Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Was Told To Post In Here.


  • This topic is locked This topic is locked
4 replies to this topic

#1 tia08

tia08

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 03 July 2008 - 09:29 AM

Was referred by the thread below to do this.
http://www.bleepingcomputer.com/forums/ind...mp;#entry871224

My log.

main.txt file

Deckard's System Scanner v20071014.68
Run by DRTO on 2008-07-04 00:12:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 4 Restore Point(s) --
4: 2008-07-03 06:03:23 UTC - RP99 - Avg8 Update
3: 2008-07-02 10:19:48 UTC - RP97 - Windows Defender Checkpoint
2: 2008-07-02 07:14:21 UTC - RP95 - Installed WinDVD
1: 2008-07-02 07:08:47 UTC - RP93 - Installed DirectX


Backed up registry hives.
Performed disk cleanup.

[color=red]Percentage of Memory in Use: 84% (more than 75%).[/color]
[color=red]Total Physical Memory: 446 MiB (1024 MiB recommended).[/color]


-- HijackThis (run as DRTO.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:30 AM, on 7/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\DRTO\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DRTO.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8458 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].reg - regfile - shell\open\command - regedit.exe "%1" %*[/COLOR]
[COLOR=red].scr - scrfile - shell\open\command - "%1" %*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 systemCheck (SystemWindows) - "c:\windows\system32\systemcheck.exe" <Not Verified; Microsoft Corporation; BIOS Drivers for harddrive>

S2 SysCacheDriver - "c:\windows\system32\syssecuritycheck.exe" <Not Verified; Microsoft Corporation; BIOS Drivers for harddrive>
S3 Symantec Core LC - "c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-02 19:23:54	   284 --a------ C:\Windows\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-04 00:20:06		 0 d-------- C:\Program Files\Trend Micro
2008-07-02 21:20:59		 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 17:37:06		88 -r-hs---- C:\Users\All Users\F7BC8326D8.sys
2008-07-02 17:37:05	  5018 --ahs---- C:\Users\All Users\KGyGaAvL.sys
2008-07-02 17:30:52		 0 d-------- C:\Program Files\QuickTime
2008-07-02 17:27:57		 0 d-------- C:\Program Files\Apple Software Update
2008-07-02 17:26:58		 0 d-------- C:\Users\All Users\Apple Computer
2008-07-02 17:20:53		 0 d-------- C:\Program Files\InterVideo
2008-07-02 17:20:50		 0 d-------- C:\Program Files\Common Files\InterVideo
2008-07-02 17:20:47		 0 d-------- C:\Program Files\Common Files\Protexis
2008-07-02 17:19:22		 0 d-------- C:\Program Files\Corel
2008-06-30 02:06:35		 0 d-------- C:\Users\All Users\Graboid Inc
2008-06-30 02:02:36		 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-30 02:00:49		 0 d-------- C:\Program Files\VideoLAN
2008-06-18 02:50:46		 0 d-------- C:\Program Files\FrostWire
2008-06-14 02:41:28		 0 d-------- C:\Users\All Users\InstallShield
2008-06-14 02:36:30		 0 d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-06-14 02:34:59		 0 d-------- C:\Program Files\Jasc Software Inc
2008-06-14 00:03:10		88 -r-hs---- C:\Windows\system32\F7BC8326D8.sys
2008-06-14 00:03:09	  2516 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-06-13 23:59:56		 0 d-------- C:\Users\All Users\Corel
2008-06-13 16:14:09		 0 d-------- C:\Users\All Users\WindowsSearch
2008-06-13 15:27:45		 0 d-------- C:\Users\All Users\WinZip
2008-06-13 07:02:22		 0 d-------- C:\Users\All Users\Innovative Solutions
2008-06-12 23:13:19		 0 d-------- C:\Users\All Users\Adobe Systems
2008-06-12 22:58:50		 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-11 03:04:44		 0 d-------- C:\Windows\PCHEALTH
2008-06-08 20:03:59		 0 d-------- C:\Program Files\VistaCodecPack
2008-06-08 19:59:57		 0 d-------- C:\Users\All Users\VistaCodecs
2008-06-08 19:41:14		 0 d-------- C:\Program Files\DivX
2008-06-05 16:04:16		 0 d-------- C:\Users\All Users\Yahoo! Companion


