Help

Status
Not open for further replies.
D

Dustin123

Baseband Member
Messages
61
http://i26.tinypic.com/296ewc9.jpg
Okay, It seems I got this virus over night..
will post hijack logs.
Any clue to which one it is?
If I can't fix this, I'm going to consider reformatting.
EDIT
Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:00 AM, on 7/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My] C:\WINDOWS\host.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [13520314] C:\Documents and Settings\All Users\Application Data\13520314\13520314.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs:  
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8856 bytes
EDIT again
After I ran AVG
Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:21 PM, on 7/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Xfire\xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Silkroad\sro_client.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Gamevance\gamevance32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My] C:\WINDOWS\host.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [13520314] C:\Documents and Settings\All Users\Application Data\13520314\13520314.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyFirewall] C:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9709 bytes
 
Okay, the virus came back.
It made up a process with numbers that google didn't have.
The trojan it is, that it auto installs? System security crud.
Then I have to kill the process in order to keep doing what I am.
Will edit this post with MalwareBytes scan log.
EDIT
Here it is.
Code: 
Malwarebytes' Anti-Malware 1.38
Database version: 2389
Windows 5.1.2600 Service Pack 3

7/10/2009 12:28:45 PM
mbam-log-2009-07-10 (12-28-42).txt

Scan type: Full Scan (C:\|)
Objects scanned: 203385
Time elapsed: 2 hour(s), 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> No action taken.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13535154 (Rogue.Multiple.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\13535154 (Rogue.Multiple.H) -> No action taken.

Files Infected:
c:\documents and settings\all users\application data\13535154\13535154 (Rogue.Multiple.H) -> No action taken.
c:\documents and settings\all users\application data\13535154\13535154.exe (Rogue.Multiple.H) -> No action taken.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Keng\protect.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\config\systemprofile\protect.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\Keng\start menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\msb.dll (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\wxvnnthljp.exe (Trojan.Dropper) -> No action taken.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\Keng\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\Keng\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken.
Code: 
Malwarebytes' Anti-Malware 1.38
Database version: 2389
Windows 5.1.2600 Service Pack 3

7/10/2009 12:32:28 PM
mbam-log-2009-07-10 (12-32-28).txt

Scan type: Full Scan (C:\|)
Objects scanned: 203385
Time elapsed: 2 hour(s), 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13535154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\All Users\Application Data\13535154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\all users\application data\13535154\13535154 (Rogue.Multiple.H) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\13535154\13535154.exe (Rogue.Multiple.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Keng\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Keng\start menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\config\systemprofile\start menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\msb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wxvnnthljp.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Keng\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Keng\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
 
I forgot to mention....

Run combofix first and then run malwarebytes, post both their long and then a new hijackthis log
 
Here's the Combofix log.
Code: 
ComboFix 09-07-14.08 - Keng 07/15/2009 13:14.1.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.745 [GMT -7:00]
Running from: c:\documents and settings\Keng\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Keng\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\system32\config\systemprofile\Desktop\System Security 2009.lnk
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security
c:\windows\system32\config\systemprofile\Start Menu\Programs\System Security\System Security
c:\windows\system32\drivers\hjgruihigxtppt.sys
c:\windows\system32\hjgruiefdnjcja.dat
c:\windows\system32\hjgruipyouglxu.dll
c:\windows\system32\hjgruisoqelwrd.dll
c:\windows\system32\hjgruivgmfiylq.dat
c:\windows\system32\WgaLogon.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruixjbowrrn


(((((((((((((((((((((((((   Files Created from 2009-06-15 to 2009-07-15  )))))))))))))))))))))))))))))))
.

