Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Browser And Explorer.exe Issues


  • This topic is locked This topic is locked
10 replies to this topic

#1 Tabu34

Tabu34

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 02 April 2008 - 05:30 PM

I am pretty sure that there is something wrong with my computer. My internet browsers do not load pages most of the time and when they do it loads very slowly. This problem has come up in the last week. Also, explorer.exe doesn't start when I boot up my computer, I have to do it manually. I run McAffee virus scanner often, and have its firewall running as well as windows firewall, and I am through a router. I am not sure what to do, but I was told by a friend to come to one of these forums and get a HijackThis log analyzed. I hope you can help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:23:34 PM, on 4/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Steam\Steam.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Charles\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BMbffd2e60] Rundll32.exe "C:\WINDOWS\system32\qougrjtj.dll",s
O4 - HKLM\..\Run: [bcce1dfc] rundll32.exe "C:\WINDOWS\system32\smjyhftu.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 7342 bytes

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:37 PM

Posted 03 April 2008 - 09:22 AM

Hello and welcome to BleepingComputer. :thumbsup:

Please follow the instructions for running ComboFix here and post back with it's log once finished.

Cheers.
Hi there, stranger!

#3 Tabu34

Tabu34
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 April 2008 - 04:23 PM

ComboFix 08-04-03.3 - Charles 2008-04-03 17:09:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1472 [GMT -4:00]
Running from: C:\Documents and Settings\Charles\Desktop\ComboFix.exe
* Resident AV is active