-- Find3M Report ---------------------------------------------------------------

2008-07-02 17:41:03		 0 d-------- C:\Users\DRTO\AppData\Roaming\Corel
2008-07-02 17:24:35		 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 17:20:50		 0 d-------- C:\Program Files\Common Files
2008-07-02 15:53:54		 0 d-------- C:\Program Files\HP
2008-07-01 21:37:23		 0 d-------- C:\Users\DRTO\AppData\Roaming\dvdcss
2008-06-30 02:05:45		 0 d-------- C:\Users\DRTO\AppData\Roaming\MozillaControl
2008-06-20 23:20:00		 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-18 02:39:05		 0 d-------- C:\Users\DRTO\AppData\Roaming\LimeWire
2008-06-18 02:20:21		 0 d-------- C:\Users\DRTO\AppData\Roaming\Mozilla
2008-06-17 21:01:38		 0 d-------- C:\Users\DRTO\AppData\Roaming\Template
2008-06-16 01:28:06		 0 d-------- C:\Users\DRTO\AppData\Roaming\Adobe
2008-06-15 11:41:56		 0 d-------- C:\Users\DRTO\AppData\Roaming\Opera
2008-06-15 11:34:04   2039808 -r-h----- C:\Windows\system32\systemcheck.exe <Not Verified; Microsoft Corporation; BIOS Drivers for harddrive>
2008-06-15 11:32:59   2113536 -r-h----- C:\Windows\system32\sysSecurityCheck.exe <Not Verified; Microsoft Corporation; BIOS Drivers for harddrive>
2008-06-14 02:36:30		 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-14 02:34:59		 0 d-------- C:\Users\DRTO\AppData\Roaming\Jasc Software Inc
2008-06-13 23:07:47		 0 d-------- C:\Users\DRTO\AppData\Roaming\InstallShield
2008-06-13 03:37:25		 0 d-------- C:\Users\DRTO\AppData\Roaming\Real
2008-06-12 22:40:36		 0 d-------- C:\Users\DRTO\AppData\Roaming\WinRAR
2008-06-12 04:19:43		 0 d-------- C:\Program Files\Windows Mail
2008-06-09 00:30:18	   126 --a------ C:\Users\DRTO\AppData\Roaming\wklnhst.dat
2008-06-08 20:01:18		 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-08 19:57:05		 0 d-------- C:\Users\DRTO\AppData\Roaming\DivX
2008-06-06 03:13:36		 0 d-------- C:\Users\DRTO\AppData\Roaming\SmartFTP
2008-05-28 21:31:39		 0 d-------- C:\Program Files\Java
2008-05-27 22:35:31		 0 d-------- C:\Users\DRTO\AppData\Roaming\Jasc
2008-05-26 21:49:50		 0 d-------- C:\Program Files\MP4TOOL
2008-05-26 18:28:52	962560 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-05-25 17:26:17		 0 d-------- C:\Program Files\CCleaner
2008-05-25 04:16:57		 0 d-------- C:\Users\DRTO\AppData\Roaming\Malwarebytes
2008-05-25 03:17:59		 0 d-------- C:\Program Files\AVG
2008-05-25 00:59:20		 0 d-------- C:\Program Files\Windows Defender
2008-05-21 16:47:25		 0 d-------- C:\Users\DRTO\AppData\Roaming\MSNInstaller
2008-05-20 22:56:37		 0 d-------- C:\Users\DRTO\AppData\Roaming\Talkback
2008-05-20 22:55:41		 0 --a------ C:\Windows\nsreg.dat
2008-05-20 16:55:37		 0 d-------- C:\Users\DRTO\AppData\Roaming\CyberLink
2008-05-20 13:49:31		 0 d-------- C:\Users\DRTO\AppData\Roaming\FrostWire
2008-05-20 02:29:57		 0 d-------- C:\Program Files\Logitech
2008-05-20 02:18:38		 0 d-------- C:\Users\DRTO\AppData\Roaming\NCH Swift Sound
2008-05-19 22:58:27		 0 d-------- C:\Program Files\SmartFTP Client
2008-05-19 22:51:29		 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-19 02:42:27		 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-18 13:26:30		 0 d-------- C:\Program Files\Windows Live
2008-05-18 13:24:52		 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-16 20:48:56		 0 d-------- C:\Program Files\Common Files\Java
2008-05-16 18:53:40		 0 d-------- C:\Program Files\Canon
2008-05-16 18:39:43		 0 d-------- C:\Program Files\Common Files\Canon
2008-05-16 17:00:41		 0 d-------- C:\Program Files\Microsoft.NET
2008-05-16 17:00:41		 0 d-------- C:\Program Files\Microsoft Works
2008-05-16 13:11:55		 0 d-------- C:\Users\DRTO\AppData\Roaming\WildTangent
2008-05-15 15:30:44		 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-15 15:22:21		 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-15 11:48:14	   174 --ahs---- C:\Program Files\desktop.ini
2008-05-15 11:29:13		 0 d-------- C:\Program Files\Windows Calendar
2008-05-15 11:29:09		 0 d-------- C:\Program Files\Windows Sidebar
2008-05-15 11:29:08		 0 d-------- C:\Program Files\Movie Maker
2008-05-15 11:29:01		 0 d-------- C:\Program Files\Windows Collaboration
2008-05-15 11:29:00		 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-15 09:50:00	152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-14 16:32:16		 0 d-------- C:\Program Files\Realtek
2008-05-14 15:28:12		 0 d-------- C:\Users\DRTO\AppData\Roaming\WinBatch
2008-05-14 15:23:55		 0 d-------- C:\Program Files\MSXML 4.0
2008-05-14 15:02:18		 0 d-------- C:\Users\DRTO\AppData\Roaming\Snapfish
2008-05-14 14:59:56		 0 d-------- C:\Users\DRTO\AppData\Roaming\Identities
2008-05-14 14:54:32		 0 d-------- C:\Users\DRTO\AppData\Roaming\Macromedia
2008-05-14 14:49:30		 0 d-------- C:\Users\DRTO\AppData\Roaming\Hewlett-Packard
2008-04-12 07:41:20	180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 07:30:20	765952 --a------ C:\Windows\system32\xvidcore.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
07/03/2008 04:02 PM	2055960	--a------	C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/03/2008 04:02 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/18/2008 11:38 PM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 11:42 PM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 08:59 PM]
"RtHDVCpl"="RtHDVCpl.exe" [01/15/2008 11:26 AM C:\WINDOWS\RtHDVCpl.exe]
"@"="" []
"SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [03/03/2007 07:55 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"PDUiP6220DMon"="C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [10/03/2006 01:12 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 04:02 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/18/2008 11:33 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Users\DRTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/18/2008 10:34:33 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [3/3/2007 7:55:02 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted	hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork	PLA DPS BFE mpssvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62bab98c-32c1-11dd-be74-001921feae87}]
AutoRun\command- F:\q83iwmgf.bat
explore\Command- F:\q83iwmgf.bat
open\Command- F:\q83iwmgf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85dfdbbb-21fd-11dd-895c-001921feae87}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com

8382 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-04 00:24:35 ------------

Extra.txt File

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic  (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3800+
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 445.76 MiB / 85.62 MiB
Pagefile Memory (total/avail): 1434.46 MiB / 708.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.24 MiB

C: is Fixed (NTFS) - 103.41 GiB total, 84.69 GiB free. 
D: is Fixed (NTFS) - 8.38 GiB total, 1.01 GiB free. 
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST312021 3AS SCSI Disk Device - 111.79 GiB - 2 partitions
  \PARTITION0 (bootable) - Installable File System - 103.41 GiB - C:
  \PARTITION1 - Installable File System - 8.38 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Norton Internet Security v2007 (Symantec Corporation) [COLOR=RED]Disabled[/COLOR]
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Norton Internet Security v2007 (Symantec Corporation) [COLOR=RED]Outdated[/COLOR]
AS: AVG Anti-Virus Free v8.0 (AVG Technologies) [COLOR=RED]Disabled[/COLOR]
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: Norton Internet Security v2007 (Symantec Corporation) [COLOR=RED]Outdated[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\DRTO\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DRTO-PCF1N
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\DRTO
LOCALAPPDATA=C:\Users\DRTO\AppData\Local
LOGONSERVER=\\DRTO-PCF1N
NUMBER_OF_PROCESSORS=1
OnlineServices=Online Services
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PCBRAND=Presario
PLATFORM=HPD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=5f02
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\DRTO\AppData\Local\Temp
TMP=C:\Users\DRTO\AppData\Local\Temp
USERDOMAIN=DRTO-PCF1N
USERNAME=DRTO
USERPROFILE=C:\Users\DRTO
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

DRTO


-- Add/Remove Programs ---------------------------------------------------------

 --> "C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
 --> "C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
 --> "C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
 --> "C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
 --> "C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
 --> "C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
 --> "C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
 --> "C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
 --> "C:\Program Files\HP Games\Cue Master\Uninstall.exe"
 --> "C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
 --> "C:\Program Files\HP Games\Family Feud\Uninstall.exe"
 --> "C:\Program Files\HP Games\FATE\Uninstall.exe"
 --> "C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
 --> "C:\Program Files\HP Games\Flip Words\Uninstall.exe"
 --> "C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
 --> "C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
 --> "C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
 --> "C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
 --> "C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
 --> "C:\Program Files\HP Games\Otto\Uninstall.exe"
 --> "C:\Program Files\HP Games\Overball\Uninstall.exe"
 --> "C:\Program Files\HP Games\Penguins!\Uninstall.exe"
 --> "C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
 --> "C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
 --> "C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
 --> "C:\Program Files\HP Games\Polar Tubing\Uninstall.exe"
 --> "C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
 --> "C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
 --> "C:\Program Files\HP Games\Super Granny\Uninstall.exe"
 --> "C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
 --> "C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
 --> "C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Canon Inkjet Printer Driver Add-On Module --> C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -R
Canon iP6220D --> C:\Windows\system32\CNMCP7C.exe "-PRINTERNAMECanon iP6220D" "-HELPERDLLC:\ProgramData\CanonBJ\IJPrinter\CNMWindows\Canon iP6220D Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon iP6220D Memory Card Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD62878E-7631-4D9D-9983-6F30DA4D7FF8}\setup.exe"  /PDUUninstall
Canon PhotoRecord --> MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Corel WinDVD 9 --> C:\Program Files\InstallShield Installation Information\{E3993D46-AE3F-402E-9F9D-EEBDFBEC3564}\setup.exe -runfromtemp -l0x0409
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy-WebPrint --> C:\Windows\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
FrostWire 4.13.5 --> C:\Program Files\FrostWire\Uninstall.exe
Hardware Diagnostic Tools --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
HP Customer Experience Enhancements --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9  -removeonly
HP Customer Feedback --> MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9  -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator --> C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.0 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Total Care Advisor --> MsiExec.exe /X{2990BC81-3B19-4E53-A53E-30DE3F1BFFA8}
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Jasc Paint Shop Pro 9 --> MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Logitech QuickCapture Gadget --> MsiExec.exe /X{F2EC3CA2-1136-45C1-B5AE-AB03DED6E98C}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla ActiveX Control v1.7.12 --> C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
muvee autoProducer 6.0 --> C:\Program Files\InstallShield Installation Information\{6AF49698-949A-4C89-9B31-041D2CCB5FBD}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games --> "C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Python 2.4.3 --> MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio --> MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive --> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools --> MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9 --> MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SmartFTP Client --> MsiExec.exe /I{6F23C1A3-9F62-470C-BD12-B83F04E67865}
SmartFTP Client 3.0 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 3.0 Setup Files\uninst-sftp.exe
Snapfish Media Detector --> MsiExec.exe /X{4EF6FDB0-3B11-4820-9860-8E08E9965195}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Surround Mp4 Tool 3.0.4 --> "C:\Program Files\MP4TOOL\uninstall.exe"
Update for Office 2007 (KB932080) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4492 / Error
Event Submitted/Written: 07/03/2008 04:03:10 PM
Event ID/Source: 8194 / VSS
Event Description:
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {36765b8b-245f-4ee7-9b3b-2923ef12178f}

Event Record #/Type4490 / Success
Event Submitted/Written: 07/03/2008 03:56:29 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type4483 / Success
Event Submitted/Written: 07/03/2008 03:54:36 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type4480 / Success
Event Submitted/Written: 07/03/2008 03:54:00 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type4469 / Success
Event Submitted/Written: 07/03/2008 05:52:12 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type27723 / Warning
Event Submitted/Written: 07/03/2008 07:48:12 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%DRTO-PCF1N27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. %DRTO-PCF1N27 can't undo changes that you allow.