2009-07-09 01:40 . 2009-07-09 01:40	46870480	----a-w-	c:\documents and settings\Keng\Application Data\Uniblue\DriverScanner\Download\usb_vid_03f0_pid_4f11_mi_0210_1_1_3.exe
2009-07-08 22:40 . 2009-07-08 22:40	--------	d--h--w-	c:\windows\PIF
2009-07-08 22:39 . 2008-04-13 17:47	25856	-c--a-w-	c:\windows\system32\dllcache\usbprint.sys
2009-07-08 22:39 . 2008-04-13 17:47	25856	----a-w-	c:\windows\system32\drivers\usbprint.sys
2009-07-08 00:00 . 2009-06-17 18:27	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 00:00 . 2009-07-08 00:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-07-08 00:00 . 2009-06-17 18:27	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-07 17:35 . 2009-07-07 20:47	--------	d--h--w-	C:\$AVG8.VAULT$
2009-07-07 17:22 . 2009-07-07 17:20	2052888	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-07 17:20 . 2009-07-08 00:19	--------	d-----w-	c:\documents and settings\All Users\Application Data\avg8
2009-07-07 17:20 . 2009-07-07 17:20	--------	d-----w-	c:\program files\AVG
2009-07-07 17:16 . 2009-07-07 17:16	--------	d-----w-	c:\program files\Trend Micro
2009-07-06 03:27 . 2009-07-06 03:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\ATI
2009-07-06 01:33 . 2009-07-06 19:17	--------	d-----w-	c:\documents and settings\Keng\Application Data\BitTorrent
2009-07-06 01:33 . 2009-07-06 01:33	--------	d-----w-	c:\program files\BitTorrent
2009-07-06 01:32 . 2008-01-10 21:30	442368	----a-w-	c:\windows\system32\nvusmb.exe
2009-07-06 01:31 . 2008-03-06 23:23	442368	----a-w-	c:\windows\system32\NVUNINST.EXE
2009-07-06 01:31 . 2009-07-06 01:31	--------	d-----w-	C:\NVIDIA
2009-07-06 01:30 . 2009-07-06 01:30	123199376	----a-w-	c:\documents and settings\Keng\Application Data\Uniblue\DriverScanner\Download\pci_ven_10de_dev_005e5_1_2600_0464.11_english_whql.exe
2009-07-06 01:19 . 2009-07-06 03:29	--------	d-----w-	c:\program files\ATI
2009-07-06 01:13 . 2009-07-06 01:13	40091352	----a-w-	c:\documents and settings\Keng\Application Data\Uniblue\DriverScanner\Download\pci_ven_1002_dev_724b_subsys_0b1210028_591_0_0000.exe
2009-07-06 01:06 . 2008-10-06 09:51	2651971	-c--a-w-	c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
2009-07-06 01:06 . 2009-07-06 01:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\DriverScanner
2009-07-06 01:06 . 2009-07-06 01:06	--------	d-----w-	c:\program files\Uniblue
2009-07-06 01:06 . 2009-07-06 01:06	--------	d-----w-	c:\documents and settings\Keng\Application Data\Uniblue
2009-07-06 01:04 . 2006-12-01 20:54	548864	-c--a-w-	c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\Windows\winsxs\b2rg91xw.1p4\msvcp80.dll
2009-07-05 18:57 . 2009-07-05 19:08	--------	d-----w-	c:\documents and settings\Keng\Application Data\vlc
2009-07-04 02:08 . 2009-07-08 19:26	--------	d-----w-	c:\program files\Silkroad
2009-07-02 18:55 . 2009-07-02 18:55	41808	----a-w-	c:\windows\system32\xfcodec.dll
2009-06-29 18:39 . 2009-06-29 18:39	--------	d-----w-	c:\program files\AskBarDis
2009-06-26 21:00 . 2009-06-26 21:00	--------	d-----w-	c:\documents and settings\Keng\Local Settings\Application Data\PunkBuster
2009-06-26 18:57 . 2009-06-29 21:36	138520	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-06-26 18:57 . 2009-06-26 18:57	139152	----a-w-	c:\documents and settings\Keng\Application Data\PnkBstrK.sys
2009-06-26 18:57 . 2009-06-29 21:35	189640	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-06-26 18:57 . 2009-06-26 18:57	794408	----a-w-	c:\windows\system32\pbsvc.exe
2009-06-26 18:57 . 2009-06-26 18:57	75064	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-06-26 18:21 . 2009-06-25 23:36	1291640	----a-w-	c:\documents and settings\Keng\Application Data\Mozilla\Firefox\Profiles\m55pyhqo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\BFHUpdater.exe
2009-06-26 18:21 . 2009-06-25 23:36	729088	----a-w-	c:\documents and settings\Keng\Application Data\Mozilla\Firefox\Profiles\m55pyhqo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
2009-06-21 22:07 . 2006-10-12 16:29	83504	----a-w-	c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\TEMP\ProgUpd.dll
2009-06-16 14:36 . 2009-06-16 14:36	81920	-c----w-	c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36	119808	-c----w-	c:\windows\system32\dllcache\t2embed.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 20:31 . 2009-02-17 00:26	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 20:31 . 2008-11-16 20:54	--------	d-----w-	c:\program files\Steam
2009-07-15 03:12 . 2008-11-16 20:56	--------	d-----w-	c:\documents and settings\Keng\Application Data\Xfire
2009-07-10 19:54 . 2009-03-14 05:01	--------	d-----w-	c:\program files\EA GAMES
2009-07-10 19:54 . 2008-11-16 21:04	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-07-10 18:30 . 2009-06-09 04:16	--------	d-----w-	c:\program files\Crayon Physics Deluxe
2009-07-09 01:19 . 2008-11-16 20:55	--------	d-----w-	c:\program files\Xfire
2009-07-07 18:30 . 2009-04-09 19:57	--------	d-----w-	c:\program files\DarKGunZ
2009-07-06 01:18 . 2008-11-16 21:04	--------	d-----w-	c:\program files\ATI Technologies
2009-07-06 01:06 . 2009-07-06 01:05	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-07-06 00:50 . 2009-05-01 22:44	--------	d-----w-	c:\documents and settings\All Users\Application Data\Norton
2009-06-24 02:15 . 2009-05-24 07:17	25	----a-w-	c:\windows\popcinfot.dat
