--a-w D:\Program Files\RealNetworks License.html
2006-01-01 10:40    51,093  -c--a-w D:\Program Files\playrlic.html
2006-01-01 10:40    49,207  -c--a-w D:\Program Files\rpshellsearch.dll
2006-01-01 10:40    49,197  -c--a-w D:\Program Files\ierjplug.dll
2006-01-01 10:40    49,195  -c--a-w D:\Program Files\mmcdda32.dll
2006-01-01 10:40    46,501  -c--a-w D:\Program Files\RealNetworks License.txt
2006-01-01 10:40    46,501  -c--a-w D:\Program Files\playrlic.txt
2006-01-01 10:40    45,109  -c--a-w D:\Program Files\rpau3260.dll
2006-01-01 10:40    340,040 -c--a-w D:\Program Files\dtdr3260.dll
2006-01-01 10:40    335,911 -c--a-w D:\Program Files\rjdlg.dll
2006-01-01 10:40    32,812  -c--a-w D:\Program Files\tnetdtct.dll
2006-01-01 10:40    32,809  -c--a-w D:\Program Files\rjprog.dll
2006-01-01 10:40    28,729  -c--a-w D:\Program Files\rpwa3260.dll
2006-01-01 10:40    28,721  -c--a-w D:\Program Files\wmdmhelper.dll
2006-01-01 10:40    201,949 -c--a-w D:\Program Files\realplay.chm
2006-01-01 10:40    20,523  -c--a-w D:\Program Files\fixrjb.exe
2006-01-01 10:40    2,851   -c--a-w D:\Program Files\cdroms.cfg
2006-01-01 10:40    16,296  -c--a-w D:\Program Files\realtfon.fon
2006-01-01 10:40    139,264 -c--a-w D:\Program Files\DUNZIP32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
2007-11-15 16:56    36352   --a------   C:\WINDOWS\system32\cbxwwtt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0363C83-78E7-498A-858F-43FF3CD83C0A}]
            C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 16:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:32]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-11 01:57]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 18:56]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10]
"P17Helper"="P17.dll" [2006-03-17 17:11 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"CTXFIREG"="CTxfiReg.exe" []
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-02-25 08:07]
"lxcjmon.exe"="D:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [2005-10-01 01:49]
"EzPrint"="D:\Program Files\Lexmark 8300 Series\ezprint.exe" [2006-04-20 00:57]
"QuickTime Task"="D:\Program Files\qttask.exe" [2007-06-29 07:24]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"AtiPTA"="atiptaxx.exe" [2006-02-22 13:05 C:\WINDOWS\system32\atiptaxx.exe]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 18:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:56]

C:\Documents and Settings\Alastair\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
GM_DevUpdate.lnk - D:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe [2007-06-24 15:13:53]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-12-30 16:24:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"= C:\WINDOWS\system32\cbxwwtt.dll [2007-11-15 16:56 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwwtt] 
cbxwwtt.dll 2007-11-15 16:56 36352 C:\WINDOWS\system32\cbxwwtt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhhh] 
ljjjhhh.dll 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GTablet]
C:\PROGRA~1\GENIUS~1\GTablet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=3 (0x3)
"WebUpdate"=2 (0x2)
"WmiApSrv"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TlntSvr"=3 (0x3)
"TapiSrv"=3 (0x3)
"LmHosts"=2 (0x2)
"SCardSvr"=3 (0x3)
"wscsvc"=2 (0x2)
"seclogon"=2 (0x2)
"SSDPSRV"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"SysmonLog"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"cisvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ATI Smart"=2 (0x2)

R0 VirtualK;VirtaulK;C:\WINDOWS\system32\drivers\VirtualK.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 atitray;atitray;\??\D:\Program Files\ATI Tray Tools\atitray.sys
R3 epcfw2k;SCM Parallel Port CF Driver;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys
R3 gsernt;gsernt;C:\WINDOWS\system32\DRIVERS\gsernt.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys
R3 skbusenum;SKBus Enumerator;C:\WINDOWS\system32\DRIVERS\skbusenum.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S2 EMSLCD;EMS LCD-Link driver V1.0;C:\WINDOWS\system32\Drivers\EMSLCD.sys
S3 Beemgmferv;Beemgmferv;C:\WINDOWS\system32\drivers\npfs.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;C:\WINDOWS\system32\Drivers\FarDrive.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 tap0801;Global LAN interface;C:\WINDOWS\system32\DRIVERS\tap0801.sys
S3 Umcengrewr;Umcengrewr;C:\WINDOWS\system32\findstr.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-11-16 13:42:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-16 13:43:29 - machine was rebooted 
C:\ComboFix2.txt ... 2007-11-16 12:57
C:\ComboFix3.txt ... 2007-11-16 10:04
.
    --- E O F ---
Edited by mike_2000_17 because: Fixed formatting
Member Avatar for gerbil