For more information please see the following:
%DRTO-PCF1N275

	Scan ID: {AD73B96B-6F8F-4052-A513-541258F930D3}

	User: DRTO-PCF1N\DRTO

	Name: %DRTO-PCF1N271

	ID: %DRTO-PCF1N272

	Severity ID: %DRTO-PCF1N273

	Category ID: %DRTO-PCF1N274

	Path Found: %DRTO-PCF1N276

	Alert Type: %DRTO-PCF1N278

	Detection Type: 1.1.1600.02

Event Record #/Type27607 / Error
Event Submitted/Written: 07/03/2008 03:53:33 PM
Event ID/Source: 15016 / HTTP
Event Description:
\Device\Http\ReqQueueKerberos

Event Record #/Type27576 / Warning
Event Submitted/Written: 07/03/2008 06:27:21 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type27572 / Warning
Event Submitted/Written: 07/03/2008 06:08:10 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type27571 / Warning
Event Submitted/Written: 07/03/2008 06:08:10 AM
Event ID/Source: 51 / cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-07-04 00:24:35 ------------


BC AdBot (Login to Remove)

 


#2 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:20 PM

Posted 03 July 2008 - 01:59 PM

Welcome to forums!

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

I see you already have used Malwarebytes Anti-Malware, that is very good :thumbsup:

Are you still receiving problems?

Something i notice is :

AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled

Did you disable it? If you did not, please enable it if possible.

Also, you seem to be running Windows Firewall.

See Here: http://support.microsoft.com/kb/283673 ( How to disable windows firewall )

Windows Firewall is quite poor with its abilities so we reccomend you download one of these below ( Make sure windows firewall is now Disabled! )

Comodo OR Kerio are FREE firewalls.

I recommend COMODO!

Installation Guide step by step HERE

After successfull installation, please reboot your computer.

============

Download GMER and Unzip it to the desktop.

Unzip it and double click the gmer.exe file

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

============

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  • Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
In your next reply please post a Fresh Deckard's system scanner report & gmer report.

Thank you.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image

#3 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 04 July 2008 - 01:27 AM

Something i notice is :
QUOTE
AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled


I look into the AVG and everything said Active so I'm guessing it is enabled?

Also, you seem to be running Windows Firewall.

See Here: http://support.microsoft.com/kb/283673 ( How to disable windows firewall )

Windows Firewall is quite poor with its abilities so we reccomend you download one of these below ( Make sure windows firewall is now Disabled! )

Comodo OR Kerio are FREE firewalls.

I recommend COMODO!

Installation Guide step by step HERE

After successfull installation, please reboot your computer.


I did that.
Unfortunately I don't know how to run that?
I tried dong what that help website told me but it keeps making me accept programs like AVG.
& It's telling me that it suspects DSS as a malware but I don't think it is - since someone here told me to download it.

how do i know it's protecting and running good on my computer?
ALSO It keeps having these pop ups asking me to approve or something - it gets on my nerves cause even if i am installing something.
it pops up.




Download GMER and Unzip it to the desktop.

Unzip it and double click the gmer.exe file

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.


I downloaded that - BUT. when i was running it , it gave me a blue screen & I had to restart I didn't want anything to happen so i deleted it.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

* Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
* Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
* Click the "Download" button to the right.
* Select the Windows platform from the dropdown menu.
* Read the License Agreement and then check the box that says: "Accept License Agreement". Click on Continue.The page will refresh.
* Click on the link to download Windows Offline Installation and save the file to your desktop.
* Close any programs you may have running - especially your web browser.
* Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
* Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
* Click the Remove or Change/Remove button.
* Repeat as many times as necessary to remove each Java versions.
* Reboot your computer once all Java components are removed.
* Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.

* After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
o On the General tab, under Temporary Internet Files, click the Settings button.
o Next, click on the Delete Files button
o There are two options in the window to clear the cache - Leave BOTH Checked
Applications and Applets
Trace and Log Files
o Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
o Click OK to leave the Temporary Files Window
o Click OK to leave the Java Control Panel.


In your next reply please post a Fresh Deckard's system scanner report & gmer report.

Thank you.


I downloaded that java thing but it keeps saying
"Failed to connect".... not sure what's wrong.

Fresh Deckard's system scanner report

Deckard's System Scanner v20071014.68
Run by DRTO on 2008-07-04 16:14:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 77% (more than 75%).
Total Physical Memory: 446 MiB (1024 MiB recommended).


-- HijackThis (run as DRTO.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-04 16:19:15
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\taskeng.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\COMODO\Firewall\cfpconfg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\DRTO\Desktop\dss.exe
C:\Program Files\Trend Micro\HijackThis\DRTO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SnapfishMediaDetector] C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PDUiP6220DMon] C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} () - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpqdktp/downloads/sysinfo.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} () - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll C:\Windows\system32\guard32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\System32\drivers\XAudio.exe


--
End of file - 9558 bytes

-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-04 15:52:39 0 d-------- C:\Users\DRTO\.SunDownloadManager
2008-07-04 13:42:17 0 d-------- C:\Users\All Users\comodo
2008-07-04 13:42:11 0 d-------- C:\Program Files\COMODO
2008-07-04 00:20:06 0 d-------- C:\Program Files\Trend Micro
2008-07-02 21:20:59 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-02 17:37:06 88 -r-hs---- C:\Users\All Users\F7BC8326D8.sys
2008-07-02 17:37:05 5018 --ahs---- C:\Users\All Users\KGyGaAvL.sys
2008-07-02 17:30:52 0 d-------- C:\Program Files\QuickTime
2008-07-02 17:27:57 0 d-------- C:\Program Files\Apple Software Update
2008-07-02 17:26:58 0 d-------- C:\Users\All Users\Apple Computer
2008-07-02 17:20:53 0 d-------- C:\Program Files\InterVideo
2008-07-02 17:20:50 0 d-------- C:\Program Files\Common Files\InterVideo
2008-07-02 17:20:47 0 d-------- C:\Program Files\Common Files\Protexis
2008-07-02 17:19:22 0 d-------- C:\Program Files\Corel
2008-06-30 02:06:35 0 d-------- C:\Users\All Users\Graboid Inc
2008-06-30 02:02:36 0 d-------- C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-06-30 02:00:49 0 d-------- C:\Program Files\VideoLAN
2008-06-18 02:50:46 0 d-------- C:\Program Files\FrostWire
2008-06-14 02:41:28 0 d-------- C:\Users\All Users\InstallShield
2008-06-14 02:36:30 0 d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-06-14 02:34:59 0 d-------- C:\Program Files\Jasc Software Inc
2008-06-14 00:03:10 88 -r-hs---- C:\Windows\system32\F7BC8326D8.sys
2008-06-14 00:03:09 2516 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-06-13 23:59:56 0 d-------- C:\Users\All Users\Corel
2008-06-13 16:14:09 0 d-------- C:\Users\All Users\WindowsSearch
2008-06-13 15:27:45 0 d-------- C:\Users\All Users\WinZip
2008-06-13 07:02:22 0 d-------- C:\Users\All Users\Innovative Solutions
2008-06-12 23:13:19 0 d-------- C:\Users\All Users\Adobe Systems
2008-06-12 22:58:50 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-06-11 03:04:44 0 d-------- C:\Windows\PCHEALTH
2008-06-08 20:03:59 0 d-------- C:\Program Files\VistaCodecPack
2008-06-08 19:59:57 0 d-------- C:\Users\All Users\VistaCodecs
2008-06-08 19:41:14 0 d-------- C:\Program Files\DivX
2008-06-05 16:04:16 0 d-------- C:\Users\All Users\Yahoo! Companion


-- Find3M Report ---------------------------------------------------------------

2008-07-04 16:21:01 0 d-------- C:\Program Files\Java
2008-07-04 13:42:18 0 d-------- C:\Users\DRTO\AppData\Roaming\Comodo
2008-07-02 17:41:03 0 d-------- C:\Users\DRTO\AppData\Roaming\Corel
2008-07-02 17:24:35 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-02 17:20:50 0 d-------- C:\Program Files\Common Files
2008-07-02 15:53:54 0 d-------- C:\Program Files\HP
2008-07-01 21:37:23 0 d-------- C:\Users\DRTO\AppData\Roaming\dvdcss
2008-06-30 02:05:45 0 d-------- C:\Users\DRTO\AppData\Roaming\MozillaControl
2008-06-20 23:20:00 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-18 02:39:05 0 d-------- C:\Users\DRTO\AppData\Roaming\LimeWire
2008-06-18 02:20:21 0 d-------- C:\Users\DRTO\AppData\Roaming\Mozilla
2008-06-17 21:01:38 0 d-------- C:\Users\DRTO\AppData\Roaming\Template
2008-06-16 01:28:06 0 d-------- C:\Users\DRTO\AppData\Roaming\Adobe
2008-06-15 11:41:56 0 d-------- C:\Users\DRTO\AppData\Roaming\Opera
2008-06-15 11:34:04 2039808 -r-h----- C:\Windows\system32\systemcheck.exe <Not Verified; Microsoft Corporation; BIOS Drivers for harddrive>
2008-06-15 11:32:59 2113536 -r-h----- C:\Windows\system32\sysSecurityCheck.exe <Not Verified; Microsoft Corporation; BIOS Drivers for harddrive>
2008-06-14 02:36:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-14 02:34:59 0 d-------- C:\Users\DRTO\AppData\Roaming\Jasc Software Inc
2008-06-13 23:07:47 0 d-------- C:\Users\DRTO\AppData\Roaming\InstallShield
2008-06-13 03:37:25 0 d-------- C:\Users\DRTO\AppData\Roaming\Real
2008-06-12 22:40:36 0 d-------- C:\Users\DRTO\AppData\Roaming\WinRAR
2008-06-12 04:19:43 0 d-------- C:\Program Files\Windows Mail
2008-06-09 00:30:18 126 --a------ C:\Users\DRTO\AppData\Roaming\wklnhst.dat
2008-06-08 20:01:18 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-08 19:57:05 0 d-------- C:\Users\DRTO\AppData\Roaming\DivX
2008-06-06 03:13:36 0 d-------- C:\Users\DRTO\AppData\Roaming\SmartFTP
2008-05-27 22:35:31 0 d-------- C:\Users\DRTO\AppData\Roaming\Jasc
2008-05-26 21:49:50 0 d-------- C:\Program Files\MP4TOOL
2008-05-26 18:28:52 962560 --a------ C:\Windows\system32\VSFilter.dll <Not Verified; Gabest; VSFilter>
2008-05-25 17:26:17 0 d-------- C:\Program Files\CCleaner
2008-05-25 04:16:57 0 d-------- C:\Users\DRTO\AppData\Roaming\Malwarebytes
2008-05-25 03:17:59 0 d-------- C:\Program Files\AVG
2008-05-25 00:59:20 0 d-------- C:\Program Files\Windows Defender
2008-05-21 16:47:25 0 d-------- C:\Users\DRTO\AppData\Roaming\MSNInstaller
2008-05-20 22:56:37 0 d-------- C:\Users\DRTO\AppData\Roaming\Talkback
2008-05-20 22:55:41 0 --a------ C:\Windows\nsreg.dat
2008-05-20 16:55:37 0 d-------- C:\Users\DRTO\AppData\Roaming\CyberLink
2008-05-20 13:49:31 0 d-------- C:\Users\DRTO\AppData\Roaming\FrostWire
2008-05-20 02:29:57 0 d-------- C:\Program Files\Logitech
2008-05-20 02:18:38 0 d-------- C:\Users\DRTO\AppData\Roaming\NCH Swift Sound
2008-05-19 22:58:27 0 d-------- C:\Program Files\SmartFTP Client
2008-05-19 22:51:29 0 d-------- C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-05-19 02:42:27 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-18 13:26:30 0 d-------- C:\Program Files\Windows Live
2008-05-18 13:24:52 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-16 20:48:56 0 d-------- C:\Program Files\Common Files\Java
2008-05-16 18:53:40 0 d-------- C:\Program Files\Canon
2008-05-16 18:39:43 0 d-------- C:\Program Files\Common Files\Canon
2008-05-16 17:00:41 0 d-------- C:\Program Files\Microsoft.NET
2008-05-16 17:00:41 0 d-------- C:\Program Files\Microsoft Works