2009-06-21 22:16 . 2008-11-22 23:23	--------	d-----w-	c:\program files\AIM6
2009-06-21 22:12 . 2008-11-22 23:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-21 22:08 . 2009-06-21 22:08	--------	d-----w-	c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-16 14:36 . 2004-08-04 01:07	81920	----a-w-	c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 01:07	119808	----a-w-	c:\windows\system32\t2embed.dll
2009-06-10 00:11 . 2009-06-10 00:11	--------	d-----w-	c:\documents and settings\Keng\Application Data\DragonicaSCB
2009-06-09 23:14 . 2009-06-09 23:14	--------	d-----w-	c:\program files\IAHGames
2009-06-09 22:29 . 2009-06-09 04:17	--------	d-----w-	c:\documents and settings\Keng\Application Data\Crayon Physics Deluxe
2009-06-07 00:24 . 2009-01-13 00:10	--------	d-----w-	c:\documents and settings\Keng\Application Data\TeamViewer
2009-06-06 22:42 . 2009-06-02 04:30	--------	d-----w-	c:\program files\Zombie Shooter
2009-06-03 19:09 . 2004-08-04 01:07	1291264	----a-w-	c:\windows\system32\quartz.dll
2009-06-02 04:29 . 2009-06-02 04:29	--------	d-----w-	c:\program files\ReflexiveArcade
2009-05-31 01:23 . 2009-05-31 01:13	--------	d-----w-	c:\program files\ProxyFirewall
2009-05-31 00:19 . 2009-05-28 23:50	--------	d-----w-	c:\program files\Winamp
2009-05-30 23:36 . 2009-05-30 23:35	--------	d-----w-	c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-30 23:36 . 2008-12-01 00:21	--------	d-----w-	c:\program files\iTunes
2009-05-30 23:36 . 2009-05-30 23:36	--------	d-----w-	c:\program files\iPod
2009-05-30 23:36 . 2008-11-16 22:27	--------	d-----w-	c:\program files\Common Files\Apple
2009-05-30 23:33 . 2009-05-30 23:33	--------	d-----w-	c:\program files\Bonjour
2009-05-30 23:33 . 2009-05-30 23:32	--------	d-----w-	c:\program files\QuickTime
2009-05-30 22:52 . 2009-05-30 22:52	--------	d-----w-	c:\program files\LegacyGamers
2009-05-30 06:55 . 2009-05-30 06:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-05-30 06:38 . 2009-05-30 06:38	--------	d-----w-	c:\program files\Messenger Plus! Live
2009-05-30 06:38 . 2009-05-30 06:38	--------	d-----w-	c:\program files\Windows Live
2009-05-30 06:38 . 2008-11-16 21:06	--------	d-----w-	c:\program files\MSN Messenger
2009-05-29 00:04 . 2009-05-28 23:50	--------	d-----w-	c:\documents and settings\Keng\Application Data\Winamp
2009-05-28 23:44 . 2009-05-28 23:43	--------	d-----w-	c:\program files\Virtual Audio Cable
2009-05-28 23:43 . 2009-05-28 23:43	40576	----a-w-	c:\windows\system32\drivers\vrtaucbl.sys
2009-05-27 05:56 . 2009-02-17 02:56	--------	d-----w-	c:\program files\Uninstall Plus v4.1
2009-05-21 03:56 . 2009-05-21 03:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\PopCap Games
2009-05-21 03:53 . 2009-02-16 22:27	--------	d-----w-	c:\documents and settings\Keng\Application Data\DivX
2009-05-19 08:36 . 2009-06-21 22:08	2884832	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-05-19 08:36 . 2009-06-21 22:08	28	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-05-19 08:36 . 2009-06-21 22:08	25	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\register.bat
2009-05-19 08:36 . 2009-06-21 22:08	1484856	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-05-19 08:36 . 2009-06-21 22:08	97072	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\bsetutil.exe
2009-05-19 08:36 . 2009-06-21 22:08	142040	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\alsetup.exe
2009-05-19 08:36 . 2009-06-21 22:08	30512	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-05-19 08:36 . 2009-06-21 22:08	111920	----a-w-	c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\AOLSearch.dll
2009-05-18 04:55 . 2009-05-18 04:55	--------	d-----w-	c:\documents and settings\Keng\Application Data\Viewpoint
2009-05-12 00:19 . 2009-05-12 00:19	207872	----a-w-	c:\documents and settings\Keng\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-05-12 00:19 . 2009-05-12 00:19	207872	----a-w-	c:\documents and settings\Keng\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-05-12 00:19 . 2009-05-12 00:19	207872	----a-w-	c:\documents and settings\Keng\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-05-12 00:19 . 2009-05-12 00:19	207872	----a-w-	c:\documents and settings\Keng\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-05-07 15:32 . 2004-08-04 01:07	345600	----a-w-	c:\windows\system32\localspl.dll
2009-05-02 03:39 . 2009-05-02 03:38	1332528	----a-w-	c:\documents and settings\Keng\Application Data\WSS.exe
2009-05-02 03:39 . 2009-05-02 03:38	1332528	----a-w-	c:\documents and settings\Keng\Application Data\WSS.exe
2009-04-17 12:26 . 2004-08-04 01:07	1847168	----a-w-	c:\windows\system32\win32k.sys
2009-01-12 01:47 . 2009-01-12 01:47	2454837	----a-w-	c:\program files\Internet Download Manager.rar
2008-12-26 05:33 . 2008-12-26 05:32	9154118	----a-w-	c:\program files\FrostWire.rar
2009-06-12 21:35 . 2009-01-01 22:04	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-20 04:20 . 2009-02-20 04:08	24	--sh--w-	c:\windows\S2AE48ECA.tmp
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-18 00:20	279944	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Fraps"="c:\fraps\FRAPS.EXE" [2009-01-03 1203880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"My"="c:\windows\host.exe" [2009-02-18 18944]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]

