Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HT Log. "no disk" "autochk.dll , protect.dll".. etc. etc..


  • This topic is locked This topic is locked
10 replies to this topic

#1 gameroman

gameroman

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 29 April 2009 - 10:23 PM

Hi. I try to keep my computer clean of malware with programs like Adaware, AVG, etc. and I rarely have problems with spyware, but I made *I think* a silly mistake 2 days ago.
I was trying to watch the NBA playoffs off of Justin.tv.. and I accidentally clicked the chat room window on the page exactly where a random link was posted. Immediately I knew I did something bad cause my firewall went down instantly and I had several pop-ups on my screen.

I tried running adaware, avg, and the problem got worse.
I had to go to work so I left the scans running. I came back and the computer had turn off by itself. I figured I would have to see what happened to it the next day. Yesterday I turned my computer on and it would instantly log off at start up. I had to get some vista recovery disks (my comp is XP) and follow some directions and a program (Saveme 1.25.2) to help me log in the computer.

After I eventually could use the computer in both safe mode and normal mode, I started running the programs again. I downloaded Malwarebytes and Spybot to see what they caught, and it seems they caught some stuff Adaware and AVG didn't catch.

I'm still getting some random pop ups like: windows- no disk exception processing message c0000013 Parameters 75b6bf9c 4 75b6bf9c 75b6bf9c, and some others that have RUNDLL.. with stuff like autochk.dll and protect.dll. Just little windows that I have to keep on cancelling just so the computer will somewhat work. I had to eventually uninstall Spybot just so it wouldn't conflict with Adaware. I also updated to the new Adaware AE.

I'm writing this message from the sick computer, and as I write this (in safe mode) every few seconds the computer freezes for a couple of seconds.

I ran Hijackthis and this is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:31:28 PM, on 4/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {f2d85688-aa4a-4bb0-a7e3-44f7bd807721} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\HP_ADM~1\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\klp05.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3899506454.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\klp05.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\lawariko.dll C:\WINDOWS\system32\memotoga.dll c:\windows\system32\butazaji.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 10026 bytes


Thanks in advance for your time. I came here for advice about 3 years ago and I completely forgot that I had an account. I don't remember what my problem was at that time, if it got fixed, or even if I replied and gave thanks. So again, thanks, and hopefully the problem won't be as much a challenge for you all as it has been for me haha.

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 30 April 2009 - 02:59 PM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 gameroman

gameroman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 30 April 2009 - 03:36 PM

Thanks a lot for replying fenzo. I will follow your instructions now. I just wanted to know if it makes a difference if i work in safe mode with networking or i do it in normal mode? I will do it in safe mode w/ net because it loads faster, even though I still get some intervals of freezing in this mode.

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 30 April 2009 - 03:42 PM

Very much prefer Normal Mode, but if really unavailable, Safe Mode will do..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 gameroman

gameroman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 30 April 2009 - 03:51 PM

Ok. I will do in normal mode. Because in safe mode I was having trouble disabling adaware and avira.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 30 April 2009 - 04:01 PM

Ok.. but I think I can only reply tomorrow.. I'm sleepy and need to go to sleep.. Cheers :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 gameroman

gameroman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 30 April 2009 - 04:23 PM

Nooo.. don't sleep, I can see the end is close. haha just kidding. My concern is that I disabled the other programs but because combofix reboot the computer, Avira and Adaware came back on at restart. Avira started popping some windows with alerts, and chose to ignore cause i didn't know what else to choose. Hopefully that didn't obstruct combofix's progress. I disabled the umbrella for avira like it says on the link you adviced, and also adwatch live, but for some reason they just came back on at restart. Oh well.

This is the combofix log.

ComboFix 09-04-30.02 - HP_Administrator 04/30/2009 16:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1512 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HP_Administrator\protect.dll
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\program files\INSTALL.LOG
c:\windows\system32\autochk.dll
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthvraoabuxchxtxppestiwuyuaxhxdcdiu.sys
c:\windows\system32\lmppcsetup.exe
c:\windows\system32\ovfsthcijqamykllpwqmgsdgtdclaphhqitesh.dll
c:\windows\system32\ovfsthdxtpnyudnwecqfkletiqgmkfceporuyt.dll
c:\windows\system32\ovfsthketvnquaxdrnmnriiybbirqivxeomcnq.dat
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthmyxixdubwlylfkmpgwkmyrfolillokee.dat
c:\windows\system32\ovfsthowolrvirvbgbliqxqkqflvvvsoenlxmp.dll
c:\windows\system32\winglsetup.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthlptqfwxvnnoixvspphentsenwbfgbsfs


((((((((((((((((((((((((( Files Created from 2009-03-28 to 2009-04-30 )))))))))))))))))))))))))))))))
.