2008-05-16 13:11:55 0 d-------- C:\Users\DRTO\AppData\Roaming\WildTangent
2008-05-15 15:30:44 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-15 15:22:21 0 d-------- C:\Program Files\OpenOffice.org 2.4
2008-05-15 11:48:14 174 --ahs---- C:\Program Files\desktop.ini
2008-05-15 11:29:13 0 d-------- C:\Program Files\Windows Calendar
2008-05-15 11:29:09 0 d-------- C:\Program Files\Windows Sidebar
2008-05-15 11:29:08 0 d-------- C:\Program Files\Movie Maker
2008-05-15 11:29:01 0 d-------- C:\Program Files\Windows Collaboration
2008-05-15 11:29:00 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-15 09:50:00 152576 --a------ C:\Windows\system32\SPWizUI.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-14 16:32:16 0 d-------- C:\Program Files\Realtek
2008-05-14 15:28:12 0 d-------- C:\Users\DRTO\AppData\Roaming\WinBatch
2008-05-14 15:23:55 0 d-------- C:\Program Files\MSXML 4.0
2008-05-14 15:02:18 0 d-------- C:\Users\DRTO\AppData\Roaming\Snapfish
2008-05-14 14:59:56 0 d-------- C:\Users\DRTO\AppData\Roaming\Identities
2008-05-14 14:54:32 0 d-------- C:\Users\DRTO\AppData\Roaming\Macromedia
2008-05-14 14:49:30 0 d-------- C:\Users\DRTO\AppData\Roaming\Hewlett-Packard
2008-04-12 07:41:20 180224 --a------ C:\Windows\system32\xvidvfw.dll
2008-04-12 07:30:20 765952 --a------ C:\Windows\system32\xvidcore.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [07/03/2008 04:02 PM 2055960]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/18/2008 11:38 PM]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [09/28/2006 11:42 PM]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [02/15/2007 08:59 PM]
"RtHDVCpl"="RtHDVCpl.exe" [01/15/2008 11:26 AM C:\WINDOWS\RtHDVCpl.exe]
"@"="" []
"SnapfishMediaDetector"="C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe" [03/03/2007 07:55 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"PDUiP6220DMon"="C:\Program Files\Canon\Memory Card Utility\iP6220D\PDUiP6220DMon.exe" [10/03/2006 01:12 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/03/2008 04:02 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [07/04/2008 01:42 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/18/2008 11:33 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Users\DRTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/18/2008 10:34:33 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Media Detector\SnapfishMediaDetector.exe [3/3/2007 7:55:02 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll C:\Windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{62bab98c-32c1-11dd-be74-001921feae87}]
AutoRun\command- F:\q83iwmgf.bat
explore\Command- F:\q83iwmgf.bat
open\Command- F:\q83iwmgf.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{85dfdbbb-21fd-11dd-895c-001921feae87}]
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\copy.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-07-04 16:25:07 ------------


I hope nothing is wrong :[

Edited by Rahina, 04 July 2008 - 09:22 AM.


#4 tia08

tia08
  • Topic Starter

  • Members
  • 191 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 05 July 2008 - 01:06 PM

Hi.
Rahina can you close this.
Everything works fine.
Thanks for the help :]

#5 Rahina

Rahina

    Security Helper


  • Members
  • 681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:20 PM

Posted 05 July 2008 - 01:07 PM

I'm glad i was able to help.
[ Antivirus ] [ Firewall ] [ Spywareblaster ] [ Malwarebytes Anti-Malware ] [ Windows update ] [ Firefox ] [ WinPatrol ] [ ATF Cleaner ]

If i have helped you, donate to help me continue helping others. Posted Image
Posted Image Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users