.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMbffd2e60.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dhdtrnks.dll
C:\WINDOWS\system32\efcyaww.dll
C:\WINDOWS\system32\frdiknhn.dll
C:\WINDOWS\system32\hjkmp.ini
C:\WINDOWS\system32\hjkmp.ini2
C:\WINDOWS\system32\lcccbhwr.dll
C:\WINDOWS\system32\nvaaxqbu.ini
C:\WINDOWS\system32\ocfjtsqa.dll
C:\WINDOWS\system32\pmkjh.dll
C:\WINDOWS\system32\qougrjtj.dll
C:\WINDOWS\system32\smjyhftu.dll
C:\WINDOWS\system32\tdkjxxoe.dll
C:\WINDOWS\system32\ubqxaavn.dll
C:\WINDOWS\system32\utfhyjms.ini
.
---- Previous Run -------
.
C:\WINDOWS\pskt.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-03-31 21:45 . 2008-04-01 15:29 <DIR> d-------- C:\Program Files\HLSW
2008-03-31 21:45 . 2008-04-01 15:29 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\HLSW
2008-03-31 16:13 . 2008-04-01 15:46 1,599,406 ---hs---- C:\WINDOWS\system32\njdcifxk.ini
2008-03-30 23:53 . 2008-03-30 23:53 <DIR> d-------- C:\Program Files\TAGAP
2008-03-30 22:56 . 2008-03-30 22:56 <DIR> d-------- C:\Logs
2008-03-30 16:13 . 2008-03-31 15:16 1,583,877 ---hs---- C:\WINDOWS\system32\nkwodolu.ini
2008-03-29 18:41 . 2008-03-29 18:41 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-29 18:13 . 2008-03-29 18:53 <DIR> d-------- C:\Program Files\Grand Chase
2008-03-29 16:20 . 2008-03-30 16:13 1,583,757 ---hs---- C:\WINDOWS\system32\ocibqonf.ini
2008-03-27 17:10 . 2008-03-27 17:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-26 21:35 . 2008-03-26 22:57 <DIR> d-------- C:\Program Files\Mount&Blade
2008-03-26 18:24 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\P2kCommander-V4.9.C
2008-03-25 22:43 . 2008-03-25 22:44 <DIR> d-------- C:\Program Files\ROM CHECK FAIL
2008-03-23 22:54 . 2008-03-23 22:54 68,096 --a------ C:\WINDOWS\ScUnin.exe
2008-03-23 22:54 . 2008-03-23 22:54 12,072 --a------ C:\WINDOWS\scunin.dat
2008-03-23 22:54 . 2008-03-23 22:54 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-23 10:35 . 2008-03-27 17:52 <DIR> d-------- C:\Program Files\NavyFIELD
2008-03-23 10:35 . 2008-03-27 18:09 <DIR> d-------- C:\Program Files\ENFUNS Updater
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 3,142 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 3,096 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 3,050 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 2,976 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 2,832 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2008-03-22 21:44 . 2008-03-22 21:44 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-03-22 21:44 . 2008-03-22 21:44 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2008-03-22 21:44 . 2008-03-22 21:44 13,270 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-03-22 21:44 . 2008-03-22 21:44 8,446 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2008-03-22 18:03 . 2008-03-22 18:03 <DIR> d-------- C:\WINDOWS\_ISTMP2.DIR
2008-03-22 18:03 . 2008-03-22 18:03 <DIR> d-------- C:\Program Files\Print Server
2008-03-22 18:03 . 2003-04-08 11:13 49,152 --a------ C:\WINDOWS\system32\PRTSERV.dll
2008-03-22 14:16 . 2008-03-25 23:04 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\Hamachi
2008-03-22 14:15 . 2008-03-22 14:16 <DIR> d-------- C:\Program Files\Hamachi
2008-03-22 14:15 . 2008-03-22 14:15 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-22 01:09 . 2008-03-31 15:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 01:09 . 2008-03-22 01:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-21 10:21 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\Quake III Arena
2008-03-21 10:21 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\Quake
2008-03-21 10:21 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\DOOM & DOOM 2
2008-03-21 10:19 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-21 10:19 . 2008-03-21 10:19 <DIR> d-------- C:\Program Files\Warcraft 2
2008-03-21 10:19 . 2008-03-21 10:19 <DIR> d-------- C:\Program Files\Warcraft
2008-03-21 10:19 . 2008-03-21 10:48 <DIR> d-------- C:\Program Files\Total Annihilation
2008-03-21 10:18 . 2008-03-21 10:20 <DIR> d-------- C:\Program Files\AvP2
2008-03-21 10:17 . 2008-03-24 11:11 <DIR> d-------- C:\Program Files\Starcraft
2008-03-21 10:17 . 2008-03-21 10:30 <DIR> d-------- C:\Program Files\Defcon
2008-03-21 10:15 . 1994-11-01 02:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-03-21 10:15 . 1994-11-01 02:00 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2008-03-21 10:09 . 2008-03-21 10:11 <DIR> d-------- C:\Program Files\Command and Conquer Red Alert 2
2008-03-20 15:44 . 2008-03-20 15:44 <DIR> d-------- C:\SPACE
2008-03-20 15:44 . 2008-03-20 15:44 26,112 --a------ C:\WINDOWS\WAVEMIX.DLL
2008-03-20 15:44 . 2008-03-20 15:44 21,008 --a------ C:\WINDOWS\CTL3D.DLL
2008-03-20 15:44 . 2008-03-20 15:44 2,552 --a------ C:\WINDOWS\WAVEMIX.INI
2008-03-20 15:44 . 2008-03-20 17:44 799 --a------ C:\WINDOWS\INSPACE.INI
2008-03-20 15:44 . 2008-03-20 15:44 30 --a------ C:\WINDOWS\INSPACE.BAK
2008-03-14 18:28 . 2008-03-14 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CCP
2008-03-13 19:06 . 2008-03-13 19:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 18:58 . 2008-03-22 13:42 <DIR> d-------- C:\Program Files\EVE Online
2008-03-11 21:51 . 2008-03-11 21:51 <DIR> d-------- C:\Program Files\Legacy Launcher
2008-03-11 16:37 . 2008-03-11 16:37 615 --a------ C:\WINDOWS\eReg.dat
2008-03-11 16:26 . 2008-03-22 14:06 <DIR> d-------- C:\Program Files\Command and Conquer Generals
2008-03-09 12:23 . 2008-03-31 15:59 <DIR> d-------- C:\Program Files\Photoshop 7.0
2008-03-09 12:23 . 2008-03-09 12:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-09 12:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-08 23:45 . 2008-03-08 23:45 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-08 23:45 . 2008-03-08 23:45 <DIR> d-------- C:\Program Files\SmartFTP Client
2008-03-08 23:45 . 2008-03-08 23:45 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\SmartFTP
2008-03-08 00:17 . 2008-03-21 20:16 <DIR> d-------- C:\Program Files\VentSrv
2008-03-07 20:17 . 2008-03-07 20:20 <DIR> d-------- C:\ROMS
2008-03-07 20:16 . 2008-03-07 20:17 <DIR> d-------- C:\EMULATORS
2008-03-06 22:17 . 2008-03-06 22:19 <DIR> d-------- C:\Program Files\Xvid
2008-03-06 22:17 . 2007-06-28 19:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-06 20:55 . 2008-03-06 20:55 <DIR> d-------- C:\WINDOWS\nview
2008-03-06 20:55 . 2008-03-06 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-06 20:49 . 2008-03-06 20:51 <DIR> d-------- C:\WINDOWS\nview(2)
2008-03-06 20:49 . 2008-03-22 21:43 164,081 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-06 20:49 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-03-06 20:49 . 2007-12-05 02:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-06 19:11 . 2008-03-06 20:55 <DIR> d-------- C:\WINDOWS\NV50805176.TMP
2008-03-05 20:17 . 2008-03-05 20:17 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-03-05 20:10 . 2008-03-05 20:19 <DIR> d-------- C:\Program Files\Crysis
2008-03-03 00:47 . 2008-03-03 00:48 <DIR> d-------- C:\Program Files\Synaesthete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:58 --------- d-----w C:\Program Files\Steam
2008-04-03 20:58 --------- d-----w C:\Documents and Settings\Charles\Application Data\Xfire
2008-04-02 03:57 --------- d-----w C:\Program Files\Java
2008-04-02 01:01 --------- d-----w C:\Program Files\World of Warcraft
2008-04-01 19:19 --------- d-----w C:\Program Files\McAfee
2008-03-28 21:19 --------- d-----w C:\Program Files\Songbird
2008-03-28 02:49 --------- d-----w C:\Program Files\Call of Duty 4 - Modern Warfare
2008-03-27 01:50 --------- d-----w C:\Documents and Settings\Charles\Application Data\uTorrent
2008-03-26 22:21 --------- d-----w C:\Program Files\P2kCommander
2008-03-26 01:24 --------- d-----w C:\Program Files\Xfire
2008-03-24 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 01:47 --------- d-----w C:\Program Files\dBpoweramp
2008-03-22 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 23:26 --------- d-----w C:\Program Files\Company Of Heroes
2008-03-09 03:56 --------- d-----w C:\Program Files\AMX Mod X
2008-03-08 01:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-06 00:18 22,328 ----a-w C:\Documents and Settings\Charles\Application Data\PnkBstrK.sys
2008-02-29 23:10 --------- d-----w C:\Program Files\Fable
2008-02-29 22:57 --------- d-----w C:\Documents and Settings\Charles\Application Data\dBpoweramp
2008-02-29 22:57 --------- d-----w C:\Documents and Settings\Charles\Application Data\AccurateRip
2008-02-29 22:52 --------- d-----w C:\Documents and Settings\Charles\Application Data\Apple Computer
2008-02-29 20:34 --------- d-----w C:\Documents and Settings\Charles\Application Data\Nero8
2008-02-29 20:28 --------- d-----w C:\Documents and Settings\Charles\Application Data\Nero
2008-02-29 20:26 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-29 20:24 --------- d-----w C:\Program Files\Nero
2008-02-29 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-29 01:06 --------- d-----w C:\Program Files\QuickTime
2008-02-29 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-27 03:36 --------- d-----w C:\Program Files\Star Wars Jedi Knight Jedi Academy
2008-02-27 02:42 --------- d-----w C:\Program Files\BOTS
2008-02-27 02:24 --------- d-----w C:\Program Files\Knight Online
2008-02-25 21:04 --------- d-----w C:\Documents and Settings\Charles\Application Data\GarageGames
2008-02-24 20:12 --------- d-----w C:\Program Files\Microsoft Games
2008-02-24 20:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-24 04:18 --------- d-----w C:\Program Files\Lunia
2008-02-23 21:03 --------- d-----w C:\Program Files\Audiosurf
2008-02-21 04:13 --------- d-----w C:\Program Files\Haali
2008-02-21 04:13 --------- d-----w C:\Program Files\doubleTwist
2008-02-21 02:45 --------- d-----w C:\Program Files\Rockstar Games
2008-02-21 00:21 --------- d-----w C:\Program Files\FLV Player
2008-02-20 04:04 --------- d-----w C:\Documents and Settings\Charles\Application Data\Ventrilo
2008-02-19 04:14 --------- d-----w C:\Documents and Settings\Charles\Application Data\mIRC
2008-02-18 20:48 --------- d-----w C:\Program Files\Cheat Engine
2008-02-18 14:23 --------- d-----w C:\Program Files\mIRC
2008-02-15 03:55 --------- d-----w C:\Program Files\Zuma Deluxe
2008-02-14 03:35 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-13 22:42 --------- d-----w C:\Program Files\ToneThis 3.0
2008-02-11 03:30 --------- d-----w C:\Program Files\TI Education
2008-02-11 03:30 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-02-10 17:06 --------- d-----w C:\Documents and Settings\Charles\Application Data\Skype
2008-02-10 17:05 --------- d-----w C:\Documents and Settings\Charles\Application Data\skypePM
2008-02-10 06:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-09 03:50 --------- d-----w C:\Program Files\Motorola
2008-02-09 01:13 --------- d-----w C:\Program Files\BitPim
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-02-09 01:09 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-02-06 23:07 --------- d-----w C:\Program Files\Google
2008-02-06 14:51 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-05 20:39 --------- d-----w C:\Program Files\Skype
2008-02-05 20:32 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 20:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-05 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-04 21:05 --------- d-----w C:\Program Files\Sun
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 08:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-17 12:51 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 15:52 202024]
"P2kAutostart"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 22:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 21:17 8527872]
"nwiz"="nwiz.exe" [2007-10-25 21:17 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 21:17 81920]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 11:16 37376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-10 12:40 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyaww]
efcyaww.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\day of defeat\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\HLServer\\hlds.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\counter-strike\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Dungeon Siege\\DSLOA.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\ricochet\\hl.exe"=
"C:\\Program Files\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Company Of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Command and Conquer Red Alert 2\\GAME.EXE"=
"C:\\Program Files\\Defcon\\defcon.exe"=
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"C:\\Program Files\\Grand Chase\\main.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 15:18]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 05:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:05 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 17:16:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\TortoiseSVN\iconv\_tbl_simple.so
-> C:\Program Files\TortoiseSVN\iconv\windows-1252.so
-> C:\Program Files\TortoiseSVN\iconv\utf-8.so
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-04-03 17:21:27 - machine was rebooted [Charles]
ComboFix-quarantined-files.txt 2008-04-03 21:21:23
Pre-Run: 337,980,674,048 bytes free
Post-Run: 338,098,065,408 bytes free
.
2008-03-11 20:48:44 --- E O F ---

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:37 PM

Posted 03 April 2008 - 04:35 PM

Please open notepad and copy/paste the text in the quotebox into it

File::
C:\WINDOWS\system32\njdcifxk.ini
C:\WINDOWS\system32\nkwodolu.ini
C:\WINDOWS\system32\ocibqonf.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcyaww]


Save it as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

----

Along with the ComboFix log....

Please download Malwarebytes' Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Double-click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • If you have trouble with the update process, please download the latest updates here.
  • Double-click the mbam-rules.exe file on your desktop and let it update the application.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (see extra note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please copy and paste the entire report in your next reply. :thumbsup:
Extra note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Hi there, stranger!

#5 Tabu34

Tabu34
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 April 2008 - 05:00 PM

ComboFix:


ComboFix 08-04-03.3 - Charles 2008-04-03 17:48:27.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1405 [GMT -4:00]
Running from: C:\Documents and Settings\Charles\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Charles\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
C:\WINDOWS\system32\njdcifxk.ini
C:\WINDOWS\system32\nkwodolu.ini
C:\WINDOWS\system32\ocibqonf.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\njdcifxk.ini
C:\WINDOWS\system32\nkwodolu.ini
C:\WINDOWS\system32\ocibqonf.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-03-31 21:45 . 2008-04-01 15:29 <DIR> d-------- C:\Program Files\HLSW
2008-03-31 21:45 . 2008-04-01 15:29 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\HLSW
2008-03-30 23:53 . 2008-03-30 23:53 <DIR> d-------- C:\Program Files\TAGAP
2008-03-30 22:56 . 2008-03-30 22:56 <DIR> d-------- C:\Logs
2008-03-29 18:41 . 2008-03-29 18:41 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-29 18:13 . 2008-03-29 18:53 <DIR> d-------- C:\Program Files\Grand Chase
2008-03-27 17:10 . 2008-03-27 17:10 335 --a------ C:\WINDOWS\mozregistry.dat
2008-03-26 21:35 . 2008-03-26 22:57 <DIR> d-------- C:\Program Files\Mount&Blade
2008-03-26 18:24 . 2008-03-26 18:30 <DIR> d-------- C:\Program Files\P2kCommander-V4.9.C
2008-03-25 22:43 . 2008-03-25 22:44 <DIR> d-------- C:\Program Files\ROM CHECK FAIL
2008-03-23 22:54 . 2008-03-23 22:54 68,096 --a------ C:\WINDOWS\ScUnin.exe
2008-03-23 22:54 . 2008-03-23 22:54 12,072 --a------ C:\WINDOWS\scunin.dat
2008-03-23 22:54 . 2008-03-23 22:54 967 --a------ C:\WINDOWS\ScUnin.pif
2008-03-23 10:35 . 2008-03-27 17:52 <DIR> d-------- C:\Program Files\NavyFIELD
2008-03-23 10:35 . 2008-03-27 18:09 <DIR> d-------- C:\Program Files\ENFUNS Updater
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.bmp
2008-03-22 21:46 . 2008-03-22 21:46 3,142 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 3,096 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 3,050 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 2,976 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-03-22 21:46 . 2008-03-22 21:46 2,832 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2008-03-22 21:44 . 2008-03-22 21:44 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-03-22 21:44 . 2008-03-22 21:44 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.bmp
2008-03-22 21:44 . 2008-03-22 21:44 13,270 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-03-22 21:44 . 2008-03-22 21:44 8,446 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2008-03-22 18:03 . 2008-03-22 18:03 <DIR> d-------- C:\WINDOWS\_ISTMP2.DIR
2008-03-22 18:03 . 2008-03-22 18:03 <DIR> d-------- C:\Program Files\Print Server
2008-03-22 18:03 . 2003-04-08 11:13 49,152 --a------ C:\WINDOWS\system32\PRTSERV.dll
2008-03-22 14:16 . 2008-03-25 23:04 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\Hamachi
2008-03-22 14:15 . 2008-03-22 14:16 <DIR> d-------- C:\Program Files\Hamachi
2008-03-22 14:15 . 2008-03-22 14:15 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-22 01:09 . 2008-03-31 15:58 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-22 01:09 . 2008-03-22 01:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-21 10:21 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\Quake III Arena
2008-03-21 10:21 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\Quake
2008-03-21 10:21 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\DOOM & DOOM 2
2008-03-21 10:19 . 2008-03-21 10:21 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-21 10:19 . 2008-03-21 10:19 <DIR> d-------- C:\Program Files\Warcraft 2
2008-03-21 10:19 . 2008-03-21 10:19 <DIR> d-------- C:\Program Files\Warcraft
2008-03-21 10:19 . 2008-03-21 10:48 <DIR> d-------- C:\Program Files\Total Annihilation
2008-03-21 10:18 . 2008-03-21 10:20 <DIR> d-------- C:\Program Files\AvP2
2008-03-21 10:17 . 2008-03-24 11:11 <DIR> d-------- C:\Program Files\Starcraft
2008-03-21 10:17 . 2008-03-21 10:30 <DIR> d-------- C:\Program Files\Defcon
2008-03-21 10:15 . 1994-11-01 02:00 92,208 --a------ C:\WINDOWS\system32\WING.DLL
2008-03-21 10:15 . 1994-11-01 02:00 12,800 --a------ C:\WINDOWS\system32\WING32.DLL
2008-03-21 10:09 . 2008-03-21 10:11 <DIR> d-------- C:\Program Files\Command and Conquer Red Alert 2
2008-03-20 15:44 . 2008-03-20 15:44 <DIR> d-------- C:\SPACE
2008-03-20 15:44 . 2008-03-20 15:44 26,112 --a------ C:\WINDOWS\WAVEMIX.DLL
2008-03-20 15:44 . 2008-03-20 15:44 21,008 --a------ C:\WINDOWS\CTL3D.DLL
2008-03-20 15:44 . 2008-03-20 15:44 2,552 --a------ C:\WINDOWS\WAVEMIX.INI
2008-03-20 15:44 . 2008-03-20 17:44 799 --a------ C:\WINDOWS\INSPACE.INI
2008-03-20 15:44 . 2008-03-20 15:44 30 --a------ C:\WINDOWS\INSPACE.BAK
2008-03-14 18:28 . 2008-03-14 18:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CCP
2008-03-13 19:06 . 2008-03-13 19:06 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 18:58 . 2008-03-22 13:42 <DIR> d-------- C:\Program Files\EVE Online
2008-03-11 21:51 . 2008-03-11 21:51 <DIR> d-------- C:\Program Files\Legacy Launcher
2008-03-11 16:37 . 2008-03-11 16:37 615 --a------ C:\WINDOWS\eReg.dat
2008-03-11 16:26 . 2008-03-22 14:06 <DIR> d-------- C:\Program Files\Command and Conquer Generals
2008-03-09 12:23 . 2008-03-31 15:59 <DIR> d-------- C:\Program Files\Photoshop 7.0
2008-03-09 12:23 . 2008-03-09 12:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-09 12:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-03-08 23:45 . 2008-03-08 23:45 <DIR> d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files
2008-03-08 23:45 . 2008-03-08 23:45 <DIR> d-------- C:\Program Files\SmartFTP Client
2008-03-08 23:45 . 2008-03-08 23:45 <DIR> d-------- C:\Documents and Settings\Charles\Application Data\SmartFTP
2008-03-08 00:17 . 2008-03-21 20:16 <DIR> d-------- C:\Program Files\VentSrv
2008-03-07 20:17 . 2008-03-07 20:20 <DIR> d-------- C:\ROMS
2008-03-07 20:16 . 2008-03-07 20:17 <DIR> d-------- C:\EMULATORS
2008-03-06 22:17 . 2008-03-06 22:19 <DIR> d-------- C:\Program Files\Xvid
2008-03-06 22:17 . 2007-06-28 19:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-03-06 20:55 . 2008-03-06 20:55 <DIR> d-------- C:\WINDOWS\nview
2008-03-06 20:55 . 2008-03-06 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-06 20:49 . 2008-03-06 20:51 <DIR> d-------- C:\WINDOWS\nview(2)
2008-03-06 20:49 . 2008-03-22 21:43 164,081 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-06 20:49 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-03-06 20:49 . 2007-12-05 02:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-06 19:11 . 2008-03-06 20:55 <DIR> d-------- C:\WINDOWS\NV50805176.TMP
2008-03-05 20:17 . 2008-03-05 20:17 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-03-05 20:10 . 2008-03-05 20:19 <DIR> d-------- C:\Program Files\Crysis
2008-03-03 00:47 . 2008-03-03 00:48 <DIR> d-------- C:\Program Files\Synaesthete

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 21:46 --------- d-----w C:\Documents and Settings\Charles\Application Data\Xfire
2008-04-03 21:32 --------- d-----w C:\Program Files\Steam
2008-04-02 03:57 --------- d-----w C:\Program Files\Java
2008-04-02 01:01 --------- d-----w C:\Program Files\World of Warcraft
2008-04-01 19:19 --------- d-----w C:\Program Files\McAfee
2008-03-28 21:19 --------- d-----w C:\Program Files\Songbird
2008-03-28 02:49 --------- d-----w C:\Program Files\Call of Duty 4 - Modern Warfare
2008-03-27 01:50 --------- d-----w C:\Documents and Settings\Charles\Application Data\uTorrent
2008-03-26 22:21 --------- d-----w C:\Program Files\P2kCommander
2008-03-26 01:24 --------- d-----w C:\Program Files\Xfire
2008-03-24 05:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-23 14:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-23 01:47 510,840 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2008-03-23 01:47 --------- d-----w C:\Program Files\dBpoweramp
2008-03-22 22:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-21 14:32 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-12 23:26 --------- d-----w C:\Program Files\Company Of Heroes
2008-03-09 03:56 --------- d-----w C:\Program Files\AMX Mod X
2008-03-08 01:34 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-06 00:18 22,328 ----a-w C:\Documents and Settings\Charles\Application Data\PnkBstrK.sys
2008-02-29 23:10 --------- d-----w C:\Program Files\Fable
2008-02-29 22:57 --------- d-----w C:\Documents and Settings\Charles\Application Data\dBpoweramp
2008-02-29 22:57 --------- d-----w C:\Documents and Settings\Charles\Application Data\AccurateRip
2008-02-29 22:52 --------- d-----w C:\Documents and Settings\Charles\Application Data\Apple Computer
2008-02-29 20:34 --------- d-----w C:\Documents and Settings\Charles\Application Data\Nero8
2008-02-29 20:28 --------- d-----w C:\Documents and Settings\Charles\Application Data\Nero
2008-02-29 20:26 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-29 20:24 --------- d-----w C:\Program Files\Nero
2008-02-29 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-29 01:06 --------- d-----w C:\Program Files\QuickTime
2008-02-29 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-27 03:36 --------- d-----w C:\Program Files\Star Wars Jedi Knight Jedi Academy
2008-02-27 02:42 --------- d-----w C:\Program Files\BOTS
2008-02-27 02:24 --------- d-----w C:\Program Files\Knight Online
2008-02-25 21:04 --------- d-----w C:\Documents and Settings\Charles\Application Data\GarageGames
2008-02-24 20:12 --------- d-----w C:\Program Files\Microsoft Games
2008-02-24 20:11 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-24 04:18 --------- d-----w C:\Program Files\Lunia
2008-02-23 21:03 --------- d-----w C:\Program Files\Audiosurf
2008-02-21 04:13 --------- d-----w C:\Program Files\Haali
2008-02-21 04:13 --------- d-----w C:\Program Files\doubleTwist
2008-02-21 02:45 --------- d-----w C:\Program Files\Rockstar Games
2008-02-21 00:21 --------- d-----w C:\Program Files\FLV Player
2008-02-20 04:04 --------- d-----w C:\Documents and Settings\Charles\Application Data\Ventrilo
2008-02-19 04:14 --------- d-----w C:\Documents and Settings\Charles\Application Data\mIRC
2008-02-18 20:48 --------- d-----w C:\Program Files\Cheat Engine
2008-02-18 14:23 --------- d-----w C:\Program Files\mIRC
2008-02-15 03:55 --------- d-----w C:\Program Files\Zuma Deluxe
2008-02-14 03:35 --------- d-----w C:\Program Files\Full Tilt Poker
2008-02-13 22:42 --------- d-----w C:\Program Files\ToneThis 3.0
2008-02-11 03:30 --------- d-----w C:\Program Files\TI Education
2008-02-11 03:30 --------- d-----w C:\Program Files\Common Files\TI Shared
2008-02-10 17:06 --------- d-----w C:\Documents and Settings\Charles\Application Data\Skype
2008-02-10 17:05 --------- d-----w C:\Documents and Settings\Charles\Application Data\skypePM
2008-02-10 06:04 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-09 03:50 --------- d-----w C:\Program Files\Motorola
2008-02-09 01:13 --------- d-----w C:\Program Files\BitPim
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-02-09 01:10 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-02-09 01:09 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-02-06 23:07 --------- d-----w C:\Program Files\Google
2008-02-06 14:51 171,400 ----a-w C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-05 20:39 --------- d-----w C:\Program Files\Skype
2008-02-05 20:32 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-05 20:31 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-05 20:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-04 21:05 --------- d-----w C:\Program Files\Sun
2008-01-23 22:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}

[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-01-05 15:03 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-07-27 08:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [2008-01-17 12:51 486856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-21 15:52 202024]
"P2kAutostart"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 22:54 16116224 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 21:17 8527872]
"nwiz"="nwiz.exe" [2007-10-25 21:17 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 21:17 81920]
"Launch LCDMon"="C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 18:43 2051096]
"Launch LGDCore"="C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 18:57 2095640]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 11:16 37376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 17:48 479232]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-10 12:40 1828136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\day of defeat\\hl.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\BitPim\\bitpimw.exe"=
"C:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\HLServer\\hlds.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\day of defeat source\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\counter-strike\\hl.exe"=
"C:\\Program Files\\Microsoft Games\\Dungeon Siege\\DSLOA.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\ricochet\\hl.exe"=
"C:\\Program Files\\Star Wars Jedi Knight Jedi Academy\\GameData\\jamp.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Company Of Heroes\\RelicCOH.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Command and Conquer Generals\\game.dat"=
"C:\\Program Files\\Command and Conquer Red Alert 2\\GAME.EXE"=
"C:\\Program Files\\Defcon\\defcon.exe"=
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"C:\\Program Files\\Grand Chase\\main.exe"=
"C:\\Program Files\\Steam\\steamapps\\josev_karloski\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=

S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 15:18]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-15 05:00:01 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 06:00:05 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 17:49:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-03 17:50:25
ComboFix-quarantined-files.txt 2008-04-03 21:50:04
ComboFix2.txt 2008-04-03 21:21:28
Pre-Run: 338,208,321,536 bytes free
Post-Run: 338,182,131,712 bytes free
.
2008-03-11 20:48:44 --- E O F ---




Anti-Malware

Malwarebytes' Anti-Malware 1.10
Database version: 587

Scan type: Quick Scan
Objects scanned: 30425
Time elapsed: 7 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:37 PM

Posted 03 April 2008 - 05:06 PM

Go ahead and uninstall Malwarebytes' if you wish.

Please post a fresh HijackThis log. How does the system appear to be running at the moment? :thumbsup:
Hi there, stranger!

#7 Tabu34

Tabu34
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 April 2008 - 05:09 PM

My browser is updating as it used to, I think that may have gotten it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:21 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Xfire\xfire.exe
C:\Documents and Settings\Charles\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe

--
End of file - 8243 bytes

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:37 PM

Posted 03 April 2008 - 05:15 PM

Looking good. :thumbsup:


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\jre1.6.0_05\bin\ssv.dll (file missing)


This one looks weird. Do you have a L:\ drive?

Might want to follow these instructions for uninstallation and reinstallation of Java...
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 5...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. They should have next icon next to it: Posted Image
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u5-windows-i586-p.exe to install the newest version.
Now to clean out the Java cache:

Go into the Control Panel and double-click the Java Icon.
  • Under Temporary Internet Files, click the Settings button.
  • Then click Delete Files...
  • There are two options in the window to clear the cache - Leave BOTH checked
Applications and Applets
Trace and Log Files

  • Click OK on Delete Temporary Files window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.
-------

Other than that...

Click Start -> Run and type in:

ComboFix /u

Click on OK. When shown the disclaimer, select 2.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware:

Detect and Remove Programs:Prevention Programs:
  • Comodo BOClean <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
  • SpywareBlaster <= SpywareBlaster will prevent spyware from being installed. Detailed installation guide provided.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known adsites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Other necessary Programs:
  • Antivirus Program <= An antivirus program is a must! Whether it is a free version like Avast! or Anti-Vir, or a shareware version like NOD32 this is a must have. (Note to only use 1 at-the-time)
  • Firewall <= A firewall is definitely a must have. Two good free versions are Comodo and Online Armor. (Note to only use 1 at-the-time)
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice:
So how did I get infected in the first place?

Setup guide for Comodo Firewall
Setup guide for Avast! 4 Free
Setup guide for AVG Free Antivirus
Hi there, stranger!

#9 Tabu34

Tabu34
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 03 April 2008 - 05:17 PM

oh yeah, thats when i installed java onto my iPod. I also have a good install on my actual computer. Should i just fix that entry?

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:37 PM

Posted 03 April 2008 - 05:21 PM

Yup, you can fix these two aswell:

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - L:\jre1.6.0_05\bin\ssv.dll (file missing)


McAfee isn't really the best product out there.. Might want to check the alternatives.

Think I'm off to bed - it's late and enough system cleaning for the day. :thumbsup:

G'd night and cheers. Take a look at the preventative measures I winked.. Will help in the long run.
Hi there, stranger!

#11 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:09:37 PM

Posted 11 April 2008 - 04:34 AM

Since this issue appears to be resolved, this topic has been closed.

Feel free to start a new topic should another issue arise. :thumbsup:
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users