c:\documents and settings\Keng\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-7-2 3190096]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Daemons Ring\\DRGunZ March 2009\\DRGunZ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/22/2008 4:26 PM 24652]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [5/28/2009 4:43 PM 40576]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [11/16/2008 1:50 PM 36224]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Keng\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Keng\LOCALS~1\Temp\ALSysIO.sys [?]
S3 dump_wmimmc;dump_wmimmc;\??\c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys --> c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [?]
S3 FAELZZZ;FAELZZZ;\??\c:\documents and settings\Keng\Desktop\Rakion stage\Fael UCE\faelz.sys --> c:\documents and settings\Keng\Desktop\Rakion stage\Fael UCE\faelz.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Keng\LOCALS~1\Temp\NOD1E3.tmp --> c:\docume~1\Keng\LOCALS~1\Temp\NOD1E3.tmp [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{362C602B-51D4-A2C0-67FB-CBBACC7CBEE1}]
c:\windows\system32\service.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ProxyFirewall - c:\program files\ProxyFirewall\ProxyFirewall.exe
HKCU-Run-CubeDesktop - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.CPL


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101676&l=dis
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
FF - ProfilePath - c:\documents and settings\Keng\Application Data\Mozilla\Firefox\Profiles\m55pyhqo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Keng\Application Data\Mozilla\Firefox\Profiles\m55pyhqo.default\extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}\components\mpint.dll
FF - plugin: c:\documents and settings\Keng\Application Data\Mozilla\Firefox\Profiles\m55pyhqo.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Dyyno\Dyyno Player\npvlc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----
 .

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 13:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0
Running malware
 
Code: 
**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Keng\LOCALS~1\Temp\NOD1E3.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-57989841-796845957-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E24CF46-9924-3ED8-1B26-30EAF106450A}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hapjofeajidkhibb"=hex:61,61,00,7c
"japjofeajidkhibbdcgg"=hex:63,61,6d,6c,6d,69,00,7c
"pahnjaojmdehlohpanamkoefdcnlemig"=hex:65,61,61,70,6a,6c,61,6f,6b,6b,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):26,3a,b1,cd,6e,5e,53,a5,1e,6a,1d,ad,de,77,13,4c,be,32,01,5a,d2,
   aa,c6,3b,b6,92,7d,96,31,94,c4,c6,be,43,1e,e1,93,c9,c2,ab,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b81495a6-bdd5-47e9-b407-80bc23dbdbcc}]
@Denied: (Full) (Everyone)
"Model"=dword:0000001e
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
   38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(524)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1508)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\rundll32.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-15 13:35 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-15 20:35

Pre-Run: 89,601,056,768 bytes free
Post-Run: 91,167,830,016 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

299	--- E O F ---	2009-07-15 17:02
Second half of it
Code: 
Malwarebytes' Anti-Malware 1.38
Database version: 2389
Windows 5.1.2600 Service Pack 3

7/15/2009 1:43:27 PM
mbam-log-2009-07-15 (13-43-27).txt

Scan type: Quick Scan
Objects scanned: 87629
Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Hijack
Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:28 PM, on 7/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Fraps\fraps.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101676&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101664&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [My] C:\WINDOWS\host.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6142 bytes
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
C
Hacked by malware
2
Replies
10
Views
9K
PP Mguire
PP Mguire
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom