Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log


  • Please log in to reply
12 replies to this topic

#1 Aaron G

Aaron G

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 06 February 2008 - 02:27 AM

This is my HighjackThis log. Can you help me to get my system running better? I am including my process list also.

Attached File  hijackthis.log   7.68KB   18 downloads
Attached File  processlist.txt   4.23KB   4 downloads

Thank you,
Aaron

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 09 February 2008 - 07:27 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Aaron G
My name is Richie and i'll be helping you to fix your problems.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image

#3 Aaron G

Aaron G
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 13 February 2008 - 08:16 PM

My system runs at half speed from 2 months ago. I have not put any new programs besides the ones you requestd.

Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:15:44 PM, on 2/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7239 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 13 February 2008 - 08:34 PM

It appears you've no virus protection installed.
Please download/install Avira AntiVir Personal Edition Classic[Free]:
http://www.free-av.com/
Perform a full scan with Avira and allow it to delete everything it detects.
Restart your pc when you've done.
After restart,open Avira Antivirus and select "Reports".
Then double click the report from the full scan you have just completed.
Click the "Report File" button,then copy and paste the report into your next reply.


Please disable UAC [User Account Control].
1. Click Start and then click the picture at the top of the right column on the Start menu,this opens the User Accounts Control Panel.
2. Click Turn User Account Control on or off,you will have to respond to a UAC prompt to complete this action.
3. Clear the Use User Account Control (UAC) to help protect your computer check box and click OK.
4. Click Restart Now when prompted,after your computer restarts,UAC will be off.
You can repeat these steps to re-enable UAC,just click to select the check box in Step 3 when we've finished.


Download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop


Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#5 Aaron G

Aaron G
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 13 February 2008 - 11:09 PM

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:38 PM, on 2/13/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7469 bytes


combofix log:
ComboFix 08-02-14.1 - Aaron 2008-02-13 23:02:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1296 [GMT -5:00]
Running from: C:\Users\Aaron\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\x64

----- BITS: Possible infected sites -----

hxxp://resources.zune.net
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-24 12:04 . 2007-01-23 08:12 155,648 --a------ C:\Windows\System32\igfxres.dll
2008-02-24 12:03 . 2007-05-08 05:14 <DIR> d-------- C:\Windows\sonysys
2008-02-24 12:03 . 2007-02-24 14:08 180 --a------ C:\Windows\system\ykrp.com
2008-02-24 11:59 . 2008-02-24 11:59 <DIR> d-------- C:\Program Files\Apoint
2008-02-24 11:59 . 2007-01-23 09:00 509,440 --a------ C:\Windows\System32\drivers\athr.sys
2008-02-24 11:59 . 2007-02-01 01:37 27,520 --a------ C:\Windows\System32\drivers\SonyNC.sys
2008-02-24 11:59 . 2008-02-24 11:59 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
2008-02-24 11:58 . 2006-11-13 08:33 1,418,720 --a------ C:\Windows\System32\WdfCoinstaller01001.dll
2008-02-24 11:58 . 2006-11-13 08:32 140,800 --a------ C:\Windows\System32\drivers\Apfiltr.sys
2008-02-24 11:58 . 2006-11-13 08:33 99,630 --a------ C:\Windows\System32\Vxdif.dll
2008-02-24 11:57 . 2006-11-13 22:07 986,624 --a------ C:\Windows\System32\drivers\HSX_DPV.sys
2008-02-24 11:57 . 2007-02-08 08:27 807,424 --a------ C:\Windows\System32\drivers\ti21sony.sys
2008-02-24 11:57 . 2006-11-13 22:07 659,968 --a------ C:\Windows\System32\drivers\HSX_CNXT.sys
2008-02-24 11:57 . 2006-11-13 22:07 386,560 --a------ C:\Windows\System32\drivers\XAudio.exe
2008-02-24 11:57 . 2006-11-13 22:07 206,848 --a------ C:\Windows\System32\drivers\HSXHWAZL.sys
2008-02-24 11:57 . 2006-11-13 22:07 159,744 --a------ C:\Windows\System32\Uci32112.dll
2008-02-24 11:57 . 2006-11-13 22:07 140,914 --a------ C:\Windows\System32\drivers\SnyHDAN.cty
2008-02-24 11:57 . 2006-11-13 22:07 94,208 --a------ C:\Windows\System32\mdmxsdk.dll
2008-02-24 11:57 . 2006-11-13 22:07 12,672 --a------ C:\Windows\System32\drivers\mdmxsdk.sys
2008-02-24 11:57 . 2006-11-13 22:07 8,192 --a------ C:\Windows\System32\drivers\XAudio.sys
2008-02-24 11:55 . 2007-01-29 08:03 195,072 --a------ C:\Windows\System32\drivers\yk60x86.sys
2008-02-24 11:37 . 2008-02-24 11:37 <DIR> d-------- C:\Windows\System32\RTCOM
2008-02-24 11:37 . 2007-02-05 08:22 4,317,184 --a------ C:\Windows\RtHDVCpl.exe
2008-02-24 11:37 . 2007-02-05 08:22 1,668,456 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-02-24 11:37 . 2007-02-05 08:23 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-02-24 11:37 . 2007-02-05 08:22 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-02-24 11:37 . 2007-02-05 08:23 489,472 --a------ C:\Windows\System32\RtkPgExt.dll
2008-02-24 11:37 . 2007-02-05 08:23 339,968 --a------ C:\Windows\System32\SRSTSXT.dll
2008-02-24 11:37 . 2007-02-05 08:23 135,168 --a------ C:\Windows\System32\SRSWOW.dll
2008-02-24 11:37 . 2007-02-05 08:23 17,408 --a------ C:\Windows\System32\RtkCoInst.dll
2008-02-24 11:36 . 2007-02-05 08:23 1,814,016 --a------ C:\Windows\System32\RtkAPO.dll
2008-02-24 11:28 . 2007-08-14 15:40 <DIR> d-------- C:\Windows\Debug
2008-02-24 11:25 . 2006-11-02 04:53 438,840 -rahs---- C:\bootmgr
2008-02-24 11:25 . 2008-02-24 11:25 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-02-24 11:24 . 2007-02-24 12:35 <DIR> d-------- C:\Windows\DRIVERS
2008-02-24 11:24 . 2007-02-23 15:16 57,656 -ra------ C:\Windows\System32\OEMLOGO.BMP
2008-02-24 11:24 . 2007-02-23 15:16 869 -ra------ C:\Windows\System32\MEDIA_CENTER_VAIO.PNG
2008-02-24 11:24 . 2007-05-07 19:12 863 --a------ C:\Windows\System32\SNYINST.OEM
2008-02-14 01:10 . 2006-11-02 04:52 940,648 --a------ C:\Windows\System32\winload.exe
2008-02-14 01:10 . 2006-11-02 04:52 902,248 --a------ C:\Windows\System32\winresume.exe
2008-02-13 22:23 . 2008-02-13 22:23 <DIR> d-------- C:\ProgramData\Avira
2008-02-13 22:23 . 2008-02-13 22:23 <DIR> d-------- C:\Program Files\Avira
2008-02-13 18:05 . 2008-02-13 18:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-13 18:03 . 2008-02-13 18:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 17:58 . 2008-02-13 18:54 <DIR> d-------- C:\Windows\BDOSCAN8
2008-02-13 17:56 . 2008-02-13 17:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 07:39 . 2008-02-13 07:39 <DIR> d-------- C:\Program Files\Creative
2008-02-12 20:51 . 2008-02-12 20:51 <DIR> d-------- C:\Windows\Sun
2008-02-11 19:04 . 2008-02-11 19:04 <DIR> d-------- C:\Click to DVD 2
2008-02-10 01:07 . 2008-02-10 01:07 <DIR> dr------- C:\Users\Public\Videos
2008-02-10 01:07 . 2008-02-10 01:07 <DIR> dr------- C:\Users\Public\Pictures
2008-02-10 01:07 . 2008-02-10 01:07 <DIR> dr------- C:\Users\Public\Music
2008-02-08 15:33 . 2008-02-09 13:11 <DIR> dr------- C:\Users\Public\Documents
2008-02-08 15:11 . 2008-02-08 15:54 <DIR> d-------- C:\Program Files\BitLord2
2008-02-08 05:01 . 2008-02-08 05:02 <DIR> d-------- C:\getservice
2008-02-07 18:12 . 2008-02-07 18:21 <DIR> d-------- C:\Program Files\Uniblue
2008-02-07 18:04 . 2008-02-07 18:04 <DIR> d-------- C:\ProgramData\WinZip
2008-02-07 17:27 . 2008-02-07 17:28 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-06 04:23 . 2003-08-29 23:51 156,160 --a------ C:\Windows\System32\unrar3.dll
2008-02-06 04:23 . 2003-08-29 23:52 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-02-06 04:03 . 2008-02-07 18:13 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\BitTorrent
2008-02-06 03:43 . 2008-02-06 03:43 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Simply Super Software
2008-02-06 03:43 . 2008-02-06 03:43 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-02-06 02:59 . 2008-02-06 02:59 <DIR> d-------- C:\Program Files\VistaFirewallControl
2008-02-06 02:02 . 2008-02-06 02:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-04 19:46 . 2008-02-04 19:56 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Uniblue
2008-02-04 19:28 . 2008-02-04 19:39 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Smart PC Solutions
2008-02-04 01:14 . 2008-02-04 01:14 <DIR> d-------- C:\Windows\Intuit
2008-01-29 22:45 . 2008-01-29 22:45 398,848 --a------ C:\Windows\System32\AudioEng.dll
2008-01-29 22:45 . 2008-01-29 22:45 310,272 --a------ C:\Windows\System32\audiosrv.dll
2008-01-29 22:45 . 2008-01-29 22:45 273,408 --a------ C:\Windows\System32\AUDIOKSE.dll
2008-01-29 22:45 . 2008-01-29 22:45 169,984 --a------ C:\Windows\System32\EncDump.dll
2008-01-29 22:45 . 2008-01-29 22:45 115,712 --a------ C:\Windows\System32\AudioSes.dll
2008-01-29 22:45 . 2008-01-29 22:45 88,064 --a------ C:\Windows\System32\audiodg.exe
2008-01-23 23:06 . 2008-01-23 23:41 248 --a------ C:\Windows\System32\systemdrv32.aso
2008-01-23 00:44 . 2008-02-05 02:06 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-23 00:44 . 2008-01-23 00:44 1,409 --a------ C:\Windows\QTFont.for
2008-01-16 00:48 . 2008-02-11 19:02 <DIR> d-------- C:\Program Files\PokerStars.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 00:59 --------- d-----w C:\Program Files\Windows Sidebar

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 14 February 2008 - 04:32 AM

Could you post the entire contents of C:\Combofix.txt please.
Posted Image
Posted Image

#7 Aaron G

Aaron G
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 14 February 2008 - 02:08 PM

I am sorry. I did not check it before I sent the reply



ComboFix 08-02-14.1 - Aaron 2008-02-13 23:02:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1296 [GMT -5:00]
Running from: C:\Users\Aaron\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\x64

----- BITS: Possible infected sites -----

hxxp://resources.zune.net
.
((((((((((((((((((((((((( Files Created from 2008-01-14 to 2008-02-14 )))))))))))))))))))))))))))))))
.

2008-02-24 12:04 . 2007-01-23 08:12 155,648 --a------ C:\Windows\System32\igfxres.dll
2008-02-24 12:03 . 2007-05-08 05:14 <DIR> d-------- C:\Windows\sonysys
2008-02-24 12:03 . 2007-02-24 14:08 180 --a------ C:\Windows\system\ykrp.com
2008-02-24 11:59 . 2008-02-24 11:59 <DIR> d-------- C:\Program Files\Apoint
2008-02-24 11:59 . 2007-01-23 09:00 509,440 --a------ C:\Windows\System32\drivers\athr.sys
2008-02-24 11:59 . 2007-02-01 01:37 27,520 --a------ C:\Windows\System32\drivers\SonyNC.sys
2008-02-24 11:59 . 2008-02-24 11:59 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
2008-02-24 11:58 . 2006-11-13 08:33 1,418,720 --a------ C:\Windows\System32\WdfCoinstaller01001.dll
2008-02-24 11:58 . 2006-11-13 08:32 140,800 --a------ C:\Windows\System32\drivers\Apfiltr.sys
2008-02-24 11:58 . 2006-11-13 08:33 99,630 --a------ C:\Windows\System32\Vxdif.dll
2008-02-24 11:57 . 2006-11-13 22:07 986,624 --a------ C:\Windows\System32\drivers\HSX_DPV.sys
2008-02-24 11:57 . 2007-02-08 08:27 807,424 --a------ C:\Windows\System32\drivers\ti21sony.sys
2008-02-24 11:57 . 2006-11-13 22:07 659,968 --a------ C:\Windows\System32\drivers\HSX_CNXT.sys
2008-02-24 11:57 . 2006-11-13 22:07 386,560 --a------ C:\Windows\System32\drivers\XAudio.exe
2008-02-24 11:57 . 2006-11-13 22:07 206,848 --a------ C:\Windows\System32\drivers\HSXHWAZL.sys
2008-02-24 11:57 . 2006-11-13 22:07 159,744 --a------ C:\Windows\System32\Uci32112.dll
2008-02-24 11:57 . 2006-11-13 22:07 140,914 --a------ C:\Windows\System32\drivers\SnyHDAN.cty
2008-02-24 11:57 . 2006-11-13 22:07 94,208 --a------ C:\Windows\System32\mdmxsdk.dll
2008-02-24 11:57 . 2006-11-13 22:07 12,672 --a------ C:\Windows\System32\drivers\mdmxsdk.sys
2008-02-24 11:57 . 2006-11-13 22:07 8,192 --a------ C:\Windows\System32\drivers\XAudio.sys
2008-02-24 11:55 . 2007-01-29 08:03 195,072 --a------ C:\Windows\System32\drivers\yk60x86.sys
2008-02-24 11:37 . 2008-02-24 11:37 <DIR> d-------- C:\Windows\System32\RTCOM
2008-02-24 11:37 . 2007-02-05 08:22 4,317,184 --a------ C:\Windows\RtHDVCpl.exe
2008-02-24 11:37 . 2007-02-05 08:22 1,668,456 --a------ C:\Windows\System32\drivers\RTKVHDA.sys
2008-02-24 11:37 . 2007-02-05 08:23 1,191,936 --a------ C:\Windows\RtlUpd.exe
2008-02-24 11:37 . 2007-02-05 08:22 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl
2008-02-24 11:37 . 2007-02-05 08:23 489,472 --a------ C:\Windows\System32\RtkPgExt.dll
2008-02-24 11:37 . 2007-02-05 08:23 339,968 --a------ C:\Windows\System32\SRSTSXT.dll
2008-02-24 11:37 . 2007-02-05 08:23 135,168 --a------ C:\Windows\System32\SRSWOW.dll
2008-02-24 11:37 . 2007-02-05 08:23 17,408 --a------ C:\Windows\System32\RtkCoInst.dll
2008-02-24 11:36 . 2007-02-05 08:23 1,814,016 --a------ C:\Windows\System32\RtkAPO.dll
2008-02-24 11:28 . 2007-08-14 15:40 <DIR> d-------- C:\Windows\Debug
2008-02-24 11:25 . 2006-11-02 04:53 438,840 -rahs---- C:\bootmgr
2008-02-24 11:25 . 2008-02-24 11:25 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-02-24 11:24 . 2007-02-24 12:35 <DIR> d-------- C:\Windows\DRIVERS
2008-02-24 11:24 . 2007-02-23 15:16 57,656 -ra------ C:\Windows\System32\OEMLOGO.BMP
2008-02-24 11:24 . 2007-02-23 15:16 869 -ra------ C:\Windows\System32\MEDIA_CENTER_VAIO.PNG
2008-02-24 11:24 . 2007-05-07 19:12 863 --a------ C:\Windows\System32\SNYINST.OEM
2008-02-14 01:10 . 2006-11-02 04:52 940,648 --a------ C:\Windows\System32\winload.exe
2008-02-14 01:10 . 2006-11-02 04:52 902,248 --a------ C:\Windows\System32\winresume.exe
2008-02-13 22:23 . 2008-02-13 22:23 <DIR> d-------- C:\ProgramData\Avira
2008-02-13 22:23 . 2008-02-13 22:23 <DIR> d-------- C:\Program Files\Avira
2008-02-13 18:05 . 2008-02-13 18:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-13 18:03 . 2008-02-13 18:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 17:58 . 2008-02-13 18:54 <DIR> d-------- C:\Windows\BDOSCAN8
2008-02-13 17:56 . 2008-02-13 17:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-13 07:39 . 2008-02-13 07:39 <DIR> d-------- C:\Program Files\Creative
2008-02-12 20:51 . 2008-02-12 20:51 <DIR> d-------- C:\Windows\Sun
2008-02-11 19:04 . 2008-02-11 19:04 <DIR> d-------- C:\Click to DVD 2
2008-02-10 01:07 . 2008-02-10 01:07 <DIR> dr------- C:\Users\Public\Videos
2008-02-10 01:07 . 2008-02-10 01:07 <DIR> dr------- C:\Users\Public\Pictures
2008-02-10 01:07 . 2008-02-10 01:07 <DIR> dr------- C:\Users\Public\Music
2008-02-08 15:33 . 2008-02-09 13:11 <DIR> dr------- C:\Users\Public\Documents
2008-02-08 15:11 . 2008-02-08 15:54 <DIR> d-------- C:\Program Files\BitLord2
2008-02-08 05:01 . 2008-02-08 05:02 <DIR> d-------- C:\getservice
2008-02-07 18:12 . 2008-02-07 18:21 <DIR> d-------- C:\Program Files\Uniblue
2008-02-07 18:04 . 2008-02-07 18:04 <DIR> d-------- C:\ProgramData\WinZip
2008-02-07 17:27 . 2008-02-07 17:28 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-02-06 04:23 . 2003-08-29 23:51 156,160 --a------ C:\Windows\System32\unrar3.dll
2008-02-06 04:23 . 2003-08-29 23:52 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-02-06 04:03 . 2008-02-07 18:13 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\BitTorrent
2008-02-06 03:43 . 2008-02-06 03:43 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Simply Super Software
2008-02-06 03:43 . 2008-02-06 03:43 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-02-06 02:59 . 2008-02-06 02:59 <DIR> d-------- C:\Program Files\VistaFirewallControl
2008-02-06 02:02 . 2008-02-06 02:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-04 19:46 . 2008-02-04 19:56 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Uniblue
2008-02-04 19:28 . 2008-02-04 19:39 <DIR> d-------- C:\Users\Aaron\AppData\Roaming\Smart PC Solutions
2008-02-04 01:14 . 2008-02-04 01:14 <DIR> d-------- C:\Windows\Intuit
2008-01-29 22:45 . 2008-01-29 22:45 398,848 --a------ C:\Windows\System32\AudioEng.dll
2008-01-29 22:45 . 2008-01-29 22:45 310,272 --a------ C:\Windows\System32\audiosrv.dll
2008-01-29 22:45 . 2008-01-29 22:45 273,408 --a------ C:\Windows\System32\AUDIOKSE.dll
2008-01-29 22:45 . 2008-01-29 22:45 169,984 --a------ C:\Windows\System32\EncDump.dll
2008-01-29 22:45 . 2008-01-29 22:45 115,712 --a------ C:\Windows\System32\AudioSes.dll
2008-01-29 22:45 . 2008-01-29 22:45 88,064 --a------ C:\Windows\System32\audiodg.exe
2008-01-23 23:06 . 2008-01-23 23:41 248 --a------ C:\Windows\System32\systemdrv32.aso
2008-01-23 00:44 . 2008-02-05 02:06 54,156 --ah----- C:\Windows\QTFont.qfn
2008-01-23 00:44 . 2008-01-23 00:44 1,409 --a------ C:\Windows\QTFont.for
2008-01-16 00:48 . 2008-02-11 19:02 <DIR> d-------- C:\Program Files\PokerStars.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-14 00:59 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-13 23:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-13 23:07 --------- d-----w C:\ProgramData\Lavasoft