Hello, chuc,
I must say that I am intrigued by the structure of your Program Files directory...
==Download SmitfraudFix (by S!Ri) from http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract the content (a folder named SmitfraudFix) to your Desktop.
- Restart your computer in Safe Mode.
- Open the SmitfraudFix folder and double-click SmitfraudFix.cmd, select option #2 - Clean [type 2 and Enter]
You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer Y and Enter [which will remove the desktop background and clean registry keys associated with the infection].
The tool will next check if wininet.dll is infected- if it is you will be prompted to replace the file ; type Y and press "Enter".
It will also create a log named rapport.txt in the root of your drive, eg: Local Disk C:\
Restart in normal Windows. Please post C:\rapport.txt
[You may also have to restore your desktop background...
If so, go Start >run, type regedit and <enter>. Navigate to this key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Please export that key: in the left pane highlight system with a lclick, go File, export... , save as bluewall with file type .txt. Close regedit and post that txt file.]

==Please copy the text between the lines to a notepad [format/wordwrap unchecked] and save as CFScript.txt to where you saved Combofix -that is, to a folder or your desktop.
__________________________________________________________

File::
C:\WINDOWS\system32\drvtih.dll
C:\WINDOWS\system32\iifgddb.dll
C:\WINDOWS\system32\cbxwwtt.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60E2746A-9C2E-45A2-85CE-7E1A8A890961}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0363C83-78E7-498A-858F-43FF3CD83C0A}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwwtt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjhhh]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{60E2746A-9C2E-45A2-85CE-7E1A8A890961}"=-

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00
__________________________________________________________

Good. Now drag CFScript.txt onto Combofix [drag the icon if on your desktop, or the filename if in a folder]. Combofix will start, let it run, if your firewall prompts then allow all; post the log.
Okay, two logs to post, please.

Member Avatar for Chuc

SmitFraudFix Log

SmitFraudFix v2.253

Scan done at 11:31:42.10, 17/11/2007 Sat
Run from C:\Documents and Settings\Alastair\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

ササササササササササササササササササササササササ SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7be183d2-a42d-4915-bf60-ec86fbf002cf}"="horologium"


ササササササササササササササササササササササササ Killing process


ササササササササササササササササササササササササ hosts

127.0.0.1       localhost

ササササササササササササササササササササササササ Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


ササササササササササササササササササササササササ Generic Renos Fix

GenericRenosFix by S!Ri


ササササササササササササササササササササササササ Deleting infected files


ササササササササササササササササササササササササ DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6073EAAC-C988-4677-B8C9-7AE12ACCD636}: DhcpNameServer=192.170.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DCF23E75-5455-470D-ABA1-E69861C11443}: NameServer=192.168.1.1,4.2.2.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6073EAAC-C988-4677-B8C9-7AE12ACCD636}: DhcpNameServer=192.170.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DCF23E75-5455-470D-ABA1-E69861C11443}: NameServer=192.168.1.1,4.2.2.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6073EAAC-C988-4677-B8C9-7AE12ACCD636}: DhcpNameServer=192.170.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DCF23E75-5455-470D-ABA1-E69861C11443}: NameServer=192.168.1.1,4.2.2.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.170.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.170.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.170.1.1


ササササササササササササササササササササササササ Deleting Temp Files


ササササササササササササササササササササササササ Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


ササササササササササササササササササササササササ Registry Cleaning

Registry Cleaning done. 