2009-04-30 06:12 . 2009-03-24 21:08 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-30 06:12 . 2009-04-30 06:12 -------- d-----w c:\program files\Avira
2009-04-30 06:12 . 2009-04-30 06:12 -------- d-----w c:\documents and settings\All Users\Application Data\Avira
2009-04-30 01:59 . 2009-04-30 01:47 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-30 01:47 . 2009-04-30 01:47 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-30 01:45 . 2009-04-30 01:45 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-30 01:45 . 2009-04-30 01:45 -------- d-----w c:\program files\Lavasoft
2009-04-29 09:55 . 2009-04-30 01:58 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-29 09:55 . 2009-04-30 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-29 09:40 . 2009-04-29 09:40 552 ----a-w c:\windows\system32\d3d8caps.dat
2009-04-29 09:23 . 2009-04-29 09:23 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2009-04-29 09:23 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 09:23 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 09:23 . 2009-04-29 09:23 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 09:23 . 2009-04-29 09:23 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 08:45 . 2009-03-19 23:07 169984 ----a-w c:\windows\system32\dllcache\msconfig.exe
2009-04-29 08:45 . 2009-03-19 23:07 507904 ----a-w c:\windows\system32\dllcache\winlogon.exe
2009-04-29 08:45 . 2009-03-19 23:07 14336 ----a-w c:\windows\system32\dllcache\svchost.exe
2009-04-29 08:45 . 2009-03-19 23:07 1414656 ----a-w c:\windows\system32\dllcache\mmc.exe
2009-04-29 08:45 . 2009-03-19 23:07 13312 ----a-w c:\windows\system32\dllcache\lsass.exe
2009-04-29 08:45 . 2009-03-19 23:07 514560 ----a-w c:\windows\system32\dllcache\logonui.exe
2009-04-29 08:45 . 2009-03-19 23:07 389120 ----a-w c:\windows\system32\dllcache\cmd.exe
2009-04-29 08:45 . 2009-03-19 23:07 146432 ----a-w c:\windows\system32\dllcache\regedit.exe
2009-04-29 08:45 . 2009-03-19 23:07 1033728 ----a-w c:\windows\system32\dllcache\explorer.exe
2009-04-29 08:45 . 2009-03-19 23:07 33280 ----a-w c:\windows\system32\dllcache\rundll32.exe
2009-04-29 08:45 . 2009-03-19 23:07 26112 ----a-w c:\windows\system32\dllcache\userinit.exe
2009-04-29 08:45 . 2009-03-19 23:07 26112 ----a-w c:\windows\system32\userinit.exe
2009-04-28 22:14 . 2009-04-28 22:14 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-04-27 01:54 . 2009-04-27 01:54 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\Logitech
2009-04-27 01:52 . 2009-04-27 01:52 -------- d-----w c:\program files\Common Files\Logitech
2009-04-27 01:52 . 2009-04-27 01:52 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\InstallShield
2009-04-27 01:46 . 2009-04-27 01:46 -------- d-----w c:\documents and settings\All Users\Application Data\LogiShrd
2009-04-19 21:59 . 2009-04-19 21:59 -------- d-----w c:\documents and settings\HP_Administrator\Application Data\IObit
2009-04-19 21:59 . 2009-04-19 21:59 -------- d-----w c:\program files\IObit
2009-04-16 19:13 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 19:13 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 19:13 . 2009-03-19 23:07 108544 ----a-w c:\windows\system32\dllcache\services.exe
2009-04-16 19:13 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 19:13 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 19:13 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 19:13 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 19:13 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 19:13 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 19:12 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 19:12 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 01:37 . 2007-05-14 22:23 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 02:43 . 2006-11-24 22:28 26324 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2009-04-27 01:54 . 2009-04-27 01:54 -------- d-----w c:\program files\Common Files\LogiShared
2009-04-27 01:54 . 2009-04-27 01:54 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-27 01:54 . 2009-04-27 01:52 -------- d-----w c:\program files\Logitech
2009-04-27 01:54 . 2006-05-09 22:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-23 20:21 . 2007-10-15 22:27 -------- d-----w c:\program files\World of Warcraft
2009-04-03 06:32 . 2009-02-26 05:31 -------- d-----w c:\program files\World of Warcraft Public Test
2009-03-31 21:17 . 2006-05-09 21:53 -------- d-----w c:\program files\Java
2009-03-30 20:33 . 2006-05-09 22:22 63704 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-30 04:53 . 2009-03-30 04:53 -------- d-----w c:\program files\JRE
2009-03-30 04:53 . 2009-03-30 04:53 -------- d-----w c:\program files\OpenOffice.org 3
2009-03-30 04:53 . 2008-03-20 04:30 -------- d-----w c:\program files\OpenOffice.org 2.1
2009-03-27 08:07 . 2009-03-27 08:07 -------- d-----w c:\program files\LimeWire
2009-03-27 08:07 . 2007-09-06 07:34 -------- d-----w c:\program files\BitComet
2009-03-19 23:07 . 2004-08-10 04:00 1033728 ----a-w c:\windows\explorer.exe
2009-03-19 23:07 . 2004-08-10 04:00 15360 ----a-w c:\windows\system32\logoff.exe
2009-03-19 23:07 . 2004-08-10 04:00 14336 ----a-w c:\windows\system32\svchost.exe
2009-03-19 23:07 . 2004-08-10 04:00 1414656 ----a-w c:\windows\system32\mmc.exe
2009-03-19 23:07 . 2004-08-10 04:00 169984 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe
2009-03-19 23:07 . 2004-08-10 04:00 33280 ----a-w c:\windows\system32\rundll32.exe
2009-03-19 23:07 . 2004-08-10 04:00 389120 ----a-w c:\windows\system32\cmd.exe
2009-03-19 23:07 . 2004-08-10 04:00 514560 ----a-w c:\windows\system32\logonui.exe
2009-03-19 23:07 . 2004-08-10 04:00 507904 ----a-w c:\windows\system32\winlogon.exe
2009-03-19 23:07 . 2004-08-10 11:00 146432 ----a-w c:\windows\regedit.exe
2009-03-19 23:07 . 2004-08-10 04:00 13312 ----a-w c:\windows\system32\lsass.exe
2009-03-19 23:07 . 2004-08-10 04:00 108544 ----a-w c:\windows\system32\services.exe
2009-03-18 04:38 . 2009-03-18 04:17 -------- d-----w c:\program files\Mass Effect
2009-03-18 04:37 . 2009-03-18 04:37 -------- d-----w c:\program files\Common Files\BioWare
2009-03-18 03:41 . 2009-03-18 03:41 444952 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-18 03:41 . 2009-03-18 03:41 -------- d-----w c:\program files\OpenAL
2009-03-18 03:41 . 2009-03-18 03:41 109080 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-17 00:18 . 2009-03-17 00:18 0 ----a-w c:\windows\ativpsrm.bin
2009-03-17 00:16 . 2009-03-16 23:33 -------- d-----w c:\program files\ATI Technologies
2009-03-16 23:34 . 2009-03-16 23:34 -------- d-----w c:\program files\Common Files\ATI Technologies
2009-03-09 10:19 . 2008-12-01 20:41 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-10 04:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-10 04:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 12:10 . 2004-08-10 04:00 729088 ------w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 04:00 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 04:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-10 04:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 21:09 . 2009-02-06 21:10 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-02-06 11:06 . 2004-08-10 11:00 2145280 ------w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 04:00 35328 ------w c:\windows\system32\sc.exe
2009-02-06 10:32 . 2004-08-10 11:00 2023936 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2004-08-10 04:00 56832 ----a-w c:\windows\system32\secur32.dll
2004-07-22 15:51 . 2004-07-22 15:51 3432656 ----a-w c:\program files\ManagedDX.CAB
2004-07-20 03:58 . 2004-07-20 03:58 1156363 ----a-w c:\program files\BDANT.cab
2004-07-20 03:53 . 2004-07-20 03:53 976020 ----a-w c:\program files\BDAXP.cab
2004-07-09 19:17 . 2004-07-09 19:17 13265040 ----a-w c:\program files\dxnt.cab
2004-07-09 14:13 . 2004-07-09 14:13 15493481 ----a-w c:\program files\DirectX.cab
2004-07-09 14:13 . 2004-07-09 14:13 703080 ----a-w c:\program files\BDA.cab
2004-07-09 09:08 . 2004-07-09 09:08 472576 ----a-w c:\program files\dxsetup.exe
2004-07-09 09:08 . 2004-07-09 09:08 2242560 ----a-w c:\program files\dsetup32.dll
2004-07-09 08:03 . 2004-07-09 08:03 62976 ----a-w c:\program files\DSETUP.dll
2006-11-10 10:51 . 2006-11-10 10:51 22 --sha-w c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-01-19 3134976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-13 139264]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-03 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-26 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-26 692224]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-29 21:41 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.1.8874-PTR-US-Installer-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.1.0-enUS-downloader.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19308:TCP"= 19308:TCP:BitComet 19308 TCP
"19308:UDP"= 19308:UDP:BitComet 19308 UDP
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"27296:TCP"= 27296:TCP:BitComet 27296 TCP
"27296:UDP"= 27296:UDP:BitComet 27296 UDP