2008-02-13 12:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 21:26 --------- d-----w C:\Program Files\Microsoft Works
2008-02-08 21:22 192 ----a-w C:\Users\Aaron\AppData\Roaming\wklnhst.dat
2008-02-08 20:56 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-08 20:56 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-08 20:39 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-02-07 23:13 --------- d-----w C:\ProgramData\Sonic
2008-02-07 21:54 --------- d-----w C:\Program Files\MSN Messenger
2008-02-04 06:13 --------- d-----w C:\Program Files\Common Files\Intuit
2008-02-04 06:09 87,608 ----a-w C:\Users\Aaron\AppData\Roaming\ezpinst.exe
2008-02-04 06:09 47,360 ----a-w C:\Users\Aaron\AppData\Roaming\pcouffin.sys
2008-02-04 06:09 --------- d-----w C:\Users\Aaron\AppData\Roaming\Vso
2008-02-04 05:32 --------- d-----w C:\Program Files\Zune
2008-01-15 17:31 --------- d-----w C:\Program Files\Java
2008-01-11 22:54 245,664 ----a-w C:\Windows\System32\ZuneWlanCfgSvc.exe
2008-01-11 22:39 70,656 ----a-w C:\Windows\System32\ZuneIpTransport.dll
2008-01-11 22:39 62,464 ----a-w C:\Windows\System32\ZuneUsbTransport.dll
2008-01-11 22:39 35,840 ----a-w C:\Windows\System32\ZuneUsbCOnnection.dll
2008-01-11 22:39 145,408 ----a-w C:\Windows\System32\ZuneMTPZ.dll
2008-01-10 02:42 --------- d-----w C:\Users\Aaron\AppData\Roaming\Corel
2008-01-09 20:01 53,248 ----a-w C:\Windows\bdoscandel.exe
2008-01-05 00:47 --------- d-----w C:\Users\Aaron\AppData\Roaming\Roxio
2008-01-04 19:31 --------- d-----w C:\ProgramData\Sony Corporation
2007-12-30 05:45 --------- d-----w C:\ProgramData\Intuit
2007-12-25 16:55 --------- d-----w C:\Users\Aaron\AppData\Roaming\InterVideo
2007-12-24 20:24 --------- d-----w C:\Users\Aaron\AppData\Roaming\Sony Corporation
2007-12-24 03:05 --------- d-----w C:\Users\Aaron\AppData\Roaming\LimeWire
2007-12-24 03:04 374 ----a-w C:\Users\Aaron\AppData\Roaming\internaldb6334.dat
2007-12-24 03:01 555 ----a-w C:\Users\Aaron\AppData\Roaming\internaldb8467.dat
2007-12-24 03:01 18,432 ----a-w C:\Users\Aaron\AppData\Roaming\internaldb41.dat
2007-12-22 18:28 --------- d-----w C:\ProgramData\HP
2007-12-22 18:02 --------- d-----w C:\Users\Aaron\AppData\Roaming\HP
2007-12-22 18:00 --------- d-----w C:\Users\Aaron\AppData\Roaming\Printer Info Cache
2007-12-22 18:00 --------- d-----w C:\Users\Aaron\AppData\Roaming\Image Zone Express
2007-12-22 17:53 --------- d-----w C:\Program Files\HP_Vista_SF_Ph1
2007-12-22 17:32 --------- d-----w C:\ProgramData\Hewlett-Packard
2007-12-18 04:17 --------- d-----w C:\Users\Aaron\AppData\Roaming\Creative
2007-12-18 04:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 16:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-13 00:52 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 00:52 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 00:52 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 00:51 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 00:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 00:51 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 00:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 00:49 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 00:49 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-05-08 09:51 1,132,112 ----a-w C:\ProgramData\pswi_preloaded.exe
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]
"VistaFirewallControl"="C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe" [2008-01-24 13:55 688128]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-13 22:26 249896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2007-02-13 18:19 98304 C:\Windows\System32\VESWinlogon.dll