ササササササササササササササササササササササササ SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


ササササササササササササササササササササササササ End


[B]Bluewall with File type[/B]
-------------
Key Name:          HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system
Class Name:        <NO CLASS>
Last Write Time:   2007/11/16 - 9:39


[B]Combofix log[/B]
---------------

ComboFix 07-11-08.1 - Alastair 2007-11-17 11:48:37.4 - NTFSx86 
Microsoft Windows XP Professional  5.1.2600.2.932.81.1033.18.1579 [GMT 11:00]
Running from: D:\Documents and Settings\Sew Hoy\My Documents\Gozilla Downloads\ComboFix.exe
Command switches used :: D:\Documents and Settings\Sew Hoy\My Documents\Gozilla Downloads\CFScript.txt
 * Created a new restore point

FILE
C:\WINDOWS\system32\cbxwwtt.dll
C:\WINDOWS\system32\drvtih.dll
C:\WINDOWS\system32\iifgddb.dll
.

    Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drvtih.dll
C:\WINDOWS\system32\iifgddb.dll
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\ssttr.dll

.
(((((((((((((((((((((((((   Files Created from 2007-10-17 to 2007-11-17  )))))))))))))))))))))))))))))))
.

2007-11-17 11:31    3,748   --a------   C:\WINDOWS\system32\tmp.reg
2007-11-16 13:15    <DIR>    d--------   C:\VundoFix Backups
2007-11-16 09:39    51,200  --a------   C:\WINDOWS\NirCmd.exe
2007-11-06 20:55    <DIR>    d--------   D:\Program Files\NVIDIA Corporation
2007-11-06 20:54    151,552 --a------   C:\WINDOWS\system32\nvRegDev.dll
2007-10-23 16:31    <DIR>    d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2007-10-23 16:28    <DIR>    d--------   D:\Program Files\Autodesk
2007-10-23 16:28    <DIR>    d--------   C:\Program Files\Common Files\Autodesk Shared
2007-10-17 19:21    <DIR>    d--------   D:\Program Files\TechSmith
2007-10-17 19:21    <DIR>    d--------   C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 00:24    ---------   d-----w D:\Program Files\Lx_cats
2007-11-16 13:25    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\teamspeak2
2007-11-16 11:56    22,328  -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-16 02:52    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\AVG7
2007-11-15 00:07    ---------   d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-12 23:06    ---------   d--h--w D:\Program Files\InstallShield Installation Information
2007-11-09 09:41    22,328  -c--a-w C:\Documents and Settings\Alastair\Application Data\PnkBstrK.sys
2007-11-08 19:44    ---------   d-----w C:\Documents and Settings\Guest\Application Data\AVG7
2007-11-06 02:14    ---------   d-----w D:\Program Files\CNC3
2007-11-04 00:58    ---------   d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-23 04:56    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\uTorrent
2007-10-23 04:55    ---------   d-----w D:\Program Files\MagicISO
2007-10-14 00:43    ---------   d-----w D:\Program Files\Vstplugins
2007-10-14 00:37    ---------   d-----w D:\Program Files\Sony
2007-10-11 07:21    451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.413 Uninstall.exe
2007-10-11 07:21    ---------   d-----w D:\Program Files\Radeon Omega Drivers
2007-10-11 07:13    ---------   d-----w D:\Program Files\ATI Tray Tools
2007-10-11 07:11    ---------   d-----w D:\Program Files\ATI Technologies
2007-10-10 11:47    ---------   d-----w D:\Program Files\Java
2007-10-07 00:39    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\Publish Providers
2007-10-07 00:38    ---------   d-----w C:\Documents and Settings\Alastair\Application Data\Sony
2007-10-07 00:34    ---------   d-----w D:\Program Files\Sony Setup
2007-10-06 23:45    ---------   d-----w D:\Program Files\MP3 Converter Simple
2007-10-05 06:39    ---------   d-----w D:\Program Files\Windows Media Connect 2
2007-09-27 22:31    46,480  ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-27 22:06    2,418,688   ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-27 21:20    49,152  ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-06-28 20:25    8,612   -c--a-w D:\Program Files\QuickTime Read Me.htm
2007-06-28 20:25    749,568 -c--a-w D:\Program Files\QTOControl.dll
2007-06-28 20:25    684,032 -c--a-w D:\Program Files\QTOLibrary.dll
2007-06-28 20:25    618,496 -c--a-w D:\Program Files\QTInfo.exe
2007-06-28 20:25    6,124,864   -c--a-w D:\Program Files\QuickTimePlayer.exe
2007-06-28 20:25    574,784 -c--a-w D:\Program Files\QTPlugin.ocx
2007-06-28 20:25    303,104 -c--a-w D:\Program Files\QTUIPanelControl.dll