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-30 953168]
R3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\Drivers\ICDUSB2.sys [2002-11-29 39048]
R3 npkycryp;npkycryp; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-30 64160]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-01-29 325128]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-29 107272]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-29 903960]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-29 298264]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-07-03 89600]
S3 kbdcap;kbdcap; [x]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c87e4c6-4628-11dd-9cc6-001731a0622e}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ec4e8ac-9f7f-11db-9a63-001731a0622e}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64dd6113-6470-11db-99fb-001731a0622e}]
\Shell\AutoRun\command - J:\mri.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 01:46]
.
- - - - ORPHANS REMOVED - - - -

BHO-{f2d85688-aa4a-4bb0-a7e3-44f7bd807721} - (no file)
HKU-Default-Run-Windows Resurections - c:\windows\TEMP\klp05.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\3899506454.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.18\AMVConverter\grab.html
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\w7nkuu3h.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 16:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-226212267-616507232-3370894674-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:20,68,c8,87,a3,98,fd,02,dd,59,8a,1a,11,cc,ab,03,e3,c6,18,cb,58,97,e9,
14,90,da,4e,7b,2f,09,46,c9,f7,23,3a,6a,2e,51,45,96,c8,02,6c,8b,f5,c0,34,27,\
"??"=hex:db,04,0e,52,89,49,8c,2b,47,79,02,ff,71,4f,c8,12

[HKEY_USERS\S-1-5-21-226212267-616507232-3370894674-1008\Software\SecuROM\License information*]
"datasecu"=hex:32,56,d7,a5,7e,c9,e3,cb,d1,47,da,ac,b7,89,68,55,8a,79,b7,64,c9,
91,4c,2a,99,1b,4a,21,fe,9c,11,ce,7e,82,94,aa,61,e1,f0,32,b2,eb,fc,d7,a0,f7,\
"rkeysecu"=hex:62,d6,83,d0,98,22,13,06,87,e5,59,c3,e7,47,f0,05
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1928)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-04-30 16:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-30 21:12

Pre-Run: 207,783,165,952 bytes free
Post-Run: 207,837,593,600 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=2 Sets=,1,2,3,4
334 --- E O F --- 2009-04-17 09:32


-----------------------------------------------------------

And this is the Hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:24 PM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modul...ces/ax/stub.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 8841 bytes

--------------------------------

Thanks.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 30 April 2009 - 10:40 PM

Please copy and paste the following into a Notepad

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64dd6113-6470-11db-99fb-001731a0622e}]

Save it in desktop as Fix.reg and in Save as type: choose All Files

A new registry file will then created on your desktop. It should look like this: Posted Image

Just double-click the file and choose Yes at prompt.





Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post me these logs in your next reply..
1. Malwarebytes'
2. ESET Online Scanner
3. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 gameroman

gameroman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 01 May 2009 - 03:24 AM

My computer seems much better now. :thumbup2:

This is the MWB log:

Malwarebytes' Anti-Malware 1.36
Database version: 2062
Windows 5.1.2600 Service Pack 3

5/1/2009 1:08:00 AM
mbam-log-2009-05-01 (01-08-00).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 200902
Time elapsed: 29 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\protect.dll.vir (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\protect.dll.vir (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\autochk.dll.vir (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthcijqamykllpwqmgsdgtdclaphhqitesh.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthowolrvirvbgbliqxqkqflvvvsoenlxmp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthvraoabuxchxtxppestiwuyuaxhxdcdiu.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0105511.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0105513.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0105514.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0105531.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0105532.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0105537.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP168\A0105539.dll (Worm.Autorun) -> Quarantined and deleted successfully.


ESET log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4047 (20090430)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=f8d3876f7ab11542bc3380a5ed0c3b3f
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-05-01 08:01:01
# local_time=2009-05-01 03:01:01 (-0600, Central Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=803203
# found=1
# scan_time=6352
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthdxtpnyudnwecqfkletiqgmkfceporuyt.dll.vir Win32/Olmarik.HJ trojan (unable to clean - deleted) 00000000000000000000000000000000


----------------------------------------

Hopefully that does it. I still got Adaware, AVG, MWBs, Avira, CCleaner, Advanced Systemcare, Spybot (uninstalled), Combofix, Hijackthis, ..... :) should i keep all of em or what? Do i need i firewall or something else? hehe...

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 01 May 2009 - 04:01 AM

First, lets do this...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


You have AVG8 and Malwarebytes'.. Keep both of them and uninstall the rest.. Too much programs = resource hog = bad..

If you want a firewall, while most security personnel says Comodo is the best (no argue here), but for the sake of simplicity, I personally recommend PC Tools Firewall Plus..


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 gameroman

gameroman
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 01 May 2009 - 04:40 AM

Thanks a lot for your time and help, Wan. Computer= :thumbup2: Take care and God bless.

Edited by gameroman, 01 May 2009 - 04:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users