R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R2 VistaFirewallService;VistaFirewallService;"C:\Program Files\VistaFirewallControl\VistaFirewallService.exe" [2008-01-24 13:54]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-13 22:07]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-01-23 09:00]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-01-23 08:12]
R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-02-08 08:27]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-01-29 08:03]
S3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-24 01:00]
S3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2007-08-07 01:03]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 18:51]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);"C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" []
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-01-16 16:05]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\Windows\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 22:47:44 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-05 00:56:36 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-14 03:56:15 C:\Windows\Tasks\Vaio Service Utility.job"
- C:\Program Files\Sony\Vaio Service Utility\VAIO-SU.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 23:04:00
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 23:04:39
ComboFix-quarantined-files.txt 2008-02-14 04:04:38
.
2008-02-14 00:49:45 --- E O F ---

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 14 February 2008 - 04:10 PM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

Exit Hijackthis.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.


Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u4'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Click Start and choose Control Panel:
- In Control Panel double click on the "Programs and Features" icon.
- Here you can find all the programs and items which are installed in Windows Vista.
- Now remove all older versions of Sun Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#9 Aaron G

Aaron G
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 February 2008 - 03:55 PM

computer is running great!


superantispyware log:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/17/2008 at 03:48 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:48:34

Memory items scanned : 626
Memory threats detected : 0
Registry items scanned : 7671
Registry threats detected : 0
File items scanned : 60150
File threats detected : 0

hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:54:22 PM, on 2/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [VistaFirewallControl] C:\Program Files\VistaFirewallControl\VistaFirewallControl.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/instal...osticsVista.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VistaFirewallService - Sphinx Software - C:\Program Files\VistaFirewallControl\VistaFirewallService.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7468 bytes

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 17 February 2008 - 04:09 PM

Your log is clean :thumbsup: ,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore again.

Posted Image

Now please enable UAC by following the instructions i posted earlier in this topic.

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm

Hardening Windows Security - Part 1:
http://www.malwarehelp.org/Malware-Prevent...-Security1.html

Hardening Windows Security - Part 2:
http://www.malwarehelp.org/malware-prevent...-security2.html
Posted Image
Posted Image

#11 Aaron G

Aaron G
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 February 2008 - 04:35 PM

Thank you for all the help. I do have 2 issues now that were not there.

1. My DVD drive is missing. I went to device manager and it says a driver issue but cant update the driver.

2. When I try to open IE I get the following error:
Cannot find '::{2559A1F4-21D7-11D4-BDAF-00C04F60B9FO}'. Make sure the path or Internet address is correct.


OK

When I press ok it works fine.

Aaron

#12 Aaron G

Aaron G
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 17 February 2008 - 05:17 PM

IE problem is fixed.
Still no DVD

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 17 February 2008 - 06:13 PM

First of all you need to backup the registry.
How to back up and restore the registry in Windows XP and Windows Vista:
http://support.microsoft.com/kb/322756

You now need to delete the UpperFilters and LowerFilters values from within the registry.
The CD drive or the DVD drive does not work as expected on a computer that you upgraded to Windows Vista:
http://support.microsoft.com/kb/929461
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users