2007-06-28 20:24    55,622  -c--a-w D:\Program Files\Sample.mov
2007-06-28 20:24    483,328 -c--a-w D:\Program Files\PictureViewer.exe
2007-06-28 20:24    286,720 -c--a-w D:\Program Files\QTTask.exe
2007-06-28 20:24    18,663  -c--a-w D:\Program Files\Sample.qtif
2007-05-31 07:32    50,704  -c--a-w C:\Documents and Settings\Alastair\Start.exe
2006-12-03 00:16    8,920   -c--a-w D:\Program Files\CinemaForgethumbnail.jpg
2006-08-31 11:54    28  -c--a-w D:\Program Files\deviceinfo
2006-03-27 07:47    2,023,424   -c--a-w C:\Documents and Settings\mIRC\mirc.exe
2006-01-28 23:59    3,890,462   -c--a-w D:\Program Files\CinemaForgecinemaforge.xmfg
2006-01-11 06:09    2,162,688   -c--a-r D:\Program Files\CoolType.dll
2006-01-03 07:04    13  -c--a-w D:\Program Files\dfx_skin.txt
2006-01-02 08:18    3,289   -c--a-w D:\Program Files\OperaDef6.ini
2006-01-02 08:06    67  -c--a-w D:\Program Files\spellcheck.ini
2006-01-01 10:40    719,360 -c--a-w D:\Program Files\dbghelp.dll
2006-01-01 10:40    667,689 -c--a-w D:\Program Files\rjbres.dll
2006-01-01 10:40    61,485  -c--a-w D:\Program Files\rjwmapln.dll
2006-01-01 10:40    57,762  -c--a-w D:\Program Files\howto.chm
2006-01-01 10:40    57,385  -c--a-w D:\Program Files\tpasdk.dll
2006-01-01 10:40    568 -c--a-w D:\Program Files\fpsectbl
2006-01-01 10:40    51,093  -c--a-w D:\Program Files\RealNetworks License.html
2006-01-01 10:40    51,093  -c--a-w D:\Program Files\playrlic.html
2006-01-01 10:40    49,207  -c--a-w D:\Program Files\rpshellsearch.dll
2006-01-01 10:40    49,197  -c--a-w D:\Program Files\ierjplug.dll
2006-01-01 10:40    49,195  -c--a-w D:\Program Files\mmcdda32.dll
2006-01-01 10:40    46,501  -c--a-w D:\Program Files\RealNetworks License.txt
2006-01-01 10:40    46,501  -c--a-w D:\Program Files\playrlic.txt
2006-01-01 10:40    45,109  -c--a-w D:\Program Files\rpau3260.dll
2006-01-01 10:40    340,040 -c--a-w D:\Program Files\dtdr3260.dll
2006-01-01 10:40    335,911 -c--a-w D:\Program Files\rjdlg.dll
2006-01-01 10:40    32,812  -c--a-w D:\Program Files\tnetdtct.dll
2006-01-01 10:40    32,809  -c--a-w D:\Program Files\rjprog.dll
2006-01-01 10:40    28,729  -c--a-w D:\Program Files\rpwa3260.dll
2006-01-01 10:40    28,721  -c--a-w D:\Program Files\wmdmhelper.dll
2006-01-01 10:40    201,949 -c--a-w D:\Program Files\realplay.chm
2006-01-01 10:40    20,523  -c--a-w D:\Program Files\fixrjb.exe
2006-01-01 10:40    2,851   -c--a-w D:\Program Files\cdroms.cfg
2006-01-01 10:40    16,296  -c--a-w D:\Program Files\realtfon.fon
2006-01-01 10:40    139,264 -c--a-w D:\Program Files\DUNZIP32.dll
2006-01-01 10:40    119,808 -c--a-w D:\Program Files\waiting.avi
2006-01-01 10:40    11,444  -c--a-w D:\Program Files\frw.bmp
2006-01-01 10:40    102,441 -c--a-w D:\Program Files\tsasdk.dll
2006-01-01 10:39    86,065  -c--a-w D:\Program Files\rpplugprot.dll
2006-01-01 10:39    682 -c--a-w D:\Program Files\realplay.exe.manifest
2006-01-01 10:39    61,495  -c--a-w D:\Program Files\ssimages.vs
2006-01-01 10:39    57,395  -c--a-w D:\Program Files\rdsf3260.dll
2006-01-01 10:39    53,098  -c--a-w D:\Program Files\presets.rnx
2006-01-01 10:39    522,566 -c--a-w D:\Program Files\normal.vs
2006-01-01 10:39    50  -c--a-w D:\Program Files\strs23.dat
2006-01-01 10:39    49,198  -c--a-w D:\Program Files\rpshell.dll
2006-01-01 10:39    480 -c--a-w D:\Program Files\keys.dat
2006-01-01 10:39    331,776 -c--a-w D:\Program Files\CDDBRealControl.dll
2006-01-01 10:39    23,558  -c--a-w D:\Program Files\freeoffers.ico
2006-01-01 10:39    208,941 -c--a-w D:\Program Files\realplay.exe
2006-01-01 10:39    207 -c--a-w D:\Program Files\subscription.rnx
2006-01-01 10:39    20,531  -c--a-w D:\Program Files\rphelperapp.exe
2006-01-01 10:39    20,529  -c--a-w D:\Program Files\realjbox.exe
2006-01-01 10:39    17,846  -c--a-w D:\Program Files\videotest.rm
2006-01-01 10:39    13  -c--a-w D:\Program Files\strs26.dat
2006-01-01 10:39    1,030   -c--a-w D:\Program Files\autoplaylist.dat
2005-11-15 00:34    160,637 -c--a-w D:\Program Files\english.lng
2005-11-14 03:40    78,336  -c--a-w D:\Program Files\Opera.exe
2005-11-14 03:40    49,152  -c--a-w D:\Program Files\xmlparse.dll
2005-11-14 03:40    34,816  -c--a-w D:\Program Files\spellcheck.dll
2005-11-14 03:40    31,232  -c--a-w D:\Program Files\zip.dll
2005-11-14 03:40    26,112  -c--a-w D:\Program Files\OUniAnsi.dll
2005-11-14 03:40    2,480,640   -c--a-w D:\Program Files\Opera.dll
.

(((((((((((((((((((((((((((((   snapshot@2007-11-16_10.03.24.12   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-14 11:08:53   107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
+ 2007-11-16 11:54:37   107,832 -c--a-w C:\WINDOWS\system32\PnkBstrB.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4E4AE43-52C2-4A93-B408-62D84C24E060}]
            C:\WINDOWS\system32\ssttr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 16:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:32]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 16:32]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-11 01:57]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 12:05]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 17:00]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" []
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-25 18:56]
"CTSysVol"="D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 17:10]
"P17Helper"="P17.dll" [2006-03-17 17:11 C:\WINDOWS\system32\P17.dll]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"CTXFIREG"="CTxfiReg.exe" []
"LXCJCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll" [2006-02-25 08:07]
"lxcjmon.exe"="D:\Program Files\Lexmark 8300 Series\lxcjmon.exe" [2005-10-01 01:49]
"EzPrint"="D:\Program Files\Lexmark 8300 Series\ezprint.exe" [2006-04-20 00:57]
"QuickTime Task"="D:\Program Files\qttask.exe" [2007-06-29 07:24]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"AtiPTA"="atiptaxx.exe" [2006-02-22 13:05 C:\WINDOWS\system32\atiptaxx.exe]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-04 18:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:56]

C:\Documents and Settings\Alastair\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
GM_DevUpdate.lnk - D:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe [2007-06-24 15:13:53]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
NaturalColorLoad.lnk - C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe [2006-12-30 16:24:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssttr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GTablet]
C:\PROGRA~1\GENIUS~1\GTablet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=2 (0x2)
"iPodService"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=3 (0x3)
"WebUpdate"=2 (0x2)
"WmiApSrv"=3 (0x3)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"TermService"=3 (0x3)
"TlntSvr"=3 (0x3)
"TapiSrv"=3 (0x3)
"LmHosts"=2 (0x2)
"SCardSvr"=3 (0x3)
"wscsvc"=2 (0x2)
"seclogon"=2 (0x2)
"SSDPSRV"=3 (0x3)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"SysmonLog"=3 (0x3)
"McTskshd.exe"=2 (0x2)
"cisvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"ERSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ATI Smart"=2 (0x2)

R0 VirtualK;VirtaulK;C:\WINDOWS\system32\drivers\VirtualK.sys
R1 ATITool;ATITool Overclocking Utility;C:\WINDOWS\system32\DRIVERS\ATITool.sys
R1 atitray;atitray;\??\D:\Program Files\ATI Tray Tools\atitray.sys
R3 epcfw2k;SCM Parallel Port CF Driver;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys
R3 gsernt;gsernt;C:\WINDOWS\system32\DRIVERS\gsernt.sys
R3 P17;Sound Blaster Audigy;C:\WINDOWS\system32\drivers\P17.sys
R3 p17filt;p17filt;C:\WINDOWS\system32\drivers\p17filt.sys
R3 skbusenum;SKBus Enumerator;C:\WINDOWS\system32\DRIVERS\skbusenum.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S1 rxp;rxp;\??\C:\WINDOWS\system32\drivers\rxp.sys
S2 EMSLCD;EMS LCD-Link driver V1.0;C:\WINDOWS\system32\Drivers\EMSLCD.sys
S3 Beemgmferv;Beemgmferv;C:\WINDOWS\system32\drivers\npfs.sys
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
S3 FarStoneFireWallDrive;FarStoneFireWallDrive;C:\WINDOWS\system32\Drivers\FarDrive.sys
S3 FreshIO;FreshIO;\??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 tap0801;Global LAN interface;C:\WINDOWS\system32\DRIVERS\tap0801.sys
S3 Umcengrewr;Umcengrewr;C:\WINDOWS\system32\findstr.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2007-11-17 11:55:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-17 11:56:16 - machine was rebooted 
C:\ComboFix2.txt ... 2007-11-16 13:43
C:\ComboFix3.txt ... 2007-11-16 12:57
.
    --- E O F ---
Edited by mike_2000_17 because: Fixed formatting
Member Avatar for gerbil

It appears that you have a vundo infection, or traces of one, so please rename hijackthis.exe to imabunny.exe - this is important.
==Please download VundoFix.exe to your desktop from http://www.atribune.org/ccount/click.php?id=4
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
When the scan completes click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt plus a new HijackThis log.

Member Avatar for Chuc

Ah thank you so very much, it appears fixed now, but I did the Vundo scan like you said, but it poped up with absolutely nothing.

I think its solved.

Member Avatar for gerbil

There are bad files there; try running Vundofix this way:
=Restart your system in Safe Mode.
Double-click VundoFix.exe to start it. Click the Scan for Vundo button.
*****When the scan completes rclick inside the white text box, lclick the Addmore files? line, paste into the new window these pathnames [one per line]:

C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\rttss.*

Click the Add Files button, and next the Remove Vundo button.******

You will receive a prompt asking if you want to remove the files - click YES
Your desktop will then go blank as the process of removing Vundo starts.
When completed it will prompt that it will restart your computer - click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

!!! Check the Vundofix log for any found files that were not deleted - if present rerun Vundofix !!!
Post the contents of C:\vundofix.txt plus a new HijackThis log.

Member Avatar for Chuc

VundoFix V6.6.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 8:33:02 PM 17/11/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Performing Repairs to the registry.
Done!

Beginning removal...

Performing Repairs to the registry.
Done!

---------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:47 PM, on 17/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Lexmark 8300 Series\lxcjmon.exe
D:\Program Files\Lexmark 8300 Series\ezprint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
D:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
D:\Documents and Settings\Sew Hoy\My Documents\Gozilla Downloads\imabunny.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] D:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [LXCJCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcjmon.exe] "D:\Program Files\Lexmark 8300 Series\lxcjmon.exe"
O4 - HKLM\..\Run: [EzPrint] "D:\Program Files\Lexmark 8300 Series\ezprint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: GM_DevUpdate.lnk = D:\Program Files\USB all-in-one game controller\GM_DevUpdate.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NaturalColorLoad.lnk = C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCF23E75-5455-470D-ABA1-E69861C11443}: NameServer = 192.168.1.1,4.2.2.2
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcj_device - - C:\WINDOWS\system32\lxcjcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - D:\Program Files\WinPcap\rpcapd.exe (file missing)

--
End of file - 7053 bytes

Member Avatar for gerbil

Ah... I see now what I missed... I gave you some extra work because of it - sorry about that, chuc.
I missed that the last Combofix run deleted ssttr.dll, but it did leave its run keys. The first Vundofix run removed those keys but because the file was gone did not report that it had done so...
The second Vundofix run was unnecessary. Your HT is a clean log. Almost polished, really.
Cheers, and thankyou.

Member Avatar for Chuc

No no, thank YOU! =)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.